From: nobu@...
Date: 2015-03-10T02:55:16+00:00
Subject: [ruby-core:68475] [Ruby trunk - Bug #10955] invoke_block_from_c	segfault

Issue #10955 has been updated by Nobuyoshi Nakada.

Priority changed from High to Low

----------------------------------------
Bug #10955: invoke_block_from_c segfault
https://bugs.ruby-lang.org/issues/10955#change-51818

* Author: Hal Brodigan
* Status: Open
* Priority: Low
* Assignee: 
* ruby -v: ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
I noticed that when a RSpec subject is self-referential, it causes infinite recursion and SegFaults ruby.

## Steps to Reproduce:

### spec/test_spec.rb

    require 'rspec'
    
    describe "Infinite Block Recursion" do
      subject { 1 }
    
      describe "foo" do
        subject { subject }
    
        it "should not segfault" do
          subject
        end
      end
    end

### Command

    ruby -S rspec spec/test_spec.rb

## Expected Results

stack level too deep

## Actual results

SegFault

## Backtrace

    gdb `which ruby`
    (gdb) r -S rspec spec/test_ruby.rb
    Infinite Block Recursion
      foo
    
    Program received signal SIGSEGV, Segmentation fault.
    invoke_block_from_c (th=0x555555a445f0, block=0x7ffff7f6c0e0, 
        self=93825007598320, argc=argc@entry=1, argv=argv@entry=0x7fffff7ff058, 
        blockptr=blockptr@entry=0x0, cref=cref@entry=0x0, 
        defined_class=93825007663920, splattable=splattable@entry=1) at vm.c:767
    767	{
    (gdb) bt
    #0  invoke_block_from_c (th=0x555555a445f0, block=0x7ffff7f6c0e0, 
        self=93825007598320, argc=argc@entry=1, argv=argv@entry=0x7fffff7ff058, 
        blockptr=blockptr@entry=0x0, cref=cref@entry=0x0, 
        defined_class=93825007663920, splattable=splattable@entry=1) at vm.c:767
    #1  0x00005555556d1901 in vm_yield (argv=<optimized out>, argc=<optimized out>, 
        th=<optimized out>) at vm.c:853
    #2  rb_yield_0 (argv=<optimized out>, argc=<optimized out>) at vm_eval.c:986
    #3  rb_yield (val=val@entry=12529932) at vm_eval.c:996
    #4  0x00005555555a1bd0 in rb_hash_fetch_m (argc=1, argv=0x7ffff7efb1d8, 
        hash=93825007594400) at hash.c:817
    #5  0x00005555556bdf1f in vm_call_cfunc_with_frame (ci=<optimized out>, 
        reg_cfp=0x7ffff7f6c0c0, th=0x555555a445f0) at vm_insnhelper.c:1382
    #6  vm_call_cfunc (th=0x555555a445f0, reg_cfp=0x7ffff7f6c0c0, 
        ci=<optimized out>) at vm_insnhelper.c:1475
    #7  0x00005555556c53c7 in vm_exec_core (th=th@entry=0x555555a445f0, 
        initial=initial@entry=0) at insns.def:1024
    #8  0x00005555556ca8f5 in vm_exec (th=th@entry=0x555555a445f0) at vm.c:1400
    #9  0x00005555556bee1b in invoke_block_from_c (th=th@entry=0x555555a445f0, 
        block=block@entry=0x5555565d7fe0, self=self@entry=93825007598320, 
        argc=argc@entry=0, argv=argv@entry=0x7fffff7ff940, 
        blockptr=blockptr@entry=0x0, cref=cref@entry=0x0, 
        defined_class=defined_class@entry=93825007663920, 
    ...

## Reliability

~ 7 out of 10 tries.

## Versions

ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]
rspec 3.2.0



-- 
https://bugs.ruby-lang.org/