From: usa@...
Date: 2014-09-05T05:10:59+00:00
Subject: [ruby-dev:48524] [ruby-trunk - Bug #10127] WIN32OLE segfaults

Issue #10127 has been updated by Usaku NAKAMURA.

Backport changed from 2.0.0: REQUIRED, 2.1: DONE to 2.0.0: DONE, 2.1: DONE

backported into `ruby_2_0_0` at r47405.

----------------------------------------
Bug #10127: WIN32OLE segfaults
https://bugs.ruby-lang.org/issues/10127#change-48672

* Author: Nobuyoshi Nakada
* Status: Closed
* Priority: Normal
* Assignee: Masaki Suketa
* Category: platform/windows
* Target version: current: 2.2.0
* ruby -v: trunk
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
`fole_initialize()`では引数を`StringValue()`で変換していますが、`ole_create_dcom()`には変換前の引数がそのまま渡されています。
そのため、`to_str`メソッドを持つオブジェクトをホスト名とともに渡すと、不正なアクセスが起きます。
分かりやすい例では、`NilClass#to_str`などを追加すればSEGVします。

https://github.com/nobu/ruby/compare/win32ole-fix

~~~
$ ./x64-mswin32_120/bin/ruby -rwin32ole -e 'class NilClass; alias to_str to_s; end; WIN32OLE.new(nil, "localhost") rescue p $!.message'
-e:1: [BUG] Segmentation fault
ruby 2.2.0dev (2014-08-12 trunk 47145) [x64-mswin64_120]

-- Control frame information -----------------------------------------------
c:0004 p:---- s:0011 e:000010 CFUNC  :initialize
c:0003 p:---- s:0009 e:000008 CFUNC  :new
c:0002 p:0024 s:0004 E:001738 EVAL   -e:1 [FINISH]
c:0001 p:0000 s:0002 E:001438 TOP    [FINISH]

-- Ruby level backtrace information ----------------------------------------
-e:1:in `<main>'
-e:1:in `new'
-e:1:in `initialize'

-- C level backtrace information -------------------------------------------
C:\Windows\SYSTEM32\ntdll.dll(NtWaitForSingleObject+0xa) [0x00000000770D12FA]
C:\Windows\system32\KERNELBASE.dll(WaitForSingleObjectEx+0x9c) [0x000007FEFD1D10DC]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_print_backtrace+0x34) [0x000007FEF12A39C4] c:\users\nobu\work\ruby\trunk\src\vm_dump.c:711
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_vm_bugreport+0x6f) [0x000007FEF12A3A3B] c:\users\nobu\work\ruby\trunk\src\vm_dump.c:973
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_bug_context+0x5e) [0x000007FEF11EF09A] c:\users\nobu\work\ruby\trunk\src\error.c:391
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(sigsegv+0x69) [0x000007FEF1252701] c:\users\nobu\work\ruby\trunk\src\signal.c:831
C:\Windows\system32\MSVCR120.dll(XcptFilter+0x1a9) [0x000007FEF4A0FC99]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(__tmainCRTStartup$filt$0+0x16) [0x000000013F8B16D6] f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c:666
C:\Windows\system32\MSVCR120.dll(_C_specific_handler+0x93) [0x000007FEF4A0F2CB]
C:\Windows\SYSTEM32\ntdll.dll(RtlDecodePointer+0xad) [0x00000000770A9D2D]
C:\Windows\SYSTEM32\ntdll.dll(RtlUnwindEx+0xbbf) [0x00000000770991CF]
C:\Windows\SYSTEM32\ntdll.dll(KiUserExceptionDispatcher+0x2e) [0x00000000770D1248]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_encoding2cp+0x9) [0x000007FEFA0F6A89] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:638
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_vstr2wc+0x47) [0x000007FEFA0FA4A3] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:1017
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_create_dcom+0xad) [0x000007FEFA0F6761] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:2317
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(fole_initialize+0xeb) [0x000007FEFA0F3BE7] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:2904
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0_cfunc_with_frame+0x11b) [0x000007FEF11E3E07] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:124
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0_body+0x31c) [0x000007FEF11E3C74] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:179
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0+0x44) [0x000007FEF11E3950] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:55
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_call0+0xae) [0x000007FEF11DF1EE] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:334
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_funcallv+0x25) [0x000007FEF11E0289] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:811
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_class_new_instance+0x2c) [0x000007FEF11FF394] c:\users\nobu\work\ruby\trunk\src\object.c:1879
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call_cfunc_with_frame+0x12d) [0x000007FEF11E4105] c:\users\nobu\work\ruby\trunk\src\vm_insnhelper.c:1522
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call_general+0x3d9) [0x000007FEF11E4589] c:\users\nobu\work\ruby\trunk\src\vm_insnhelper.c:1957
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_exec_core+0xf96) [0x000007FEF11E7D3E] c:\users\nobu\work\ruby\trunk\x64-mswin32_120\vm.inc:1422
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_exec+0xb9) [0x000007FEF11E65B9] c:\users\nobu\work\ruby\trunk\src\vm.c:1377
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_iseq_eval_main+0x81) [0x000007FEF11E04F1] c:\users\nobu\work\ruby\trunk\src\vm.c:1647
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_exec_internal+0xcb) [0x000007FEF11A6FA3] c:\users\nobu\work\ruby\trunk\src\eval.c:255
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_exec_node+0x1d) [0x000007FEF11A6FFD] c:\users\nobu\work\ruby\trunk\src\eval.c:318
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_run_node+0x30) [0x000007FEF11A728C] c:\users\nobu\work\ruby\trunk\src\eval.c:309
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(main+0x40) [0x000000013F8B1040] c:\users\nobu\work\ruby\trunk\src\main.c:38
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(__tmainCRTStartup+0x10f) [0x000000013F8B12A7] f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c:626
C:\Windows\system32\kernel32.dll(BaseThreadInitThunk+0xd) [0x0000000076E759ED]

-- Other runtime information -----------------------------------------------

* Loaded script: -e

* Loaded features:

    0 enumerator.so
    1 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/encdb.so
    2 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/windows_31j.so
    3 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/trans/transdb.so
    4 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/win32ole.so

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
~~~




-- 
https://bugs.ruby-lang.org/