Bug #8978
closedFiddle possibly misuses mprotect
Description
Hello Aaron,
Coverity Scan found a possible bug in "initialize" function of ext/fiddle/closure.c:
result = ffi_prep_closure(pcl, cif, callback, (void *)self);
...
i = mprotect(pcl, sizeof(pcl), PROT_READ | PROT_EXEC)
I don't understand the code completely, but the size of the pointer does not seem to make sense.
Perhaps, "sizeof(pcl)" should be "sizeof(*pcl)".
The same applies to dealloc:
munmap(cls->pc1, sizeof(cls->pc1));
BTW, ffi_prep_closure seems deprecated.
We should use ffi_prep_closure_loc instead when it is available.
--
Yusuke Endoh mame@tsg.ne.jp
Updated by Anonymous almost 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Applied in changeset r44731.
- ext/fiddle/closure.c: use sizeof(*pcl) for correct sizeof value.
[ruby-core:57599] [Bug #8978]. Thanks mame!
Updated by tenderlovemaking (Aaron Patterson) almost 11 years ago
I took the mprotect example from the ffi man pages. Seems there must be a bug in the example code. Anyway, I've fixed it.
Also, we should be using ffi_prep_closure_loc
if it is available:
Updated by nagachika (Tomoyuki Chikanaga) almost 11 years ago
- Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED
Updated by mame (Yusuke Endoh) almost 11 years ago
Updated by usa (Usaku NAKAMURA) almost 11 years ago
- Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: REQUIRED, 2.1: REQUIRED
backported into ruby_1_9_3 at r44941.
Updated by nagachika (Tomoyuki Chikanaga) almost 11 years ago
- Backport changed from 1.9.3: DONE, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED
r44731 and r44751 were backported to ruby_2_0_0 at r45008.
Updated by naruse (Yui NARUSE) almost 11 years ago
- Backport changed from 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: DONE
r45122