From: ericldelaney@... Date: 2016-05-24T20:52:23+00:00 Subject: [ruby-core:75712] [Ruby trunk Bug#12425] encoding string to UTF-16 is causing a segfault Issue #12425 has been reported by Eric Delaney. ---------------------------------------- Bug #12425: encoding string to UTF-16 is causing a segfault https://bugs.ruby-lang.org/issues/12425 * Author: Eric Delaney * Status: Open * Priority: Normal * Assignee: * ruby -v: 2.3.0p0 * Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN ---------------------------------------- While trying to create a Yaml file in UTF-16 format for testing I found that with the attached script ruby dies with a segfault because of memory corruption/free issues on 2.3.0p0, 2.2.4p230, and 2.2.3p173. (Note it works on 2.0.0.p598). The underlying OS was Redhat 6.7 x64 The script is attempting to build up a yaml file of valid UTF-16 characters to test a Yaml file parser's behavior processing the UTF-16 character set. [user@user accept]$ ruby -v ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux] [user@user accept]$ ruby test_bug.rb test_bug.rb:24: [BUG] Segmentation fault at 0x00000000000000 ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux] -- Control frame information ----------------------------------------------- c:0005 p:---- s:0023 e:000022 CFUNC :[] c:0004 p:0054 s:0019 e:000018 METHOD test_bug.rb:24 c:0003 p:0066 s:0014 e:000012 METHOD test_bug.rb:38 c:0002 p:0041 s:0007 E:000318 EVAL test_bug.rb:52 [FINISH] c:0001 p:0000 s:0002 E:001210 (none) [FINISH] -- Ruby level backtrace information ---------------------------------------- test_bug.rb:52:in `
' test_bug.rb:38:in `stream' test_bug.rb:24:in `string' test_bug.rb:24:in `[]' -- Machine register context ------------------------------------------------ RIP: 0x000000342c67886a RBP: 0x0000000000014d10 RSP: 0x00007ffc44160200 RAX: 0x2d002d002d00fffe RBX: 0x0000000001f9a6c0 RCX: 0x00007fc2be30eadc RDX: 0x20002000fffe0a00 RDI: 0x000000342c98fe80 RSI: 0x0000000000000000 R8: 0x0000000000000000 R9: 0x000000342c98fed0 R10: 0x000000342c98fed0 R11: 0x0000000000000020 R12: 0x0000000001faf3d0 R13: 0x000000342c98fe80 R14: 0x0000000000006a10 R15: 0x0000000000000001 EFL: 0x0000000000010202 -- C level backtrace information ------------------------------------------- ----------------------------------------------------------------------------- user@user accept]$ ruby -v ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux] [user@user accept]$ ruby test_bug.rb *** glibc detected *** ruby: malloc(): memory corruption: 0x000000000188ee50 *** ======= Backtrace: ========= /lib64/libc.so.6[0x342c675f4e] /lib64/libc.so.6[0x342c67a41a] /lib64/libc.so.6(__libc_malloc+0x5c)[0x342c67ab1c] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x97ace)[0x7f5f8e669ace] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(st_init_table_with_size+0x23)[0x7f5f8e71a403] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x177d24)[0x7f5f8e749d24] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(rb_econv_open+0x1b9)[0x7f5f8e74c439] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(rb_econv_open_opts+0x7d)[0x7f5f8e74e74d] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x17d0cf)[0x7f5f8e74f0cf] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x17d670)[0x7f5f8e74f670] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x1a8a0a)[0x7f5f8e77aa0a] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x1b5de5)[0x7f5f8e787de5] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x1ab36b)[0x7f5f8e77d36b] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(rb_iseq_eval_main+0x221)[0x7f5f8e77de21] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(+0x764f7)[0x7f5f8e6484f7] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(ruby_exec_node+0x1d)[0x7f5f8e64854d] /home/user/.rvm/rubies/ruby-2.2.4/lib/libruby.so.2.2(ruby_run_node+0x1e)[0x7f5f8e64b6fe] ruby[0x4008eb] /lib64/libc.so.6(__libc_start_main+0xfd)[0x342c61ed5d] ruby[0x4007d9] ======= Memory