Project

General

Profile

Actions

Bug #8654

closed

SEGV in Array#count

Added by Glass_saga (Masaki Matsushita) over 10 years ago. Updated over 10 years ago.

Status:
Closed
Target version:
ruby -v:
ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
[ruby-core:56072]

Description

Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
p i
a2.replace(a1) if i == 0
end


Files

Updated by Eregon (Benoit Daloze) over 10 years ago

What do you think of this patch?

I am not sure assert_in_out_err is good for segfaults checks,
but I could not reproduce so reliably when removing the "p i".

Updated by Glass_saga (Masaki Matsushita) over 10 years ago

What do you think of this patch?

I already fixed it on r42040, but this ticket hasn't been closed because I have commited it with wrong commit message.
It's my fault.

However, I will add your test code.
Thank you for your patch,

Updated by mrkn (Kenta Murata) over 10 years ago

  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED

I confirmed it is reproducible on the both head revisions of ruby_1_9_3 and ruby_2_0_0.

Updated by Eregon (Benoit Daloze) over 10 years ago

Glass_saga (Masaki Matsushita) wrote:

What do you think of this patch?

I already fixed it on r42040, but this ticket hasn't been closed because I have commited it with wrong commit message.
It's my fault.

However, I will add your test code.
Thank you for your patch,

Ah, I should have looked the newest commits.

It might be worth adding the second change to avoid the pointer loop (seems about the only one in array.c), RARRAY_PTR() is kind of deprecated with the new GC for these cases in core.
I will commit it as I can rebase easily if it is OK.

Actions #5

Updated by Eregon (Benoit Daloze) over 10 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r42041.
Masaki, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • array.c (rb_ary_count): check length to avoid SEGV
    while iterating. Remove other pointer loop when arg is given.
  • test/ruby/test_array.rb (test_count): add test for bug.
    [ruby-core:56072] [Bug #8654]

Updated by Eregon (Benoit Daloze) over 10 years ago

  • Status changed from Closed to Open

Reopening for backport.
(The fix will need to be a bit different as there is no RARRAY_AREF() in older versions).

Actions #7

Updated by Eregon (Benoit Daloze) over 10 years ago

  • Status changed from Open to Closed

This issue was solved with changeset r42047.
Masaki, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • test/ruby/test_array.rb (test_count): add a test case for #count
    with an argument. See Bug #8654.

Updated by nagachika (Tomoyuki Chikanaga) over 10 years ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED to 1.9.3: REQUIRED, 2.0.0: DONE

backported r42040, r42041 and r42047 to ruby_2_0_0 at r43228.

Updated by nagachika (Tomoyuki Chikanaga) over 10 years ago

... and backport r42068, r42069 to suppress warning and fix failure on CI (run with -w option).

Updated by usa (Usaku NAKAMURA) over 10 years ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: DONE to 1.9.3: DONE, 2.0.0: DONE

Backported to ruby_1_9_3 at r43491.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0