From: s.wanabe@...
Date: 2016-11-27T15:00:07+00:00
Subject: [ruby-core:78393] [Ruby trunk Bug#12950] irb: 'input-method.rb:151: [BUG] Segmentation fault' / 'malloc(): smallbin double linked list corrupted'

Issue #12950 has been updated by _ wanabe.


Umm, I guess the issue may be readine's and this can be reproduced without ruby.

```
#include <stdio.h>
#include <readline/readline.h>

int main() {
    FILE *fp;

    rl_outstream = NULL;

    while(1) {
        fp = fdopen(dup(fileno(stdout)), "w");
        if (rl_outstream) fclose(rl_outstream);
        rl_outstream = fp;
        readline(">");
    }
    return 0;
}
```

Above code causes SEGV when you press return.
It looks like the same as this issue and seems to be related the difference of rl_outstream and _rl_out_stream.

I read readline-6.3 and imagine the flow: (http://git.savannah.gnu.org/cgit/readline.git/commit/?id=a73b98f779b388a5d0624e02e8bb187246e3e396)
readline() calls rl_prep_terminal() before readline_internal().
rl_prep_terminal() calls `_rl_control_keypad()` -> tputs() -> `_rl_output_character_function(c)` -> `putc (c, _rl_out_stream);`.
readline_internal() sets `_rl_out_stream = rl_outstream;` in readline_internal_setup().
So, readline() outputs string keypad-start code to old _rl_out_stream.

----------------------------------------
Bug #12950: irb: 'input-method.rb:151: [BUG] Segmentation fault' / 'malloc(): smallbin double linked list corrupted'
https://bugs.ruby-lang.org/issues/12950#change-61767

* Author: dota? =op dota? =op
* Status: Feedback
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
i'm getting stuff liek this:
```
/usr/lib/ruby/2.3.0/irb/input-method.rb:151: [BUG] Segmentation fault at 0x00000000000000
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
```
and this:
```
*** Error in `/usr/bin/ruby': malloc(): smallbin double linked list corrupted: 0x0000564c509fa040 ***
```

randomly on rails console. it seems readline-related.

i managed to reproduce by repeating commands until crash occurred, logs attached.

---Files--------------------------------
ERORR2 (32.7 KB)
ERORR (255 KB)
ERORR3 (31.1 KB)
ERORR4 (12 KB)
.inputrc (43 Bytes)
inputrc (1.68 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>