Avoid calling methods on user objects from segfault handler
When the segfault handler is listing loaded features, it iterates through $LOADED_FEATURES and calls StringValueCStr() on each item. This in turn calls #to_str on the object.
If a #to_str method is defined on a non-T_STRING, it is possible to have code run during the segfault handler. If an exception is raised or a tag is thrown, it is possible to escape the segfault handler and recover from a segmentation fault.
I've attached a patch that checks if an item in $LOADED_FEATURES is a T_STRING, and calls rb_any_to_s() if not. This will avoid calling any methods which could potentially call back into Ruby-land.
Updated by nobu (Nobuyoshi Nakada) about 7 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r38041.
Charlie, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
vm_dump.c: no methods in segv handler
- vm_dump.c (rb_vm_bugreport): get rid of calling methods in sigsegv handler. based on a patch by charliesome (Charlie Somerville) [ruby-core:49573] [Bug #7402]