[#68478] Looking for MRI projects for Ruby Google Summer of Code 2015 — Tony Arcieri <bascule@...>
Hi ruby-core,
10 messages
2015/03/10
[#68480] Re: Looking for MRI projects for Ruby Google Summer of Code 2015
— SASADA Koichi <ko1@...>
2015/03/10
I have.
[#68549] Re: Looking for MRI projects for Ruby Google Summer of Code 2015
— SASADA Koichi <ko1@...>
2015/03/17
I sent several ideas on previous, mail, but they are seems rejected?
[#68493] [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false" — nobu@...
Issue #10532 has been updated by Nobuyoshi Nakada.
5 messages
2015/03/11
[#68503] Re: [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false"
— Eric Wong <normalperson@...>
2015/03/12
Committed as r49948.
[#68504] Re: [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false"
— Nobuyoshi Nakada <nobu@...>
2015/03/12
On 2015/03/12 12:08, Eric Wong wrote:
[#68506] Seven stacks (and two questions) — Jakub Trzebiatowski <jaktrze1@...>
The Ruby Hacking Guide says that Ruby has窶ヲ seven stacks. Is it an implementation choice (and it could be implemented with one stack), or is there really a need for seven logical stacks? For example, Lua has one stack, and still closures with upvalues are totally possible (it窶冱 like Ruby窶冱 blocks that can reference local variables of their enclosing method, but it works for any function with any upvalues).
5 messages
2015/03/12
[#68520] Possible regression in 2.1 and 2.2 in binding when combined with delegate? — Joe Swatosh <joe.swatosh@...>
# The following code
3 messages
2015/03/14
[#68604] GSOC project Cross-thread Fiber support — surya pratap singh raghuvanshi <oshosurya@...>
- *hi i am a third year computer science student interested in working
6 messages
2015/03/22
[#68606] Re: GSOC project Cross-thread Fiber support
— Tony Arcieri <bascule@...>
2015/03/22
Hi Surya,
[#68619] Re: GSOC project Cross-thread Fiber support
— surya pratap singh raghuvanshi <oshosurya@...>
2015/03/23
hi tony,
[ruby-core:68477] [Ruby trunk - Bug #10957] [Open] seg fault in ruby_yyparse () at parse.y:2105 (null ptr / stack overflow)
From:
brian.carpenter@...
Date:
2015-03-10 05:14:45 UTC
List:
ruby-core #68477
Issue #10957 has been reported by Brian Carpenter.
----------------------------------------
Bug #10957: seg fault in ruby_yyparse () at parse.y:2105 (null ptr / stack overflow)
https://bugs.ruby-lang.org/issues/10957
* Author: Brian Carpenter
* Status: Open
* Priority: High
* Assignee:
* ruby -v: ruby 2.3.0dev (2015-03-07 trunk 49885) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Built ruby 2.3.0dev (2015-03-07 trunk 49885) [x86_64-linux] from git source earlier this evening. This bug was found with american fuzzy lop (http://lcamtuf.coredump.cx/afl) and was compiled as follows:
CC=afl-gcc ./configure && AFL_HARDEN=1 make -j8 && make install
Valgrind:
==41211== Invalid write of size 1
==41211== at 0x827873: reserve_stack (thread_pthread.c:684)
==41211== by 0x842871: ruby_init_stack (thread_pthread.c:713)
==41211== by 0x1337E8: main (main.c:34)
==41211== Address 0x7fe8010e0 is on thread 1's stack
==41211==
==41211== Stack overflow in thread 1: can't grow stack to 0x7fe8010e0
==41211==
==41211== Process terminating with default action of signal 11 (SIGSEGV)
==41211== Access not within mapped region at address 0x7FE8010E0
==41211== at 0x827873: reserve_stack (thread_pthread.c:684)
==41211== If you believe this happened as a result of a stack
==41211== overflow in your program's main thread (unlikely but
==41211== possible), you can try to increase the size of the
==41211== main thread stack using the --main-stacksize= flag.
==41211== The main thread stack size used in this run was 8388608.
