[ruby-cvs:68732] shyouhei:r61566 (trunk): fix SEGV touching uninitialized local variable

shyouhei at ruby-lang.org shyouhei at ruby-lang.org
Tue Jan 2 15:42:04 JST 2018


shyouhei	2018-01-02 15:42:02 +0900 (Tue, 02 Jan 2018)

  New Revision: 61566

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=61566

  Log:
    fix SEGV touching uninitialized local variable
    
    This imemo_name is used uninitialized because the switch
    above does not cover all possible imemo types.
    
    (lldb) run
    Process 26068 launched: './miniruby' (x86_64)
    Process 26068 stopped
    * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0)
        frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18
    libsystem_c.dylib`strlen:
    ->  0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0
        0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi
        0x7fff8a40213a <+26>: andq   $0xf, %rcx
        0x7fff8a40213e <+30>: orq    $-0x1, %rax
    (lldb) bt
    * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0)
      * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18
        frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026
        frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0    ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285
        frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0    ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300
        frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0    ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376
        frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428
        frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887
        frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970
        frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017
        frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146
        frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776
        frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907
        frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037
        frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026
        frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682
        frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257
        frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105
        frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42
        frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1
    (lldb) up 4
    frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0    ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376
       9373 #undef IMEMO_NAME
       9374               default: UNREACHABLE;
       9375             }
    -> 9376             snprintf(buff, buff_size, "%s %s", buff, imemo_name);
       9377
       9378             switch (imemo_type(obj)) {
       9379               case imemo_ment: {
    (lldb) p imemo_name
    (const char *) $0 = 0xffffffffffffffff
    (lldb) p imemo_type(obj)
    (imemo_type) $1 = imemo_ast
    (lldb)

  Modified files:
    trunk/gc.c


More information about the ruby-cvs mailing list