From: shyouhei@...
Date: 2016-08-03T06:34:16+00:00
Subject: [ruby-core:76679] [Ruby trunk Bug#12651] SEGV in ripper: ripper/sexp.rb:33: [BUG] Segmentation fault at 0x00000000000014

Issue #12651 has been updated by Shyouhei Urabe.


I can reproduce this.

```
(lldb) run
Process 47463 launched: './ruby' (x86_64)
Process 47463 stopped
* thread #1: tid = 0xeafca, 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x14)
    frame #0: 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600
   2597         else {
   2598             capa = total;
   2599         }
-> 2600         RESIZE_CAPA_TERM(str, capa, termlen);
   2601         sptr = RSTRING_PTR(str);
   2602     }
   2603     if (off != -1) {
(lldb) bt
* thread #1: tid = 0xeafca, 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x14)
  * frame #0: 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600
    frame #1: 0x0000000100068709 ruby`rb_syntax_error_append [inlined] err_vcatf + 16 at error.c:87
    frame #2: 0x00000001000686f9 ruby`rb_syntax_error_append(exc=304942678023, file=<unavailable>, line=11, column=<unavailable>, enc=<unavailable>, fmt=<unavailable>, args=<unavailable>) + 281 at error.c:118
    frame #3: 0x00000001000e7646 ruby`parser_compile_error(parser=0x000000010175dd00, fmt=<unavailable>) + 214 at parse.y:11081
    frame #4: 0x00000001000f3cf6 ruby`reg_fragment_setenc_gen(parser=0x000000010175dd00, str=4321355880, options=<unavailable>) + 246 at parse.y:10574
    frame #5: 0x00000001000e9220 ruby`rb_parser_reg_compile [inlined] parser_reg_compile(parser=0x000000010175dd00, str=4321355880, options=25872) + 14 at parse.y:10642
    frame #6: 0x00000001000e9212 ruby`rb_parser_reg_compile(parser=0x000000010175dd00, str=4321355880, options=25872, errmsg=0x00007fff5fbfdb98) + 34 at parse.y:10672
    frame #7: 0x000000010103fbdc ripper.bundle`ripper_yyparse(parser=<unavailable>) + 40140 at ripper.y:4055
    frame #8: 0x000000010105a11e ripper.bundle`ripper_parse0(parser_v=<unavailable>) + 286 at ripper.y:11398
    frame #9: 0x00000001000732a6 ruby`rb_ensure(b_proc=(ripper.bundle`ripper_parse0 at ripper.y:11393), data1=4321422440, e_proc=<unavailable>, data2=<unavailable>) + 166 at eval.c:899
    frame #10: 0x000000010104dd95 ripper.bundle`ripper_parse(self=4321422440) + 85 at ripper.y:11434
    frame #11: 0x00000001001c0584 ruby`vm_call_cfunc [inlined] vm_call_cfunc_with_frame + 175 at vm_insnhelper.c:1729
    frame #12: 0x00000001001c04d5 ruby`vm_call_cfunc(th=<unavailable>, reg_cfp=<unavailable>, calling=<unavailable>, ci=<unavailable>, cc=<unavailable>) + 69 at vm_insnhelper.c:1824
    frame #13: 0x00000001001a9985 ruby`vm_exec_core(th=<unavailable>, initial=<unavailable>) + 12485 at insns.def:1064
    frame #14: 0x00000001001babcd ruby`vm_exec(th=<unavailable>) + 125 at vm.c:1710
    frame #15: 0x00000001000722e0 ruby`ruby_exec_internal(n=0x00000001018d8ae0) + 144 at eval.c:244
    frame #16: 0x00000001000721f6 ruby`ruby_run_node [inlined] ruby_exec_node(n=<unavailable>) + 54 at eval.c:308
    frame #17: 0x00000001000721e8 ruby`ruby_run_node(n=<unavailable>) + 40 at eval.c:300
    frame #18: 0x0000000100001873 ruby`main(argc=<unavailable>, argv=<unavailable>) + 99 at main.c:36
    frame #19: 0x00007fff8dff75ad libdyld.dylib`start + 1
(lldb)
```

----------------------------------------
Bug #12651: SEGV in ripper: ripper/sexp.rb:33: [BUG] Segmentation fault at 0x00000000000014
https://bugs.ruby-lang.org/issues/12651#change-59896

* Author: Toru Iwase
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.4.0dev (2016-08-02 trunk 55799) [x86_64-linux]
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
I encountered SEGV in ripper.
OS: Ubuntu 16.04.01 LTS (xenial)

How to reproduce:

```
$ rbenv version
2.4.0-dev (set by RBENV_VERSION environment variable)
$ ruby -rripper -e 'Ripper.sexp(File.read("ripper_segv.html.erb"))'
/usr/local/anyenv/envs/rbenv/versions/2.4.0-dev/lib/ruby/2.4.0/ripper/sexp.rb:33: [BUG] Segmentation fault at 0x00000000000014
ruby 2.4.0dev (2016-08-02 trunk 55799) [x86_64-linux]
(see attached dump)
```

I know ripper cannot parse ERb files.
In Ruby 2.3, `Ripper.sexp(erb_content)` returns nil but following warnings.

```
$ ruby -v
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
$ ruby -rripper -e 'p Ripper.sexp(File.read("ripper_segv.html.erb"))'
-:11: regexp encoding option 'e' differs from source encoding 'UTF-8'
nil
```



---Files--------------------------------
ripper_segv.html.erb (443 Bytes)
ripper_segv.dump.txt (13.7 KB)
ripper_segv.gdb.txt (5.12 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>