==41211== Stack overflow in thread 1: can't grow stack to 0x7fe8010d9
==41211==
==41211== Process terminating with default action of signal 11 (SIGSEGV)
==41211== Access not within mapped region at address 0x7FE8010D9
==41211== at 0x4A226E0: _vgnU_freeres (vg_preloaded.c:58)
==41211== If you believe this happened as a result of a stack
==41211== overflow in your program's main thread (unlikely but
==41211== possible), you can try to increase the size of the
==41211== main thread stack using the --main-stacksize= flag.
==41211== The main thread stack size used in this run was 8388608.
Segmentation fault
GDB:
gdb-peda$ file ruby
gdb-peda$ set args test00-min
gdb-peda$ r
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff6c00700 (LWP 48391)]
Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0x555556679f20 --> 0xd71c
RBX: 0xd1
RCX: 0x0
RDX: 0x1
RSI: 0x0
RDI: 0x0
RBP: 0xd71c
RSP: 0x7fffffffbe70 --> 0x7fff000000d1
RIP: 0x555555f312f8 (<ruby_yyparse+148344>: mov r11,QWORD PTR [rsi])
R8 : 0x5555566651c0 --> 0x555556678000 (0x00005555566651c0)
R9 : 0x0
R10: 0x3900 ('')
R11: 0xfffffffffffa360a
R12: 0x555556679f20 --> 0xd71c
R13: 0x7fffffffc120 --> 0x555556679f48 --> 0xb91c
R14: 0x7fffffffbf6c --> 0x55befb3e026f021d
R15: 0x555556402060 --> 0x0
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x555555f312ee <ruby_yyparse+148334>: mov r12,rax
0x555555f312f1 <ruby_yyparse+148337>: mov QWORD PTR [rax],rbp
0x555555f312f4 <ruby_yyparse+148340>: mov rsi,QWORD PTR [r13-0x10]
=> 0x555555f312f8 <ruby_yyparse+148344>: mov r11,QWORD PTR [rsi]
0x555555f312fb <ruby_yyparse+148347>: and r11d,0x7f00
0x555555f31302 <ruby_yyparse+148354>: cmp r11,0x3900
0x555555f31309 <ruby_yyparse+148361>: jne 0x555555f0ee47 <ruby_yyparse+7879>
0x555555f3130f <ruby_yyparse+148367>: nop
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffbe70 --> 0x7fff000000d1
0008| 0x7fffffffbe78 --> 0x555500000000 ('')
0016| 0x7fffffffbe80 --> 0x7fffffffbf60 --> 0xe6004c00020000
0024| 0x7fffffffbe88 --> 0xd1
0032| 0x7fffffffbe90 --> 0xc8
0040| 0x7fffffffbe98 --> 0x0
0048| 0x7fffffffbea0 --> 0x7fffffffc0f0 --> 0x88cf9f52f8c4423
0056| 0x7fffffffbea8 --> 0x7fffffffbf60 --> 0xe6004c00020000
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x0000555555f312f8 in ruby_yyparse () at parse.y:2105
2105 if (nd_type($1) == NODE_LIT && FIXNUM_P($1->nd_lit) &&
gdb-peda$ exploit
Description: Access violation near NULL on source operand
Short description: SourceAvNearNull (16/22)
Hash: 8e697703610f21a0a2aaec98723ec089.0b098a66d2dd0257594a0e5fb055f0de
Exploitability Classification: PROBABLY_NOT_EXPLOITABLE
Explanation: The target crashed on an access violation at an address matching the source operand of the current instruction. This likely indicates a read access violation, which may mean the application crashed on a simple NULL dereference to data structure that has no immediate effect on control of the processor.
Other tags: AccessViolation (21/22)
Hexdump of the 7-byte test case:
0000000 2070 2928 2e2e 0030
0000007
System Info: Debian 7, Kernel 3.2.65-1+deb7u1 x86_64, GCC 4.9.2, libc 2.13-38+deb7u8
---Files--------------------------------
test00-min (7 Bytes)
--
https://bugs.ruby-lang.org/