[#68478] Looking for MRI projects for Ruby Google Summer of Code 2015 — Tony Arcieri <bascule@...>
Hi ruby-core,
10 messages
2015/03/10
[#68480] Re: Looking for MRI projects for Ruby Google Summer of Code 2015
— SASADA Koichi <ko1@...>
2015/03/10
I have.
[#68549] Re: Looking for MRI projects for Ruby Google Summer of Code 2015
— SASADA Koichi <ko1@...>
2015/03/17
I sent several ideas on previous, mail, but they are seems rejected?
[#68493] [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false" — nobu@...
Issue #10532 has been updated by Nobuyoshi Nakada.
5 messages
2015/03/11
[#68503] Re: [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false"
— Eric Wong <normalperson@...>
2015/03/12
Committed as r49948.
[#68504] Re: [Ruby trunk - Feature #10532] [PATCH] accept_nonblock supports "exception: false"
— Nobuyoshi Nakada <nobu@...>
2015/03/12
On 2015/03/12 12:08, Eric Wong wrote:
[#68506] Seven stacks (and two questions) — Jakub Trzebiatowski <jaktrze1@...>
The Ruby Hacking Guide says that Ruby has窶ヲ seven stacks. Is it an implementation choice (and it could be implemented with one stack), or is there really a need for seven logical stacks? For example, Lua has one stack, and still closures with upvalues are totally possible (it窶冱 like Ruby窶冱 blocks that can reference local variables of their enclosing method, but it works for any function with any upvalues).
5 messages
2015/03/12
[#68520] Possible regression in 2.1 and 2.2 in binding when combined with delegate? — Joe Swatosh <joe.swatosh@...>
# The following code
3 messages
2015/03/14
[#68604] GSOC project Cross-thread Fiber support — surya pratap singh raghuvanshi <oshosurya@...>
- *hi i am a third year computer science student interested in working
6 messages
2015/03/22
[#68606] Re: GSOC project Cross-thread Fiber support
— Tony Arcieri <bascule@...>
2015/03/22
Hi Surya,
[#68619] Re: GSOC project Cross-thread Fiber support
— surya pratap singh raghuvanshi <oshosurya@...>
2015/03/23
hi tony,
[ruby-core:68603] [Ruby trunk - Bug #10991] SIGSEGV in Marshal.load
From:
mcarpenter@...
Date:
2015-03-22 16:02:04 UTC
List:
ruby-core #68603
Issue #10991 has been updated by Martin Carpenter.
Nobuyoshi Nakada wrote:
> Are those dumped data generated from real objects, and expected to be loaded successfully?
Data was not generated from real objects and I would not expect them to load successfully.
I expected eg TypeError:
$ echo quack | ruby -e 'Marshal.load(STDIN)'
-e:1:in `load': incompatible marshal file format (can't be read) (TypeError)
----------------------------------------
Bug #10991: SIGSEGV in Marshal.load
https://bugs.ruby-lang.org/issues/10991#change-51915
* Author: Martin Carpenter
* Status: Feedback
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.2p86 (2015-03-03 revision 49825) [x86_64-linux]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED
----------------------------------------
I've fuzzed some crashes in the marshal loader. The docs are explicit about not handing untrusted data to these methods and all appear to be `NULL` derefs from `RSTRING_PTR()` (I checked the first few by hand and ran exploitable over the remainder) so not obviously catastrophic from a security perspective.
Attached please find a tgz containing the input data (from afl) and gdb session output (backtrace, set args ..., run, exploitable).
To reproduce from the command line:
ruby -e 'Marshal.load(STDIN)' < id:000001,sig:11,src:003955,op:havoc,rep:4
Today's ruby-2.2-head is affected, and as far back as ruby-2.1.5 at least (possibly earlier).
---Files--------------------------------
Marshal.load_crashes.tgz (2.92 KB)
--
https://bugs.ruby-lang.org/