Bug #9823
closed
Segmentation fault using DL
Description
I receive a segmentation fault when calling OpenProcessToken from DL, demonstrated by running the attached 'runner.rb' file with the additional files in the same directory. This is a simplified representation, but perhaps not minimal, though with good reason. Doing any one of the following prevents a segmentation fault:
Copying line 3 from runner.rb to the bottom of mwe.rb and running mwe.rb directly.
Commenting out line 5 of mwe.rb or commenting out some large subset of errors.rb (e.g. commenting out lines 37 through 99 result in no segfault).
Commenting out line 3 of runner.rb, in effect only requiring the other files and exiting.
Commenting out a combination of the following from within Pageant::Win results in no segfault:
- Calls to extern
- Calls to struct
- Constants
- Class methods
In the last case it is not necessary to comment out all of the items of a particular category. For instance, a segfault is avoided if I comment out TOKEN_USER and SECURITY_ATTRIBUTES. I may also prevent a segfault by commenting out TOKEN_USER and the extern statement associated with IsValidSecurityDescriptor.
I have also tried this in the latest (ruby 2.1.2p95 (2014-05-08 revision 45867) [i386-mingw32]) with similar results. I've attached the error output for each of 1.9.3 and 2.1.2.
Files
Updated by luislavena (Luis Lavena) almost 10 years ago
- Status changed from Open to Feedback
Hello,
There is a require to mwe that is not defined. Please include all the code or provide a gist with multiple files that describe the problem.
Updated by luislavena (Luis Lavena) almost 10 years ago
- Category changed from lib to ext
Updated by chrahunt (Christopher Hunt) almost 10 years ago
Sorry, please find the gist here with the required files: https://gist.github.com/chrahunt/89bd596fdb8485556c64.
Updated by chrahunt (Christopher Hunt) almost 10 years ago
Additionally, you may find the errors for 1.9.3 and 2.1.2 here: https://gist.github.com/chrahunt/5af5639f6410ee87919c.
Updated by phasis68 (Heesob Park) almost 10 years ago
This bug is not due to ruby but to your code.
You used the inappropriate method ref on a variable of DL::CPtr type in the open_process_token method.
The method open_process_token
def self.open_process_token
token_handle = DL::CPtr.malloc(DL::SIZEOF_VOIDP, DL::RUBY_FREE)
OpenProcessToken(Win.GetCurrentProcess, 0x8, token_handle.ref)
end
Should be
def self.open_process_token
ptoken_handle = DL::CPtr.malloc(DL::SIZEOF_VOIDP, DL::RUBY_FREE)
OpenProcessToken(Win.GetCurrentProcess, 0x8, ptoken_handle)
token_handle = ptoken_handle.ptr.to_i
end
Updated by chrahunt (Christopher Hunt) almost 10 years ago
Thanks for your help and clear explanation. Do you know why the segmentation fault was prevented by the various conditions stated above?
Updated by phasis68 (Heesob Park) almost 10 years ago
According to the document http://ruby-doc.org/stdlib-1.9.3/libdoc/dl/rdoc/DL/CPtr.html#method-c-malloc ,
DL::CPtr.malloc(size, freefunc = nil) => dl cptr instance
Allocate size bytes of memory and associate it with an optional freefunc that will be called when the pointer is garbage collected. freefunc must be an address pointing to a function or an instance of DL::CFunc.
The garbage collecting time is affected by the various conditions of code composition.
Updated by chrahunt (Christopher Hunt) almost 10 years ago
That makes sense. After implementing what you've shown me above, I no longer encounter a segmentation fault in the example, nor in the code it was extracted from. Thank you very much for your help!
Updated by tenderlovemaking (Aaron Patterson) over 9 years ago
- Status changed from Feedback to Closed