From: s.wanabe@...
Date: 2018-04-02T23:50:36+00:00
Subject: [ruby-core:86437] [Ruby trunk Bug#14660] RubyVM::InstructionSequence.load_from_binary(bin).eval may cause SEGV after r62856

Issue #14660 has been reported by wanabe (_ wanabe).

----------------------------------------
Bug #14660: RubyVM::InstructionSequence.load_from_binary(bin).eval may cause SEGV after r62856
https://bugs.ruby-lang.org/issues/14660

* Author: wanabe (_ wanabe)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
A certain script can cause SEGV when ISeq#to_binary -> load_from_binary -> eval.

```
$ ./miniruby -ve 'str = "class P; def p; end; def q; end; E = \"\"; N = \"\#{E}\"; attr_reader :i; end"; iseq = RubyVM::InstructionSequence.compile(str); bin = iseq.to_binary; RubyVM::InstructionSequence.load_from_binary(bin).eval'
ruby 2.6.0dev (2018-04-02 trunk 63063) [x86_64-linux]
Segmentation fault (core dumped)
```

(Note above script is shortened version of "minitest/pride_plugin.rb")

`git bisect` shows it is since r62856, but I don't know the commit is "bad" or not.
It may make apparent a hidden bug, or increase the probability of reproduction.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>