[ruby-cvs:68741] shyouhei:r61563 (trunk): fix SEGV touching uninitialized memory

shyouhei at ruby-lang.org shyouhei at ruby-lang.org
Tue Jan 2 15:42:01 JST 2018


shyouhei	2018-01-02 15:41:59 +0900 (Tue, 02 Jan 2018)

  New Revision: 61563

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=61563

  Log:
    fix SEGV touching uninitialized memory
    
    This function can be called from InitVM_Object().
    No assumption can be made about object internals.
    
    (lldb) run
    Process 10675 launched: './miniruby' (x86_64)
    Process 10675 stopped
    * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0    ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
        frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0    ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383
       9380                 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment;
       9381                 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff,
       9382                          rb_id2name(me->called_id),
    -> 9383                          method_type_name(me->def->type),
       9384                          me->def->alias_count,
       9385                          obj_info(me->owner),
       9386                          obj_info(me->defined_class));
    (lldb) p *me
    (rb_method_entry_t) $0 = {
      flags = 24602
      defined_class = 4311488400
      def = 0x0000000000000000
      called_id = 3057
      owner = 4311488400
    }
    (lldb) bt
    * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0    ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
      * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0    ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383
        frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423
        frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887
        frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970
        frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017
        frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368
        frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389
        frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594
        frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650
        frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137
        frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529
        frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905
        frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122
        frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23
        frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61
        frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78
        frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41
        frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1
    (lldb)

  Modified files:
    trunk/gc.c


More information about the ruby-cvs mailing list