[#68478] Looking for MRI projects for Ruby Google Summer of Code 2015 — Tony Arcieri <bascule@...>
Hi ruby-core,
10 messages
2015/03/10
[#68480] Re: Looking for MRI projects for Ruby Google Summer of Code 2015
— SASADA Koichi <ko1@...>
2015/03/10
I have.
[#68549] Re: Looking for MRI projects for Ruby Google Summer of Code 2015
— SASADA Koichi <ko1@...>
2015/03/17
I sent several ideas on previous, mail, but they are seems rejected?
[#68493] [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false" — nobu@...
Issue #10532 has been updated by Nobuyoshi Nakada.
5 messages
2015/03/11
[#68503] Re: [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false"
— Eric Wong <normalperson@...>
2015/03/12
Committed as r49948.
[#68504] Re: [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false"
— Nobuyoshi Nakada <nobu@...>
2015/03/12
On 2015/03/12 12:08, Eric Wong wrote:
[#68506] Seven stacks (and two questions) — Jakub Trzebiatowski <jaktrze1@...>
The Ruby Hacking Guide says that Ruby has=E2=80=A6 seven stacks. Is it =
5 messages
2015/03/12
[#68520] Possible regression in 2.1 and 2.2 in binding when combined with delegate? — Joe Swatosh <joe.swatosh@...>
# The following code
3 messages
2015/03/14
[#68604] GSOC project Cross-thread Fiber support — surya pratap singh raghuvanshi <oshosurya@...>
- *hi i am a third year computer science student interested in working
6 messages
2015/03/22
[#68606] Re: GSOC project Cross-thread Fiber support
— Tony Arcieri <bascule@...>
2015/03/22
Hi Surya,
[#68619] Re: GSOC project Cross-thread Fiber support
— surya pratap singh raghuvanshi <oshosurya@...>
2015/03/23
hi tony,
[ruby-core:68599] [Ruby trunk - Bug #10991] [Feedback] SIGSEGV in Marshal.load
From:
nobu@...
Date:
2015-03-22 08:50:51 UTC
List:
ruby-core #68599
Issue #10991 has been updated by Nobuyoshi Nakada.
Description updated
Status changed from Open to Feedback
Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED
Are those dumped data generated from real objects, and expected to be loaded successfully?
----------------------------------------
Bug #10991: SIGSEGV in Marshal.load
https://bugs.ruby-lang.org/issues/10991#change-51911
* Author: Martin Carpenter
* Status: Feedback
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.2p86 (2015-03-03 revision 49825) [x86_64-linux]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED
----------------------------------------
I've fuzzed some crashes in the marshal loader. The docs are explicit about not handing untrusted data to these methods and all appear to be `NULL` derefs from `RSTRING_PTR()` (I checked the first few by hand and ran exploitable over the remainder) so not obviously catastrophic from a security perspective.
Attached please find a tgz containing the input data (from afl) and gdb session output (backtrace, set args ..., run, exploitable).
To reproduce from the command line:
ruby -e 'Marshal.load(STDIN)' < id:000001,sig:11,src:003955,op:havoc,rep:4
Today's ruby-2.2-head is affected, and as far back as ruby-2.1.5 at least (possibly earlier).
---Files--------------------------------
Marshal.load_crashes.tgz (2.92 KB)
--
https://bugs.ruby-lang.org/