[#71439] [Ruby trunk - Feature #11339] [PATCH] io.c: avoid kwarg parsing in C API — matz@...
Issue #11339 has been updated by Yukihiro Matsumoto.
7 messages
2015/11/11
[#71473] Re: [Ruby trunk - Feature #11339] [PATCH] io.c: avoid kwarg parsing in C API
— Eric Wong <normalperson@...>
2015/11/13
Entire series for sockets
[#71450] Ruby 2.3.0-preview1 Released — "NARUSE, Yui" <naruse@...>
Hi,
5 messages
2015/11/11
[#71617] [Ruby trunk - Feature #11664] [PATCH] introduce rb_autoload_value to replace rb_autoload — nobu@...
Issue #11664 has been updated by Nobuyoshi Nakada.
3 messages
2015/11/20
[#71721] [Ruby trunk - Feature #11741] Migrate Ruby to Git from Subversion — me@...
Issue #11741 has been updated by Jon Moss.
4 messages
2015/11/28
[ruby-core:71442] [Ruby trunk - Bug #11674] `local_variables` returns buffer-overflow garbage with methods with > 10 keyword arguments
From:
0x0dea+redmine@...
Date:
2015-11-11 06:20:35 UTC
List:
ruby-core #71442
Issue #11674 has been updated by D.E. Akers.
Well, this is very strange indeed. The problem does start at 11 keyword arguments and continues to present all the way up to 25, but then 26 to 35 keyword arguments are all kosher, then 36 to 42 have the problem, and then it doesn't happen again until 69. I have no idea what's going on, but here's the program I used to determine these ranges:
```ruby
p 100.times.select { |n|
vars = n.times.map { |i| :"v#{i}" }
eval "def foo #{vars.map { |v| "#{v}: 1" } * ?,}
local_variables
end"
foo != vars
}
# => [11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 36, 37, 38, 39, 40, 41, 42, 69, 70, 71, 72, 74]
```
----------------------------------------
Bug #11674: `local_variables` returns buffer-overflow garbage with methods with > 10 keyword arguments
https://bugs.ruby-lang.org/issues/11674#change-54810
* Author: KJ Tsanaktsidis
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin15]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
The following program appears to demonstrate a buffer overflow in `rb_f_local_variables`
~~~ruby
def with_kwargs_10(v1:, v2:, v3:, v4:, v5:, v6:, v7:, v8:, v9:, v10:)
p local_variables
end
def with_kwargs_11(v1:, v2:, v3:, v4:, v5:, v6:, v7:, v8:, v9:, v10:, v11:)
p local_variables
end
def with_kwargs_12(v1:, v2:, v3:, v4:, v5:, v6:, v7:, v8:, v9:, v10:, v11:, v12:)
p local_variables
end
def with_args_11(v1,v2,v3,v4,v5,v6,v7,v8,v9,v10,v11)
p local_variables
end
with_kwargs_10(v1:1,v2:2,v3:3,v4:4,v5:5,v6:6,v7:7,v8:8,v9:9,v10:10)
with_kwargs_11(v1:1,v2:2,v3:3,v4:4,v5:5,v6:6,v7:7,v8:8,v9:9,v10:10,v11:11)
with_kwargs_12(v1:1,v2:2,v3:3,v4:4,v5:5,v6:6,v7:7,v8:8,v9:9,v10:10,v11:11,v12:12)
with_args_11(1,2,3,4,5,6,7,8,9,10,11)
~~~
Output:
~~~
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10]
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10, :v11, :!]
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10, :v11, :v12, :"\""]
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10, :v11]
~~~
Expected output:
~~~
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10]
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10, :v11]
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10, :v11, :v12]
[:v1, :v2, :v3, :v4, :v5, :v6, :v7, :v8, :v9, :v10, :v11]
~~~
There appears to be a buffer overflow, because the symbol :"\"" is next in ASCII order to :!
I'm not familiar with the MRI interpreter internals; I spent a few hours trying to debug the problem but to no avail. It appears that in `vm_eval.c:2072`, `cfp->iseq->local_table_size` is 12 (in `with_kwargs_11`) even though there are only 11 kwargs and no other locals. However, that's as far as I got.
--
https://bugs.ruby-lang.org/