map: ======== 00400000-00401000 r-xp 00000000 00:20 100631623 /home/user/.rvm/rubies/ruby-2.2.4/bin/ruby 00600000-00601000 rw-p 00000000 00:20 100631623 /home/user/.rvm/rubies/ruby-2.2.4/bin/ruby 01531000-019e8000 rw-p 00000000 00:00 0 [heap] 342c200000-342c220000 r-xp 00000000 fd:00 15728727 /lib64/ld-2.12.so 342c41f000-342c420000 r--p 0001f000 fd:00 15728727 /lib64/ld-2.12.so 342c420000-342c421000 rw-p 00020000 fd:00 15728727 /lib64/ld-2.12.so 342c421000-342c422000 rw-p 00000000 00:00 0 342c600000-342c78a000 r-xp 00000000 fd:00 15728732 /lib64/libc-2.12.so 342c78a000-342c98a000 ---p 0018a000 fd:00 15728732 /lib64/libc-2.12.so 342c98a000-342c98e000 r--p 0018a000 fd:00 15728732 /lib64/libc-2.12.so 342c98e000-342c98f000 rw-p 0018e000 fd:00 15728732 /lib64/libc-2.12.so 342c98f000-342c994000 rw-p 00000000 00:00 0 342ca00000-342ca83000 r-xp 00000000 fd:00 15728845 /lib64/libm-2.12.so 342ca83000-342cc82000 ---p 00083000 fd:00 15728845 /lib64/libm-2.12.so 342cc82000-342cc83000 r--p 00082000 fd:00 15728845 /lib64/libm-2.12.so 342cc83000-342cc84000 rw-p 00083000 fd:00 15728845 /lib64/libm-2.12.so 342ce00000-342ce17000 r-xp 00000000 fd:00 15728741 /lib64/libpthread-2.12.so 342ce17000-342d017000 ---p 00017000 fd:00 15728741 /lib64/libpthread-2.12.so 342d017000-342d018000 r--p 00017000 fd:00 15728741 /lib64/libpthread-2.12.so 342d018000-342d019000 rw-p 00018000 fd:00 15728741 /lib64/libpthread-2.12.so 342d019000-342d01d000 rw-p 00000000 00:00 0 342d200000-342d202000 r-xp 00000000 fd:00 15728851 /lib64/libdl-2.12.so 342d202000-342d402000 ---p 00002000 fd:00 15728851 /lib64/libdl-2.12.so 342d402000-342d403000 r--p 00002000 fd:00 15728851 /lib64/libdl-2.12.so 342d403000-342d404000 rw-p 00003000 fd:00 15728851 /lib64/libdl-2.12.so 342d600000-342d607000 r-xp 00000000 fd:00 15728757 /lib64/librt-2.12.so 342d607000-342d806000 ---p 00007000 fd:00 15728757 /lib64/librt-2.12.so 342d806000-342d807000 r--p 00006000 fd:00 15728757 /lib64/librt-2.12.so 342d807000-342d808000 rw-p 00007000 fd:00 15728757 /lib64/librt-2.12.so 3436600000-3436616000 r-xp 00000000 fd:00 15729068 /lib64/libgcc_s-4.4.7-20120601.so.1 3436616000-3436815000 ---p 00016000 fd:00 15729068 /lib64/libgcc_s-4.4.7-20120601.so.1 3436815000-3436816000 rw-p 00015000 fd:00 15729068 /lib64/libgcc_s-4.4.7-20120601.so.1 3437e00000-3437e02000 r-xp 00000000 fd:00 15729095 /lib64/libfreebl3.so 3437e02000-3438001000 ---p 00002000 fd:00 15729095 /lib64/libfreebl3.so 3438001000-3438002000 r--p 00001000 fd:00 15729095 /lib64/libfreebl3.so 3438002000-3438003000 rw-p 00002000 fd:00 15729095 /lib64/libfreebl3.so 3438200000-3438207000 r-xp 00000000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438207000-3438407000 ---p 00007000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438407000-3438408000 r--p 00007000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438408000-3438409000 rw-p 00008000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438409000-3438437000 rw-p 00000000 00:00 0 7f5f80000000-7f5f80021000 rw-p 00000000 00:00 0 7f5f80021000-7f5f84000000 ---p 00000000 00:00 0 7f5f87681000-7f5f87684000 r-xp 00000000 00:20 75927890 /home/user/.rvm/rubies/ruby-2.2.4/lib/ruby/2.2.0/x86_64-linux/enc/trans/utf_16_32.so 7f5f87684000-7f5f87884000 ---p 00003000 00:20 75927890 /home/user/.rvm/rubies/ruby-2.2.4/lib/ruby/2.2.0/x86_64-linux/enc/trans/utf_16_32.so 7f5f87884000-7f5f87885000 rw-p 00003000 00:20 75927890 /home/user/.rvm/rubies/ruby-2.2.4/lib/ruby/2.2.0/x86_64-linux/enc/trans/utf_16_32.so 7f5f87885000-7f5f87933000 rw-p 00000000 00:00 0 7f5f87933000-7f5f87934000 r-xp 00000000 00:20 89151330 /home/user/.rvm/rubies/ruby-2.2.4/lib/ruby/2.2.0/x86_64-linux/enc/utf_16be.so 7f5f87934000-7f5f87b34000 ---p 00001000 00:20 89151330 /home/user/.rvm/rubies/ruby-2.2.4/lib/ruby/2.2.0/x86_64-linux/enc/utf_16be.so 7f5f87b34000-7f5f87b35000 rw-p 00001000 00:20 89151330 /home/user/.rvm/rubies/ruby-2.2.4/lib/ruby/2.2.0/x86_64-linux/enc/utf_16be.so 7f5f87c28000-7f5f87e5a000 rw-p 00000000 00:00 0 7f5f87e96000-7f5f88016000 rw-p 00000000 00:00 0 7f5f88016000-7f5f88019000 r-xp 00000000 00:20 76610004 /home/user/.rvm/rubies/ruby-2.2.4/lib/ruby/2.2.0/x86_64-linux/thread.soAborted (core dumped) ----------------------------------------------------------------------------- [user@user accept]$ ruby -v ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-linux] [user@user accept]$ ruby test_bug.rb *** glibc detected *** ruby: free(): invalid next size (normal): 0x0000000002137e60 *** ======= Backtrace: ========= /lib64/libc.so.6[0x342c675f4e] /lib64/libc.so.6[0x342c678cf0] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(ruby_xfree+0x3c)[0x7f1557ddad7c] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(+0x17cca8)[0x7f1557ec2ca8] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(+0x17d030)[0x7f1557ec3030] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(+0x1a841a)[0x7f1557eee41a] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(+0x1b1ec5)[0x7f1557ef7ec5] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(+0x1b74eb)[0x7f1557efd4eb] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(rb_iseq_eval_main+0x221)[0x7f1557efdf91] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(+0x76517)[0x7f1557dbc517] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(ruby_exec_node+0x1d)[0x7f1557dbc56d] /home/user/.rvm/rubies/ruby-2.2.3/lib/libruby.so.2.2(ruby_run_node+0x1e)[0x7f1557dbf71e] ruby[0x4008eb] /lib64/libc.so.6(__libc_start_main+0xfd)[0x342c61ed5d] ruby[0x4007d9] ======= Memory map: ======== 00400000-00401000 r-xp 00000000 00:20 77045396 /home/user/.rvm/rubies/ruby-2.2.3/bin/ruby 00600000-00601000 rw-p 00000000 00:20 77045396 /home/user/.rvm/rubies/ruby-2.2.3/bin/ruby 01d91000-02264000 rw-p 00000000 00:00 0 [heap] 342c200000-342c220000 r-xp 00000000 fd:00 15728727 /lib64/ld-2.12.so 342c41f000-342c420000 r--p 0001f000 fd:00 15728727 /lib64/ld-2.12.so 342c420000-342c421000 rw-p 00020000 fd:00 15728727 /lib64/ld-2.12.so 342c421000-342c422000 rw-p 00000000 00:00 0 342c600000-342c78a000 r-xp 00000000 fd:00 15728732 /lib64/libc-2.12.so 342c78a000-342c98a000 ---p 0018a000 fd:00 15728732 /lib64/libc-2.12.so 342c98a000-342c98e000 r--p 0018a000 fd:00 15728732 /lib64/libc-2.12.so 342c98e000-342c98f000 rw-p 0018e000 fd:00 15728732 /lib64/libc-2.12.so 342c98f000-342c994000 rw-p 00000000 00:00 0 342ca00000-342ca83000 r-xp 00000000 fd:00 15728845 /lib64/libm-2.12.so 342ca83000-342cc82000 ---p 00083000 fd:00 15728845 /lib64/libm-2.12.so 342cc82000-342cc83000 r--p 00082000 fd:00 15728845 /lib64/libm-2.12.so 342cc83000-342cc84000 rw-p 00083000 fd:00 15728845 /lib64/libm-2.12.so 342ce00000-342ce17000 r-xp 00000000 fd:00 15728741 /lib64/libpthread-2.12.so 