Project

General

Profile

Actions

Bug #7597

closed

$0を変更するとbug_reportでsegvする

Added by tarui (Masaya Tarui) over 11 years ago. Updated over 11 years ago.

Status:
Closed
Target version:
ruby -v:
ruby 2.0.0dev (2012-12-21 trunk 38514) [x86_64-linux]
Backport:
[ruby-dev:46786]

Description

rb_vm_bugreport(void)の中で backtrace_symbols(trace, n)が ruby本体の代わりに$0で変更した名前を引っ張って来ています。
それがrb_dump_backtrace_with_lines(n, trace, syms);の中でelf形式の実行ファイルだと思い込んで処理をしてしまっており、
正しく処理されずに誤ったヘッダー情報を元にポインタ操作を行いsegv等します。

minitest中にsegvしたりrb_bugしたりすると、思いっきりこれをふむ事になります。
例えば[Bug #7590]。

抜本的な対策はまだよくわからないのですが、一時的に、
rb_dump_backtrace_with_linesを使わないようにしておくべきかなと思います。

$ cat t.rb
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" #dummy header:-)
$0=FILE
require 'dl'
p DL::CPtr.new(4)[0]

$ ruby t.rb
DL is deprecated, please use Fiddle
t.rb:4: [BUG] Segmentation fault
ruby 2.0.0dev (2012-12-21 trunk 38514) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0003 p:---- s:0009 e:000008 CFUNC :[]
c:0002 p:0033 s:0005 e:001578 EVAL t.rb:4 [FINISH]
c:0001 p:0000 s:0002 e:000c08 TOP [FINISH]

t.rb:4:in <main>' t.rb:4:in []'

-- C level backtrace information -------------------------------------------
Segmentation fault (core dumped)
$

Updated by tarui (Masaya Tarui) over 11 years ago

$ cat ruby
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
require 'dl'
p DL::CPtr.new(4)[0]

$ ruby ruby
としただけで同様でした。

どなたか rb_dump_backtrace_with_lines を直せますか?

Updated by ko1 (Koichi Sasada) over 11 years ago

  • Assignee set to tarui (Masaya Tarui)
Actions #3

Updated by tarui (Masaya Tarui) over 11 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r38533.
Masaya, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • vm_dump.c (rb_vm_bugreport): commentout addr2line call temporarily
    in order to avoid segv. anyone can fix addr2line?
    [Bug #7597] [ruby-dev:46786]

Updated by tarui (Masaya Tarui) over 11 years ago

  • Status changed from Closed to Feedback
  • Priority changed from Normal to 3

担当者を振られたのでとりあえず、
rb_dump_backtrace_with_lines
を呼び出す部分をコメントアウトしておきました。

patch welcomeです。

Actions #5

Updated by kosaki (Motohiro KOSAKI) over 11 years ago

  • Status changed from Feedback to Closed

This issue was solved with changeset r38543.
Masaya, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • vm_dump.c (rb_vm_bugreport): revert r38533.
  • addr2line.c (fill_lines): add ELF sanity check.
    [Bug #7597] [ruby-dev:46786]

Updated by kosaki (Motohiro KOSAKI) over 11 years ago

なんか、Linux固有バグらしいのでたまにはメンテナの真似事らしきことをしてみました

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0