From: john@...
Date: 2021-07-29T23:08:50+00:00
Subject: [ruby-core:104722] [Ruby master Bug#18053] Crashes and infinite loops when generating partial backtraces in Ruby 3.0+

Issue #18053 has been reported by jhawthorn (John Hawthorn).

----------------------------------------
Bug #18053: Crashes and infinite loops when generating partial backtraces in Ruby 3.0+
https://bugs.ruby-lang.org/issues/18053

* Author: jhawthorn (John Hawthorn)
* Status: Open
* Priority: Normal
* ruby -v: ruby 3.1.0dev (2021-07-29T22:19:12Z master 9931e2f509) [x86_64-linux]
* Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN
----------------------------------------
In Ruby 3.0+ there are some cases where generating a partial backtrace will hang (due to an infinite loop) or segfault. This is also an issue in Ruby master.

``` ruby
def foo
  caller_locations(2, 1).inspect # this will segv
  # caller_locations(2, 1)[0].path # this will infinite loop
end

1.times.map { 1.times.map { foo } }
```

```
$ ./ruby test_caller_locations.rb
test_caller_locations.rb:4: [BUG] Segmentation fault at 0x00000000000027e1
ruby 3.1.0dev (2021-07-29T22:19:12Z master 9931e2f509) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0015 p:---- s:0049 e:000048 CFUNC  :inspect
c:0014 p:---- s:0046 e:000045 CFUNC  :inspect
c:0013 p:0008 s:0042 e:000041 METHOD test_caller_locations.rb:4
c:0012 p:0003 s:0038 e:000037 BLOCK  test_caller_locations.rb:8 [FINISH]
c:0011 p:---- s:0035 e:000034 IFUNC
c:0010 p:---- s:0032 e:000031 CFUNC  :times
c:0009 p:---- s:0029 e:000028 CFUNC  :each
c:0008 p:---- s:0026 e:000025 CFUNC  :map
c:0007 p:0006 s:0022 e:000021 BLOCK  test_caller_locations.rb:8 [FINISH]
c:0006 p:---- s:0019 e:000018 IFUNC
c:0005 p:---- s:0016 e:000015 CFUNC  :times
c:0004 p:---- s:0013 e:000012 CFUNC  :each
c:0003 p:---- s:0010 e:000009 CFUNC  :map
c:0002 p:0009 s:0006 e:000005 EVAL   test_caller_locations.rb:8 [FINISH]
c:0001 p:0000 s:0003 E:0002b0 (none) [FINISH]
```

At least part of what seems to be happening is that the backtrace locations are generated with `prev_loc` pointing to itself. I added some assertions to catch this, but had a hard time finding what the intended behaviour should have been from there.

cc @jeremyevans0

---Files--------------------------------
output.txt (21.2 KB)
0001-Add-assertions-for-bad-backtrace-locations.patch (2.51 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>