342ce17000-342d017000 ---p 00017000 fd:00 15728741 /lib64/libpthread-2.12.so 342d017000-342d018000 r--p 00017000 fd:00 15728741 /lib64/libpthread-2.12.so 342d018000-342d019000 rw-p 00018000 fd:00 15728741 /lib64/libpthread-2.12.so 342d019000-342d01d000 rw-p 00000000 00:00 0 342d200000-342d202000 r-xp 00000000 fd:00 15728851 /lib64/libdl-2.12.so 342d202000-342d402000 ---p 00002000 fd:00 15728851 /lib64/libdl-2.12.so 342d402000-342d403000 r--p 00002000 fd:00 15728851 /lib64/libdl-2.12.so 342d403000-342d404000 rw-p 00003000 fd:00 15728851 /lib64/libdl-2.12.so 342d600000-342d607000 r-xp 00000000 fd:00 15728757 /lib64/librt-2.12.so 342d607000-342d806000 ---p 00007000 fd:00 15728757 /lib64/librt-2.12.so 342d806000-342d807000 r--p 00006000 fd:00 15728757 /lib64/librt-2.12.so 342d807000-342d808000 rw-p 00007000 fd:00 15728757 /lib64/librt-2.12.so 3436600000-3436616000 r-xp 00000000 fd:00 15729068 /lib64/libgcc_s-4.4.7-20120601.so.1 3436616000-3436815000 ---p 00016000 fd:00 15729068 /lib64/libgcc_s-4.4.7-20120601.so.1 3436815000-3436816000 rw-p 00015000 fd:00 15729068 /lib64/libgcc_s-4.4.7-20120601.so.1 3437e00000-3437e02000 r-xp 00000000 fd:00 15729095 /lib64/libfreebl3.so 3437e02000-3438001000 ---p 00002000 fd:00 15729095 /lib64/libfreebl3.so 3438001000-3438002000 r--p 00001000 fd:00 15729095 /lib64/libfreebl3.so 3438002000-3438003000 rw-p 00002000 fd:00 15729095 /lib64/libfreebl3.so 3438200000-3438207000 r-xp 00000000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438207000-3438407000 ---p 00007000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438407000-3438408000 r--p 00007000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438408000-3438409000 rw-p 00008000 fd:00 15729098 /lib64/libcrypt-2.12.so 3438409000-3438437000 rw-p 00000000 00:00 0 7f154c000000-7f154c021000 rw-p 00000000 00:00 0 7f154c021000-7f1550000000 ---p 00000000 00:00 0 7f1550df1000-7f1550df4000 r-xp 00000000 00:20 91818635 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/enc/trans/utf_16_32.so 7f1550df4000-7f1550ff4000 ---p 00003000 00:20 91818635 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/enc/trans/utf_16_32.so 7f1550ff4000-7f1550ff5000 rw-p 00003000 00:20 91818635 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/enc/trans/utf_16_32.so 7f1550ff5000-7f15510a3000 rw-p 00000000 00:00 0 7f15510a3000-7f15510a4000 r-xp 00000000 00:20 84841293 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/enc/utf_16be.so 7f15510a4000-7f15512a4000 ---p 00001000 00:20 84841293 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/enc/utf_16be.so 7f15512a4000-7f15512a5000 rw-p 00001000 00:20 84841293 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/enc/utf_16be.so 7f155139c000-7f15515ce000 rw-p 00000000 00:00 0 7f155160a000-7f155178a000 rw-p 00000000 00:00 0 7f155178a000-7f155178d000 r-xp 00000000 00:20 70721795 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/thread.so 7f155178d000-7f155198d000 ---p 00003000 00:20 70721795 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/thread.so 7f155198d000-7f155198e000 rw-p 00003000 00:20 70721795 /home/user/.rvm/rubies/ruby-2.2.3/lib/ruby/2.2.0/x86_64-linux/thread.soAborted (core dumped) [user@user accept]$ ----------------------------------------------------------------------------- [user@user accept]$ ruby -v ruby 2.0.0p598 (2014-11-13 revision 48408) [x86_64-linux] [user@user accept]$ ruby test_bug.rb [user@user accept]$ echo "it worked" ---Files-------------------------------- test_bug.rb (1.23 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: