[#87467] [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError — mofezilla@...
Issue #14841 has been reported by hirura (Hiroyuki URANISHI).
3 messages
2018/06/10
[#87515] [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError — hirura@...
Issue #14841 has been updated by hirura (Hiroyuki URANISHI).
7 messages
2018/06/19
[#87516] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— Eric Wong <normalperson@...>
2018/06/19
hirura@gmail.com wrote:
[#87517] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— Eric Wong <normalperson@...>
2018/06/19
Sorry, I left this out: If you can reproduce it again, can you
[#87519] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— hirura <hirura@...>
2018/06/19
Hi Eric,
[#87521] Re: [Ruby trunk Bug#14841] Very rarely IO#readpartial does not raise EOFError
— Eric Wong <normalperson@...>
2018/06/19
hirura <hirura@gmail.com> wrote:
[#87541] [Ruby trunk Feature#14859] [PATCH] implement Timeout in VM — normalperson@...
Issue #14859 has been reported by normalperson (Eric Wong).
4 messages
2018/06/21
[#87570] [Ruby trunk Feature#14859] [PATCH] implement Timeout in VM — eregontp@...
Issue #14859 has been updated by Eregon (Benoit Daloze).
4 messages
2018/06/21
[#87605] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been reported by k0kubun (Takashi Kokubun).
3 messages
2018/06/23
[#87614] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — normalperson@...
Issue #14867 has been updated by normalperson (Eric Wong).
4 messages
2018/06/23
[#87631] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been updated by k0kubun (Takashi Kokubun).
5 messages
2018/06/25
[#87635] Re: [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process
— Eric Wong <normalperson@...>
2018/06/25
takashikkbn@gmail.com wrote:
[#87665] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — eregontp@...
Issue #14867 has been updated by Eregon (Benoit Daloze).
4 messages
2018/06/28
[#87710] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — Greg.mpls@...
Issue #14867 has been updated by MSP-Greg (Greg L).
3 messages
2018/06/30
[ruby-core:87450] [Ruby trunk Bug#14834] rb_profile_frames SEGV when PC adjusted on IFUNC
From:
ashe@...
Date:
2018-06-08 05:13:50 UTC
List:
ruby-core #87450
Issue #14834 has been updated by kivikakk (Ashe Connor).
It's also worth noting:
* is the increment of `pc` with `ec->cfp->pc++` correct? What if the instruction is multiple values wide?
* there are similar `pc` increment/decrement pairs around `EXEC_EVENT_HOOK` calls in `vm_trace`. Do we need to address these too?
Ping @tenderlovemaking as he helped me with this.
----------------------------------------
Bug #14834: rb_profile_frames SEGV when PC adjusted on IFUNC
https://bugs.ruby-lang.org/issues/14834#change-72442
* Author: kivikakk (Ashe Connor)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
* ruby -v: ruby 2.6.0dev (2018-06-08 trunk 63606) [x86_64-linux]
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
Since r62052, we increment `ec->cfp->pc` by one pointer width (e.g. 8 bytes) in `gc_event_hook_body` around the `EXEC_EVENT_HOOK` call.
This becomes a problem when the hook is on an IFUNC: in this case, `pc == 0x0`, meaning we increment it to a non-zero value during that call.
`rb_profile_frames` uses the following check to determine if frame info should be recorded:
~~~ c
if (cfp->iseq && cfp->pc) {
~~~
The example here is [`stackprof`](https://github.com/tmm1/stackprof/blob/58d65ffa801ed27f013d573148783694526c7426/ext/stackprof/stackprof.c#L486), which calls `rb_profile_frames` in a gc event hook. This will segfault currently, as the above check will pass.
`calc_lineno` then attempts to calculate the line number:
~~~ c
size_t pos = (size_t)(pc - iseq->body->iseq_encoded);
~~~
This fails for a variety of reasons: `iseq_encoded` isn't valid because `iseq` isn't an `rb_iseq_t` underneath, producing an essentially random value, and `pc` is 0x8, so we underflow and eventually cause an overrun in `succ_index_lookup` with a huge `pos` argument.
We instead only adjust PC if it appears to be a valid pointer in the first place.
---Files--------------------------------
pc-treatment.diff (777 Bytes)
--
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>