Bug #7957

rb_str_modify() does not prevent shared string from rb_str_set_len()

Added by Eric Wong over 2 years ago. Updated over 2 years ago.

Status:Third Party's Issue
Assignee:Nobuyoshi Nakada
ruby -v:ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux] Backport:


unicorn HTTP chunk parser may raise "can't set length of shared string (RuntimeError)" in rb_str_set_len().
However, it does call rb_str_modify() before calling rb_str_set_len().

To reproduce:
git clone git://bogomips.org/unicorn
cd unicorn
gem install isolate # needed for unicorn dependencies
git reset --hard v4.6.1
make http # build HTTP parser (needs ragel installed: apt-get install ragel)
ruby -I lib str_modify.rb # failure, raises

apply unicorn_http.patch

patch -p1 < unicorn_http.patch
make http # rebuild parser
ruby -I lib str_modify.rb # success (no output)

In my proposed patch, I call rb_str_resize() instead of rb_str_set_len() and that seems to
work around the issue. I even call rb_str_modify() an extra time before rb_str_set_len(),
but rb_str_set_len() still raises...

str_modify.rb Magnifier - script to reproduce the issue (requires unicorn) (408 Bytes) Eric Wong, 02/25/2013 09:54 PM

unicorn_http.patch Magnifier - proposed patch to unicorn (931 Bytes) Eric Wong, 02/25/2013 09:54 PM


#1 Updated by Koichi Sasada over 2 years ago

  • Category set to core
  • Assignee set to Nobuyoshi Nakada
  • Priority changed from Normal to 5
  • Target version set to 2.1.0

#2 Updated by Eric Wong over 2 years ago

I will try to make a standalone test case which does not depend on
the Ragel parser.

#3 Updated by Eric Wong over 2 years ago

sorry for the noise. It turns out unicorn has a build system bug.

#4 Updated by Usaku NAKAMURA over 2 years ago

  • Status changed from Open to Third Party's Issue

#5 Updated by Eric Wong over 2 years ago

This is definitely not a ruby bug, fixed in unicorn v4.6.2
(commit f7ee06592d7709e96f64efb5e7a9485b54415c9d)

Also available in: Atom PDF