[ruby-dev:49238] [Ruby trunk - Bug #11486] euc-jpな文字列に対してgsubするとSEGVします
From:
hiraku@...
Date:
2015-08-25 07:14:08 UTC
List:
ruby-dev #49238
Issue #11486 has been updated by Hiraku Kuroda.
2=E7=82=B9=E8=A3=9C=E8=B6=B3=E3=81=97=E3=81=BE=E3=81=99
* =E6=9C=80=E5=88=9D=E3=81=AB=E7=8F=BE=E8=B1=A1=E3=82=92=E7=99=BA=E8=A6=8B=
=E3=81=97=E3=81=9F=E3=81=A8=E3=81=8D=E3=81=AF euc-jp =E3=81=AA=E3=83=95=E3=
=82=A1=E3=82=A4=E3=83=AB=E3=82=92=E8=AA=AD=E3=81=BF=E8=BE=BC=E3=82=93=E3=81=
=A7 `String#gsub!` =E3=81=97=E3=81=9F=E3=82=89=E7=99=BA=E7=94=9F=E3=81=97=
=E3=81=9F=E3=81=AE=E3=81=A7=E3=81=99=E3=81=8C=E3=80=81=E3=82=B5=E3=83=B3=E3=
=83=97=E3=83=AB=E3=82=B9=E3=82=AF=E3=83=AA=E3=83=97=E3=83=88=E3=81=A7=E3=81=
=AF=E3=83=AB=E3=83=BC=E3=83=97=E3=81=AE=E4=B8=AD=E3=81=AE `encode("euc-jp")=
` =E3=82=92=E5=A4=96=E3=81=97=E3=81=A6=E3=83=AB=E3=83=BC=E3=83=97=E3=81=AE=
=E5=BE=8C=E3=81=A7=E3=81=BE=E3=81=A8=E3=82=81=E3=81=A6 `src.encode!("euc-jp=
")` =E3=81=A8=E3=81=99=E3=82=8B=E3=81=A8=E3=80=81SEGV=E3=81=8C=E8=B5=B7=E3=
=81=93=E3=82=8A=E3=81=BE=E3=81=9B=E3=82=93
* `src.gsub` =E4=B8=AD=E3=81=AE=E6=AD=A3=E8=A6=8F=E8=A1=A8=E7=8F=BE=E3=81=
=AF `i` =E3=82=AA=E3=83=97=E3=82=B7=E3=83=A7=E3=83=B3=E3=82=92=E5=A4=96=E3=
=81=99=E3=81=A8SEGV=E3=81=97=E3=81=AA=E3=81=8F=E3=81=AA=E3=82=8A=E3=81=BE=
=E3=81=99
=E5=8F=82=E8=80=83=E3=81=AB=E3=81=97=E3=81=A6=E3=81=84=E3=81=9F=E3=81=A0=E3=
=81=91=E3=82=8C=E3=81=B0=E5=B9=B8=E3=81=84=E3=81=A7=E3=81=99=E3=80=82
----------------------------------------
Bug #11486: euc-jp=E3=81=AA=E6=96=87=E5=AD=97=E5=88=97=E3=81=AB=E5=AF=BE=E3=
=81=97=E3=81=A6gsub=E3=81=99=E3=82=8B=E3=81=A8SEGV=E3=81=97=E3=81=BE=E3=81=
=99
https://bugs.ruby-lang.org/issues/11486#change-53990
* Author: Hiraku Kuroda
* Status: Open
* Priority: Normal
* Assignee:=20
* ruby -v: ruby 2.3.0dev (2015-08-25 trunk 51677) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
euc-jp=E3=81=A7=E8=A8=98=E8=BF=B0=E3=81=95=E3=82=8C=E3=81=9Finvalid=E3=81=
=AAhtml=E3=82=92=E7=BD=AE=E6=8F=9B=E5=87=A6=E7=90=86=E3=81=A7valid=E3=81=AB=
=E3=81=99=E3=82=8B=E3=82=B9=E3=82=AF=E3=83=AA=E3=83=97=E3=83=88=E3=82=92=E4=
=BD=9C=E3=81=A3=E3=81=A6=E3=81=84=E3=81=9F=E3=81=AE=E3=81=A7=E3=81=99=E3=81=
=8C=E3=80=81=E6=96=87=E5=AD=97=E5=88=97=E3=82=92 `String#gsub` =E3=81=99=E3=
=82=8B=E9=83=A8=E5=88=86=E3=81=A7SEGV=E3=81=8C=E7=99=BA=E7=94=9F=E3=81=97=
=E3=81=BE=E3=81=97=E3=81=9F=E3=80=82
=E6=9C=80=E5=88=9D=E3=81=AB=E8=A6=8B=E3=81=A4=E3=81=91=E3=81=9F=E3=81=AE=E3=
=81=AF v2.2.3 =E3=81=A7=E3=81=97=E3=81=9F=E3=81=8C=E3=80=81=E7=8F=BE=E6=99=
=82=E7=82=B9=E3=81=AEtrunk=E3=81=AE r51677 =E3=81=A8 v2.2.0 =E3=81=A7=E3=82=
=82=E8=B5=B7=E3=81=93=E3=82=8A=E3=81=BE=E3=81=97=E3=81=9F=E3=80=82
=E4=BB=A5=E4=B8=8B=E3=81=AF=E5=86=8D=E7=8F=BE=E3=81=95=E3=81=9B=E3=82=8B=E3=
=82=B9=E3=82=AF=E3=83=AA=E3=83=97=E3=83=88=E3=81=A8 r51677 =E3=81=A7=E3=81=
=AE=E5=87=BA=E5=8A=9B=E3=81=A7=E3=81=99=E3=80=82=E3=82=B9=E3=82=AF=E3=83=AA=
=E3=83=97=E3=83=88=E3=81=AFutf-8=E3=81=A7=E6=9B=B8=E3=81=84=E3=81=A6=E3=81=
=84=E3=81=BE=E3=81=99=E3=80=82
=E4=BB=96=E3=81=AB=E5=BF=85=E8=A6=81=E3=81=AA=E6=83=85=E5=A0=B1=E3=81=8C=E3=
=81=82=E3=82=8A=E3=81=BE=E3=81=97=E3=81=9F=E3=82=89=E3=81=8A=E7=9F=A5=E3=82=
=89=E3=81=9B=E3=81=8F=E3=81=A0=E3=81=95=E3=81=84=E3=80=82
~~~
kuroda@charlie:~$ expand -3 segv.rb=20
#!/usr/bin/env ruby
src =3D ""
(19..298).each do |n|
src +=3D ("=E3=81=82"*n + "\r"*n).encode("euc-jp")
end
src.gsub(/xxx/i, "")
puts "OK"
~~~
~~~
kuroda@charlie:~$ /opt/ruby/r51677/bin/ruby -v segv.rb=20
ruby 2.3.0dev (2015-08-25 trunk 51677) [x86_64-linux]
segv.rb:7: [BUG] Segmentation fault at 0x007fc2542e7ee0
ruby 2.3.0dev (2015-08-25 trunk 51677) [x86_64-linux]
-- Control frame information -----------------------------------------------
c:0003 p:---- s:0010 e:000009 CFUNC :gsub
