From: integ3rs@... Date: 2017-05-24T06:12:31+00:00 Subject: [ruby-core:81367] [Ruby trunk Bug#13596] Segfault when catching SystemStackError in eval Issue #13596 has been updated by mjones (Morgan Jones). Here's a GDB trace with VMDEBUG=1 for a Ruby 2.4.1 checkout: ~~~ text $ gdb --args ./miniruby -e "code = '+1' * 100000; 2.times {begin; eval(code); rescue SystemStackError; end}" GNU gdb (GDB) 7.12.1 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./miniruby...done. warning: File "/home/numinit/ruby/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load". To enable execution of this file add add-auto-load-safe-path /home/numinit/ruby/.gdbinit line to your configuration file "/home/numinit/.gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/home/numinit/.gdbinit". For more information about this security protection see the "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" (gdb) run Starting program: /home/numinit/ruby/miniruby -e code\ =\ \'+1\'\ \*\ 100000\;\ 2.times\ \{begin\;\ eval\(code\)\;\ rescue\ SystemStackError\;\ end\} [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". [New Thread 0x7ffff7e59700 (LWP 16284)] | 0000 trace 1 ( 1) | 0002 putstring "+1" | 0004 putobject 100000 | 0006 opt_mult , | 0009 setlocal_OP__WC__0 3 | 0011 putobject 2 | 0013 send , , block in
| 0000 trace 256 ( 1) | 0002 trace 1 | 0004 putself | 0005 getlocal_OP__WC__1 3 | 0007 opt_send_without_block , Thread 1 "miniruby" received signal SIGSEGV, Segmentation fault. iseq_compile_each (iseq=iseq@entry=0x555556709bc0, ret=ret@entry=0x7fffff7ff0d0, node=0x5555565c45f8, popped=popped@entry=0) at compile.c:3961 3961 { => 0x00005555555afeea : 89 4c 24 08 mov DWORD PTR [rsp+0x8],ecx (gdb) list 3956 node: Ruby compiled node 3957 popped: This node will be popped 3958 */ 3959 static int 3960 iseq_compile_each(rb_iseq_t *iseq, LINK_ANCHOR *const ret, NODE *node, int popped) 3961 { 3962 enum node_type type; 3963 LINK_ELEMENT *saved_last_element = 0; 3964 int line; 3965 (gdb) ~~~ ---------------------------------------- Bug #13596: Segfault when catching SystemStackError in eval https://bugs.ruby-lang.org/issues/13596#change-65061 * Author: mjones (Morgan Jones) * Status: Open * Priority: Normal * Assignee: * Target version: * ruby -v: ruby 2.4.1p111 (2017-03-22 revision 58053) [x86_64-linux] * Backport: 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN ---------------------------------------- This minimal testcase will crash most ruby versions with a SIGSEGV (though it's likely that other constructions could trigger the same behavior): ~~~ ruby -e "code = '+1' * 100000; 2.times {begin; eval(code); rescue SystemStackError; end}" ~~~ It seems that the crash is triggered by attempting to access the stack redzone. -- https://bugs.ruby-lang.org/ Unsubscribe: