[#89555] [Ruby trunk Feature#15251] Hash aset should deduplicate non tainted string — chopraanmol1@...
Issue #15251 has been updated by chopraanmol1 (Anmol Chopra).
3 messages
2018/10/25
[#89583] [PATCH] vm_trace.c (postponed_job_register): only hit main thread — Eric Wong <normalperson@...>
@hsbt: I post here on ruby-core because I hit errors with
5 messages
2018/10/27
[#89584] Re: [PATCH] vm_trace.c (postponed_job_register): only hit main thread
— Koichi Sasada <ko1@...>
2018/10/27
thank you for you patch.
[#89590] Re: [PATCH] vm_trace.c (postponed_job_register): only hit main thread
— Eric Wong <normalperson@...>
2018/10/28
Koichi Sasada <ko1@atdot.net> wrote:
[#89621] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — Greg.mpls@...
Issue #14867 has been updated by MSP-Greg (Greg L).
4 messages
2018/10/29
[#89622] Re: [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process
— Eric Wong <normalperson@...>
2018/10/29
Greg.mpls@gmail.com wrote:
[#89627] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been updated by k0kubun (Takashi Kokubun).
3 messages
2018/10/30
[#89654] [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process — takashikkbn@...
Issue #14867 has been updated by k0kubun (Takashi Kokubun).
4 messages
2018/10/31
[#89655] Re: [Ruby trunk Bug#14867] Process.wait can wait for MJIT compiler process
— Eric Wong <normalperson@...>
2018/10/31
takashikkbn@gmail.com wrote:
[ruby-core:89250] [Ruby trunk Bug#15189] Multiple OOB reads (of size 4) in rb_bigzero_p
From:
nobu@...
Date:
2018-10-02 12:26:49 UTC
List:
ruby-core #89250
Issue #15189 has been updated by nobu (Nobuyoshi Nakada). Thank you for the report. Your reproducers seem often duplicated, and note that `\0` is treated as the EOF in the parser and anything after it has no effect at all. Reduced (but not smallest) code are: ``` crash01/reproducer:111r+11**-11111161111111 crash02/reproducer:1118111111111**-1111111111111111**1+1==11111 crash03/reproducer:-1111111**-1111*11 - -1111111** -111111111 crash04/reproducer:1118111111111** -1111111111111111**1+11111111111**1 ===111 crash05/reproducer:11** -111155555555555555 -55 !=5-555 crash07/reproducer:1 + 111111111**-1111811111 crash08/reproducer:18111111111**-1111111111111111**1 + 1111111111**-1111**1 crash10/reproducer:-7 - -1111111** -1111**11 crash12/reproducer:1118111111111** -1111111111111111**1 + 1111 - -1111111** -1111*111111111119 crash13/reproducer:1.0i - -1111111** -111111111 crash14/reproducer:11111**111111111**111111 * -11111111111111111111**-111111111111 crash15/reproducer:~1**1111 + -~1**~1**111 crash17/reproducer:11** -1111111**1111 /11i crash18/reproducer:5555i**-5155 - -9111111**-1111**11 crash19/reproducer:111111 < 111111*-11111111111111111111**-1111111111111111 crash20/reproducer:1111**111-11**-11111**11 crash21/reproducer:11**-10111111119-1i -1r ``` ---------------------------------------- Bug #15189: Multiple OOB reads (of size 4) in rb_bigzero_p https://bugs.ruby-lang.org/issues/15189#change-74274 * Author: bannable (Joe Truba) * Status: Open * Priority: Normal * Assignee: * Target version: * ruby -v: ruby 2.6.0dev (2018-10-01 trunk 64894) [x86_64-linux] * Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN ---------------------------------------- An AFL fuzzing session against 6b4d78fc43 this weekend and turned up 17 crashes in rb_bigzero_p. I suspect that all of these are the same underlying bug -- they are all a 4 byte OOB read in rb_bigzero_p -- so I'm including all of them in this single issue. If you'd like me to report each of these separately let me know and I'll happily do that. For each reproducer, I have included: * the reproducer * stdout from ruby * gdb backtrace * valgrind report ---Files-------------------------------- crashes.rb_bigzero_p.zip (104 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>