Bug #7597

$0を変更するとbug_reportでsegvする

Added by Masaya Tarui over 2 years ago. Updated over 2 years ago.

[ruby-dev:46786]
Status:Closed
Priority:Normal
Assignee:Masaya Tarui
ruby -v:ruby 2.0.0dev (2012-12-21 trunk 38514) [x86_64-linux] Backport:

Description

rb_vm_bugreport(void)の中で backtrace_symbols(trace, n)が ruby本体の代わりに$0で変更した名前を引っ張って来ています。
それがrb_dump_backtrace_with_lines(n, trace, syms);の中でelf形式の実行ファイルだと思い込んで処理をしてしまっており、
正しく処理されずに誤ったヘッダー情報を元にポインタ操作を行いsegv等します。

minitest中にsegvしたりrb_bugしたりすると、思いっきりこれをふむ事になります。
例えば[Bug #7590]。

抜本的な対策はまだよくわからないのですが、一時的に、
rb_dump_backtrace_with_linesを使わないようにしておくべきかなと思います。

$ cat t.rb
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" #dummy header:-)
$0=FILE
require 'dl'
p DL::CPtr.new(4)[0]

$ ruby t.rb
DL is deprecated, please use Fiddle
t.rb:4: [BUG] Segmentation fault
ruby 2.0.0dev (2012-12-21 trunk 38514) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0003 p:---- s:0009 e:000008 CFUNC :[]
c:0002 p:0033 s:0005 e:001578 EVAL t.rb:4 [FINISH]
c:0001 p:0000 s:0002 e:000c08 TOP [FINISH]

t.rb:4:in <main>'
t.rb:4:in
[]'

-- C level backtrace information -------------------------------------------
Segmentation fault (core dumped)
$

Associated revisions

Revision 38533
Added by Masaya Tarui over 2 years ago

  • vm_dump.c (rb_vm_bugreport): commentout addr2line call temporarily in order to avoid segv. anyone can fix addr2line? [Bug #7597]

Revision 38533
Added by Masaya Tarui over 2 years ago

  • vm_dump.c (rb_vm_bugreport): commentout addr2line call temporarily in order to avoid segv. anyone can fix addr2line? [Bug #7597]

Revision 38543
Added by Motohiro KOSAKI over 2 years ago

  • vm_dump.c (rb_vm_bugreport): revert r38533.
  • addr2line.c (fill_lines): add ELF sanity check. [Bug #7597]

Revision 38543
Added by Motohiro KOSAKI over 2 years ago

  • vm_dump.c (rb_vm_bugreport): revert r38533.
  • addr2line.c (fill_lines): add ELF sanity check. [Bug #7597]

Revision 38593
Added by Yui NARUSE over 2 years ago

Add test for r38543 [Bug #7597]

Revision 38593
Added by Yui NARUSE over 2 years ago

Add test for r38543 [Bug #7597]

History

#1 Updated by Masaya Tarui over 2 years ago

$ cat ruby
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
require 'dl'
p DL::CPtr.new(4)[0]

$ ruby ruby
としただけで同様でした。

どなたか rb_dump_backtrace_with_lines を直せますか?

#2 Updated by Koichi Sasada over 2 years ago

  • Assignee set to Masaya Tarui

#3 Updated by Masaya Tarui over 2 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r38533.
Masaya, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • vm_dump.c (rb_vm_bugreport): commentout addr2line call temporarily in order to avoid segv. anyone can fix addr2line? [Bug #7597]

#4 Updated by Masaya Tarui over 2 years ago

  • Status changed from Closed to Feedback
  • Priority changed from Normal to 3

担当者を振られたのでとりあえず、
rb_dump_backtrace_with_lines
を呼び出す部分をコメントアウトしておきました。

patch welcomeです。

#5 Updated by Motohiro KOSAKI over 2 years ago

  • Status changed from Feedback to Closed

This issue was solved with changeset r38543.
Masaya, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • vm_dump.c (rb_vm_bugreport): revert r38533.
  • addr2line.c (fill_lines): add ELF sanity check. [Bug #7597]

#6 Updated by Motohiro KOSAKI over 2 years ago

なんか、Linux固有バグらしいのでたまにはメンテナの真似事らしきことをしてみました

Also available in: Atom PDF