From: fumfi.255@... Date: 2017-08-22T12:36:22+00:00 Subject: [ruby-core:82447] [Ruby trunk Bug#13836] Null pointer dereference in defined_expr0() Issue #13836 has been reported by fumfel (Kamil Frankowicz). ---------------------------------------- Bug #13836: Null pointer dereference in defined_expr0() https://bugs.ruby-lang.org/issues/13836 * Author: fumfel (Kamil Frankowicz) * Status: Open * Priority: Normal * Assignee: * Target version: * ruby -v: ruby 2.5.0dev (2017-08-03) [x86_64-linux] * Backport: 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN ---------------------------------------- After some fuzz testing I found a crashing test case. To reproduce: miniruby ruby_null_ptr_defined_expr0 Context: ~~~ ruby_null_ptr_defined_expr0: [BUG] Segmentation fault at 0x0000000000000000 ruby 2.5.0dev (2017-08-03) [x86_64-linux] -- Control frame information ----------------------------------------------- c:0001 p:0000 s:0003 E:000c40 (none) [FINISH] -- Machine register context ------------------------------------------------ RIP: 0x0000564af314ea5d RBP: 0x0000564af459e378 RSP: 0x00007ffe96951370 RAX: 0x0000000000001adc RBX: 0x0000564af37bb9e0 RCX: 0x0000564af37cccf0 RDX: 0x0000000000000000 RDI: 0x0000564af459de28 RSI: 0x00007ffe969519b0 R8: 0x0000000000000000 R9: 0x0000000000000001 R10: 0x0000564af468cc80 R11: 0x0000000000000001 R12: 0x00007ffe969519b0 R13: 0x00007ffe96951780 R14: 0x0000564af459de28 R15: 0xfffffffffffffffc EFL: 0x0000000000010206 -- C level backtrace information ------------------------------------------- XYZ/ruby/miniruby(rb_vm_bugreport+0x2b7) [0x564af34e2177] vm_dump.c:671 XYZ/ruby/miniruby(rb_bug_context+0x2e6) [0x564af319bc56] error.c:539 XYZ/ruby/miniruby(sigsegv+0x6e) [0x564af33a41de] signal.c:930 /lib/x86_64-linux-gnu/libpthread.so.0 [0x7f72a9761390] XYZ/ruby/miniruby(defined_expr0+0x3d) [0x564af314ea5d] compile.c:3631 XYZ/ruby/miniruby(defined_expr0+0xc24) [0x564af314f644] compile.c:3737 XYZ/ruby/miniruby(defined_expr0+0x41d) [0x564af314ee3d] compile.c:3654 XYZ/ruby/miniruby(defined_expr0+0xb8e) [0x564af314f5ae] compile.c:3733 XYZ/ruby/miniruby(defined_expr0+0x41d) [0x564af314ee3d] compile.c:3654 XYZ/ruby/miniruby(defined_expr0+0xb8e) [0x564af314f5ae] compile.c:3733 XYZ/ruby/miniruby(defined_expr0+0xc24) [0x564af314f644] compile.c:3737 XYZ/ruby/miniruby(defined_expr0+0xc24) [0x564af314f644] compile.c:3737 XYZ/ruby/miniruby(defined_expr+0x4c) [0x564af314a8fc] compile.c:3807 XYZ/ruby/miniruby(compile_defined_expr+0x27a) [0x564af314cffa] compile.c:3839 XYZ/ruby/miniruby(iseq_compile_each0+0x3e13) [0x564af3132bb3] compile.c:6310 XYZ/ruby/miniruby(iseq_compile_each0+0xb52) [0x564af312f8f2] compile.c:4285 XYZ/ruby/miniruby(iseq_compile_each0+0xb52) [0x564af312f8f2] compile.c:4285 XYZ/ruby/miniruby(compile_array+0x6c5) [0x564af314b5e5] compile.c:4285 XYZ/ruby/miniruby(setup_args+0x52a) [0x564af314a5fa] compile.c:3996 XYZ/ruby/miniruby(iseq_compile_each0+0x9319) [0x564af31380b9] compile.c:5464 XYZ/ruby/miniruby(compile_array+0x6c5) [0x564af314b5e5] compile.c:4285 XYZ/ruby/miniruby(setup_args+0x52a) [0x564af314a5fa] compile.c:3996 XYZ/ruby/miniruby(iseq_compile_each0+0x9319) [0x564af31380b9] compile.c:5464 XYZ/ruby/miniruby(iseq_compile_each0+0x108f) [0x564af312fe2f] compile.c:4285 XYZ/ruby/miniruby(iseq_compile_each0+0xbe55) [0x564af313abf5] compile.c:4285 XYZ/ruby/miniruby(rb_iseq_compile_node+0x8e7) [0x564af311dd07] compile.c:4285 XYZ/ruby/miniruby(rb_iseq_new_with_opt+0xbf) [0x564af323d61f] iseq.c:505 XYZ/ruby/miniruby(rb_iseq_new_main+0x7b) [0x564af323dadb] iseq.c:475 XYZ/ruby/miniruby(ruby_process_options+0x1e90) [0x564af3397410] ruby.c:1727 XYZ/ruby/miniruby(ruby_options+0x1b6) [0x564af31ac526] eval.c:105 XYZ/ruby/miniruby(main+0x81) [0x564af30a1981] ./main.c:42 -- Other runtime information ----------------------------------------------- * Loaded script: ruby_null_ptr_defined_expr0 * Loaded features: 0 enumerator.so 1 thread.rb 2 rational.so 3 complex.so * Process memory map: 564af307c000-564af35b6000 r-xp 00000000 fc:00 548227 XYZ/ruby/miniruby 564af37b5000-564af37bb000 r--p 00539000 fc:00 548227 XYZ/ruby/miniruby 564af37bb000-564af37bc000 rw-p 0053f000 fc:00 548227 XYZ/ruby/miniruby 564af37bc000-564af37dd000 rw-p 00000000 00:00 0 564af4575000-564af46af000 rw-p 00000000 00:00 0 [heap] 7f72a7910000-7f72a7ad9000 r--s 00000000 fc:00 415265 /lib/x86_64-linux-gnu/libc-2.23.so 7f72a7ad9000-7f72a8753000 r--s 00000000 fc:00 548227 XYZ/ruby/miniruby 7f72a8753000-7f72a8769000 r-xp 00000000 fc:00 392981 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f72a8769000-7f72a8968000 ---p 00016000 fc:00 392981 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f72a8968000-7f72a8969000 rw-p 00015000 fc:00 392981 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f72a8969000-7f72a8c41000 r--p 00000000 fc:00 15064 /usr/lib/locale/locale-archive 7f72a8c41000-7f72a8e01000 r-xp 00000000 fc:00 415265 /lib/x86_64-linux-gnu/libc-2.23.so 7f72a8e01000-7f72a9001000 ---p 001c0000 fc:00 415265 /lib/x86_64-linux-gnu/libc-2.23.so 7f72a9001000-7f72a9005000 r--p 001c0000 fc:00 415265 /lib/x86_64-linux-gnu/libc-2.23.so 7f72a9005000-7f72a9007000 rw-p 001c4000 fc:00 415265 /lib/x86_64-linux-gnu/libc-2.23.so 7f72a9007000-7f72a900b000 rw-p 00000000 00:00 0 7f72a900b000-7f72a9113000 r-xp 00000000 fc:00 415260 /lib/x86_64-linux-gnu/libm-2.23.so 7f72a9113000-7f72a9312000 ---p 00108000 fc:00 415260 /lib/x86_64-linux-gnu/libm-2.23.so 7f72a9312000-7f72a9313000 r--p 00107000 fc:00 415260 /lib/x86_64-linux-gnu/libm-2.23.so 7f72a9313000-7f72a9314000 rw-p 00108000 fc:00 415260 /lib/x86_64-linux-gnu/libm-2.23.so 7f72a9314000-7f72a931d000 r-xp 00000000 fc:00 415247 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7f72a931d000-7f72a951c000 ---p 00009000 fc:00 415247 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7f72a951c000-7f72a951d000 r--p 00008000 fc:00 415247 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7f72a951d000-7f72a951e000 rw-p 00009000 fc:00 415247 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7f72a951e000-7f72a954c000 rw-p 00000000 00:00 0 7f72a954c000-7f72a954f000 r-xp 00000000 fc:00 415254 /lib/x86_64-linux-gnu/libdl-2.23.so 7f72a954f000-7f72a974e000 ---p 00003000 fc:00 415254 /lib/x86_64-linux-gnu/libdl-2.23.so 7f72a974e000-7f72a974f000 r--p 00002000 fc:00 415254 /lib/x86_64-linux-gnu/libdl-2.23.so 7f72a974f000-7f72a9750000 rw-p 00003000 fc:00 415254 /lib/x86_64-linux-gnu/libdl-2.23.so 7f72a9750000-7f72a9768000 r-xp 00000000 fc:00 415248 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f72a9768000-7f72a9967000 ---p 00018000 fc:00 415248 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f72a9967000-7f72a9968000 r--p 00017000 fc:00 415248 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f72a9968000-7f72a9969000 rw-p 00018000 fc:00 415248 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f72a9969000-7f72a996d000 rw-p 00000000 00:00 0 7f72a996d000-7f72a9993000 r-xp 00000000 fc:00 415243 /lib/x86_64-linux-gnu/ld-2.23.so 7f72a9a62000-7f72a9a84000 r--s 00000000 fc:00 415248 /lib/x86_64-linux-gnu/libpthread-2.23.so 7f72a9a84000-7f72a9b89000 rw-p 00000000 00:00 0 7f72a9b8c000-7f72a9b8d000 ---p 00000000 00:00 0 7f72a9b8d000-7f72a9b92000 rw-p 00000000 00:00 0 7f72a9b92000-7f72a9b93000 r--p 00025000 fc:00 415243 /lib/x86_64-linux-gnu/ld-2.23.so 7f72a9b93000-7f72a9b94000 rw-p 00026000 fc:00 415243 /lib/x86_64-linux-gnu/ld-2.23.so 7f72a9b94000-7f72a9b95000 rw-p 00000000 00:00 0 7ffe96156000-7ffe96955000 rw-p 00000000 00:00 0 [stack] 7ffe969c9000-7ffe969cb000 r--p 00000000 00:00 0 [vvar] 7ffe969cb000-7ffe969cd000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] ~~~ ---Files-------------------------------- ruby_null_ptr_defined_expr0 (210 Bytes) -- https://bugs.ruby-lang.org/ Unsubscribe: