From: nagachika00@...
Date: 2014-02-16T16:14:34+00:00
Subject: [ruby-core:60787] [ruby-trunk - Bug #8978] Fiddle possibly misuses	mprotect

Issue #8978 has been updated by Tomoyuki Chikanaga.

Backport changed from 1.9.3: DONE, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED

r44731 and r44751 were backported to ruby_2_0_0 at r45008.

----------------------------------------
Bug #8978: Fiddle possibly misuses mprotect
https://bugs.ruby-lang.org/issues/8978#change-45202

* Author: Yusuke Endoh
* Status: Closed
* Priority: Normal
* Assignee: Aaron Patterson
* Category: ext
* Target version: 2.1.0
* ruby -v: ruby 2.1.0dev (2013-10-02 trunk 43121) [x86_64-linux]
* Backport: 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED
----------------------------------------
Hello Aaron,

Coverity Scan found a possible bug in "initialize" function of ext/fiddle/closure.c:

> result = ffi_prep_closure(pcl, cif, callback, (void *)self);
> ...
> i = mprotect(pcl, sizeof(pcl), PROT_READ | PROT_EXEC)

I don't understand the code completely, but the size of the pointer does not seem to make sense.
Perhaps, "sizeof(pcl)" should be "sizeof(*pcl)".

The same applies to dealloc:

> munmap(cls->pc1, sizeof(cls->pc1));


BTW, ffi_prep_closure seems deprecated.
We should use ffi_prep_closure_loc instead when it is available.

-- 
Yusuke Endoh <mame@tsg.ne.jp>



-- 
http://bugs.ruby-lang.org/