Bug #7957

closed

rb_str_modify() does not prevent shared string from rb_str_set_len()

Added by normalperson (Eric Wong) about 11 years ago. Updated about 11 years ago.

Status:

Third Party's Issue

Assignee:

nobu (Nobuyoshi Nakada)

Target version:

2.1.0

ruby -v:

ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]

Backport:

[ruby-core:52876]

Description

unicorn HTTP chunk parser may raise "can't set length of shared string (RuntimeError)" in rb_str_set_len().
However, it does call rb_str_modify() before calling rb_str_set_len().

To reproduce:
git clone git://bogomips.org/unicorn
cd unicorn
gem install isolate # needed for unicorn dependencies
git reset --hard v4.6.1
make http # build HTTP parser (needs ragel installed: apt-get install ragel)
ruby -I lib str_modify.rb # failure, raises

apply unicorn_http.patch¶

patch -p1 < unicorn_http.patch
make http # rebuild parser
ruby -I lib str_modify.rb # success (no output)

In my proposed patch, I call rb_str_resize() instead of rb_str_set_len() and that seems to
work around the issue. I even call rb_str_modify() an extra time before rb_str_set_len(),
but rb_str_set_len() still raises...

Files

Download all files

str_modify.rb (408 Bytes) str_modify.rb	script to reproduce the issue (requires unicorn)	normalperson (Eric Wong), 02/25/2013 09:54 PM
unicorn_http.patch (931 Bytes) unicorn_http.patch	proposed patch to unicorn	normalperson (Eric Wong), 02/25/2013 09:54 PM

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #7957

rb_str_modify() does not prevent shared string from rb_str_set_len()

apply unicorn_http.patch¶

Updated by ko1 (Koichi Sasada) about 11 years ago

Updated by normalperson (Eric Wong) about 11 years ago

Updated by normalperson (Eric Wong) about 11 years ago

Updated by usa (Usaku NAKAMURA) about 11 years ago

Updated by normalperson (Eric Wong) about 11 years ago