Bug #8978
closedFiddle possibly misuses mprotect
Description
Hello Aaron,
Coverity Scan found a possible bug in "initialize" function of ext/fiddle/closure.c:
result = ffi_prep_closure(pcl, cif, callback, (void *)self);
...
i = mprotect(pcl, sizeof(pcl), PROT_READ | PROT_EXEC)
I don't understand the code completely, but the size of the pointer does not seem to make sense.
Perhaps, "sizeof(pcl)" should be "sizeof(*pcl)".
The same applies to dealloc:
munmap(cls->pc1, sizeof(cls->pc1));
BTW, ffi_prep_closure seems deprecated.
We should use ffi_prep_closure_loc instead when it is available.
--
Yusuke Endoh mame@tsg.ne.jp
        
           Updated by Anonymous over 11 years ago
          Updated by Anonymous over 11 years ago
          
          
        
        
      
      - Status changed from Assigned to Closed
- % Done changed from 0 to 100
Applied in changeset r44731.
- ext/fiddle/closure.c: use sizeof(*pcl) for correct sizeof value.
 [ruby-core:57599] [Bug #8978]. Thanks mame!
        
           Updated by tenderlovemaking (Aaron Patterson) over 11 years ago
          Updated by tenderlovemaking (Aaron Patterson) over 11 years ago
          
          
        
        
      
      I took the mprotect example from the ffi man pages. Seems there must be a bug in the example code. Anyway, I've fixed it.
Also, we should be using ffi_prep_closure_loc if it is available:
        
           Updated by nagachika (Tomoyuki Chikanaga) over 11 years ago
          Updated by nagachika (Tomoyuki Chikanaga) over 11 years ago
          
          
        
        
      
      - Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED
        
           Updated by mame (Yusuke Endoh) over 11 years ago
          Updated by mame (Yusuke Endoh) over 11 years ago
          
          
        
        
      
      
        
           Updated by usa (Usaku NAKAMURA) over 11 years ago
          Updated by usa (Usaku NAKAMURA) over 11 years ago
          
          
        
        
      
      - Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: REQUIRED, 2.1: REQUIRED
backported into ruby_1_9_3 at r44941.
        
           Updated by nagachika (Tomoyuki Chikanaga) over 11 years ago
          Updated by nagachika (Tomoyuki Chikanaga) over 11 years ago
          
          
        
        
      
      - Backport changed from 1.9.3: DONE, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED
r44731 and r44751 were backported to ruby_2_0_0 at r45008.
        
           Updated by naruse (Yui NARUSE) over 11 years ago
          Updated by naruse (Yui NARUSE) over 11 years ago
          
          
        
        
      
      - Backport changed from 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: DONE
r45122