Project

General

Profile

« Previous | Next » 

Revision 1d4129d9

Added by shyouhei (Shyouhei Urabe) about 6 years ago

fix SEGV inspecting already freed objects

obj_info() assumes the given object is alive. Passing freed
objects to it results in SEGV.

(lldb) run
Process 29718 launched: './miniruby' (x86_64)
Process 29718 stopped

  • thread #1: tid = 0x3082c5, 0x00000001000bfaab minirubypathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab minirubypathobj_path(pathobj=4478683640) + 70 at vm_core.h:269
    266 }
    267 else {
    268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY));
    -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH);
    270 }
    271 }
    272
    (lldb) bt
  • thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    • frame #0: 0x00000001000bfaab minirubypathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff minirubyrb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723
      frame #2: 0x000000010009db09 minirubyrb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a minirubyrb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397
      frame #4: 0x000000010009e4d5 minirubyobj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 minirubygc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529
      frame #6: 0x000000010009206a minirubygc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 minirubygc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772
      frame #8: 0x000000010008d7f9 minirubyheap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 minirubyheap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769
      frame #10: 0x000000010008d98d minirubyheap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 minirubynewobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930
      frame #12: 0x000000010008dd6c minirubynewobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 minirubynewobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974
      frame #14: 0x000000010008df39 minirubyrb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c minirubystr_alloc(klass=4334386280) + 29 at string.c:692
      frame #16: 0x0000000100195fe9 minirubystr_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e minirubyrb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766
      frame #18: 0x000000010010a80a minirubyparser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a minirubyparser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675
      frame #20: 0x00000001001120bd minirubyparser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 minirubyyylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931
      frame #22: 0x00000001000fc79f minirubyruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a minirubyyycompile0(arg=4364879296) + 317 at parse.y:5595
      frame #24: 0x0000000100214ef0 minirubyrb_suppress_tracing(func=(minirubyyycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397
      frame #25: 0x000000010010a1df minirubyyycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 minirubyparser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706
      frame #27: 0x000000010010a5b7 minirubyrb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 minirubyeval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274
      frame #29: 0x0000000100206153 minirubyeval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 minirubyrb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382
      frame #31: 0x00000001001f247c minirubycall_cfunc_m1(func=(minirubyrb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723
      frame #32: 0x00000001001f2f87 minirubyvm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 minirubyvm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934
      frame #34: 0x00000001001faf0e minirubyvm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d minirubyvm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771
      frame #36: 0x00000001002093f8 minirubyinvoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 minirubyinvoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040
      frame #38: 0x0000000100209824 minirubyinvoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 minirubyvm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103
      frame #40: 0x0000000100205623 minirubyrb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 minirubyloop_i + 19 at vm_eval.c:1049
      frame #42: 0x000000010007db07 minirubyrb_rescue2(b_proc=(minirubyloop_i at vm_eval.c:1047), data1=0, r_proc=(minirubyloop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e minirubyrb_f_loop(self=4334412520) + 121 at vm_eval.c:1100
      frame #44: 0x00000001001f24a7 minirubycall_cfunc_0(func=(minirubyrb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729
      frame #45: 0x00000001001f2f87 minirubyvm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 minirubyvm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934
      frame #47: 0x00000001001f4319 minirubyvm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c minirubyvm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366
      frame #49: 0x00000001001f4b7a minirubyvm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f minirubyvm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850
      frame #51: 0x000000010020b75d minirubyvm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f minirubyrb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019
      frame #53: 0x000000010007c768 minirubyruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e minirubyruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310
      frame #55: 0x000000010007c861 minirubyruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d minirubymain(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42
      frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1
      (lldb) p ((struct RVALUE*)pathobj)->as.basic
      (RBasic) $0 = (flags = 0, klass = 4478683600)
      (lldb)

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e