Project

General

Profile

Actions

Bug #8978

closed

Fiddle possibly misuses mprotect

Added by mame (Yusuke Endoh) about 11 years ago. Updated almost 11 years ago.

Status:
Closed
Target version:
ruby -v:
ruby 2.1.0dev (2013-10-02 trunk 43121) [x86_64-linux]
[ruby-core:57599]

Description

Hello Aaron,

Coverity Scan found a possible bug in "initialize" function of ext/fiddle/closure.c:

result = ffi_prep_closure(pcl, cif, callback, (void *)self);
...
i = mprotect(pcl, sizeof(pcl), PROT_READ | PROT_EXEC)

I don't understand the code completely, but the size of the pointer does not seem to make sense.
Perhaps, "sizeof(pcl)" should be "sizeof(*pcl)".

The same applies to dealloc:

munmap(cls->pc1, sizeof(cls->pc1));

BTW, ffi_prep_closure seems deprecated.
We should use ffi_prep_closure_loc instead when it is available.

--
Yusuke Endoh

Actions #1

Updated by Anonymous almost 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Applied in changeset r44731.


  • ext/fiddle/closure.c: use sizeof(*pcl) for correct sizeof value.
    [ruby-core:57599] [Bug #8978]. Thanks mame!

Updated by tenderlovemaking (Aaron Patterson) almost 11 years ago

I took the mprotect example from the ffi man pages. Seems there must be a bug in the example code. Anyway, I've fixed it.

Also, we should be using ffi_prep_closure_loc if it is available:

https://github.com/ruby/ruby/blob/92a7f323678d6070383364f2129a5202b217c5da/ext/fiddle/closure.c#L231-234

Updated by nagachika (Tomoyuki Chikanaga) almost 11 years ago

  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED

Updated by mame (Yusuke Endoh) almost 11 years ago

Thank you!

Nagachika, I think r44751 is also needed to backport.

--
Yusuke Endoh

Updated by usa (Usaku NAKAMURA) almost 11 years ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: REQUIRED, 2.1: REQUIRED

backported into ruby_1_9_3 at r44941.

Updated by nagachika (Tomoyuki Chikanaga) almost 11 years ago

  • Backport changed from 1.9.3: DONE, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED

r44731 and r44751 were backported to ruby_2_0_0 at r45008.

Updated by naruse (Yui NARUSE) almost 11 years ago

  • Backport changed from 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: DONE

r45122

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0