From: merch-redmine@...
Date: 2020-04-11T00:51:17+00:00
Subject: [ruby-core:97820] [Ruby master Bug#16771] Segmentation fault when inspecting a bound method

Issue #16771 has been updated by jeremyevans0 (Jeremy Evans).


I can reproduce this in 2.7.1, but not on master.  Here's debugging information:

```
(gdb) bt
#0  0x00000bbf2523f290 in rb_funcallv_with_cc (cd=0xbbf25296430 <rb_inspect.rb_funcallv_data>, recv=12912719941280, mid=2753, argc=0, argv=0x0) at ./vm_eval.c:1012
#1  0x00000bbf2512f8cf in rb_inspect (obj=12912719941288) at object.c:680
#2  0x00000bbf251678cb in method_inspect (method=12913381588560) at proc.c:2854
#3  0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#4  vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f20, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#5  0x00000bbf2523ae24 in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbe82436780, block_handler=0, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#6  vm_exec_core (ec=<optimized out>, initial=<optimized out>) at insns.def:801
#7  0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#8  0x00000bbf25244327 in vm_yield (ec=0xbbf25296430 <rb_inspect.rb_funcallv_data>, argc=1, argv=<optimized out>, kw_splat=0) at vm.c:1179
#9  rb_yield_0 (argc=1, argv=<optimized out>) at ./vm_eval.c:1227
#10 rb_yield_1 (val=<optimized out>) at ./vm_eval.c:1233
#11 0x00000bbf25129918 in int_dotimes (num=200001) at numeric.c:5201
#12 0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#13 vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f90, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#14 0x00000bbf2523471b in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbf4722cef0, block_handler=<optimized out>, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#15 vm_exec_core (ec=0xbbf3908ba50, initial=<optimized out>) at insns.def:782
#16 0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#17 0x00000bbf250a094b in rb_ec_exec_node (ec=<optimized out>, n=<optimized out>) at eval.c:278
#18 ruby_run_node (n=<optimized out>) at eval.c:336
#19 0x00000bbc64c0139c in main (argc=<optimized out>, argv=<optimized out>) at ./main.c:50
(gdb) print *cd
$1 = {cc = {method_state = 140, class_serial = {6, 0, 0}, me = 0xbbea185bdb0, method_serial = 42, call = 0xbbf252339a0 <vm_call_general>, aux = {index = 0, method_missing_reason = MISSING_NOENTRY}}, ci = {mid = 2753, flag = 0, orig_argc = 0}}
(gdb) print *(cd->cc->me)
$2 = {flags = 9535493, defined_class = 12914954958280, def = 0x646f6874654d, called_id = 0, owner = 0}
(gdb) print *(cd->cc->me->def)
Cannot access memory at address 0x646f6874654d
```

----------------------------------------
Bug #16771: Segmentation fault when inspecting a bound method
https://bugs.ruby-lang.org/issues/16771#change-85041

* Author: decuplet (Nikita Shilnikov)
* Status: Open
* Priority: Normal
* ruby -v: 2.7.1
* Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN
----------------------------------------
This piece of code leads to a crash in ruby 2.7.1.

```ruby
bound_method = Kernel.instance_method(:respond_to?).bind(Object.new)
100000.times { bound_method.inspect }
```

I cannot reproduce the error in 2.7.0 so this must be new.
I attached the output, didn't bother with the crash report log, though. It should be easily reproducible since I found it on CI which runs a different OS.

---Files--------------------------------
output.txt (41.3 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>