c:0002 p:0023 s:0005 E:001a98 EVAL segv.rb:7 [FINISH]
c:0001 p:0000 s:0002 E:001b80 (none) [FINISH]
-- Ruby level backtrace information ----------------------------------------
segv.rb:7:in `<main>'
segv.rb:7:in `gsub'
-- Machine register context ------------------------------------------------
RIP: 0x00007fc2521c8553 RBP: 0x00007fc25491e7a0 RSP: 0x00007ffe0c58e4d8
RAX: 0x00000000fffffe70 RBX: 0x00007fc2542e8072 RCX: 0x00007ffe0c58e5b0
RDX: 0x00007fc2542e8073 RDI: 0x00007fc2542e7ee0 RSI: 0x00007ffe0c58e590
R8: 0x00007fc25491e7a0 R9: 0x00007fc2521c8d40 R10: 0x00000000000000a2
R11: 0x00007fc2521c8d40 R12: 0x00007fc2542e8070 R13: 0x00007fc254c35e40
R14: 0x00007fc2542e8073 R15: 0x00007ffe0c58e5b0 EFL: 0x0000000000010206
-- C level backtrace information -------------------------------------------
/opt/ruby/r51677/bin/ruby(rb_vm_bugreport+0x4ea) [0x7fc25417180a] vm_dump.c=
:695
/opt/ruby/r51677/bin/ruby(rb_bug_context+0xcb) [0x7fc25414d99b] error.c:422
/opt/ruby/r51677/bin/ruby(sigsegv+0x3e) [0x7fc25405133e] signal.c:886
/lib/x86_64-linux-gnu/libpthread.so.0 [0x7fc253b30d10]
/opt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/euc_jp.so(mbc_case_fold+0x=
3) [0x7fc2521c8553] ./enc/euc_jp.c:373
/opt/ruby/r51677/bin/ruby(forward_search_range+0xba9) [0x7fc254036bc9] rege=
xec.c:3014
/opt/ruby/r51677/bin/ruby(onig_search_gpos+0x6f6) [0x7fc25403e126] regexec.=
c:4162
/opt/ruby/r51677/bin/ruby(onig_search+0x16) [0x7fc25403e6e6] regexec.c:3906
/opt/ruby/r51677/bin/ruby(rb_reg_search0+0xfc) [0x7fc25402283c] re.c:1485
/opt/ruby/r51677/bin/ruby(str_gsub+0x71) [0x7fc254071071] string.c:4443
/opt/ruby/r51677/bin/ruby(vm_call_cfunc+0xf9) [0x7fc2540c8f19] vm_insnhelpe=
r.c:1604
/opt/ruby/r51677/bin/ruby(vm_call_method+0xfe) [0x7fc2540d67fe] vm_insnhelp=
er.c:1984
/opt/ruby/r51677/bin/ruby(vm_exec_core+0x15ee) [0x7fc2540cfb8e] insns.def:9=
76
/opt/ruby/r51677/bin/ruby(vm_exec+0x7f) [0x7fc2540d476f] vm.c:1470
/opt/ruby/r51677/bin/ruby(ruby_exec_internal+0xbf) [0x7fc253f872ef] eval.c:=
244
/opt/ruby/r51677/bin/ruby(ruby_run_node+0x2f) [0x7fc253f8af7f] eval.c:309
/opt/ruby/r51677/bin/ruby(main+0x4b) [0x7fc253f86f0b] parse.y:8801
-- Other runtime information -----------------------------------------------
* Loaded script: segv.rb
* Loaded features:
0 enumerator.so
1 thread.rb
2 rational.so
3 complex.so
4 /opt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/encdb.so
5 /opt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/transdb.so
6 /opt/ruby/r51677/lib/ruby/2.3.0/unicode_normalize.rb
7 /opt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/rbconfig.rb
8 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/compatibility.rb
9 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/defaults.rb
10 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/deprecate.rb
11 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/errors.rb
12 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/version.rb
13 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/requirement.rb
14 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/platform.rb
15 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/basic_specification.rb
16 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/stub_specification.rb
17 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/util/list.rb
18 /opt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/stringio.so
19 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/specification.rb
20 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/exceptions.rb
21 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb
22 /opt/ruby/r51677/lib/ruby/2.3.0/monitor.rb
23 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb
24 /opt/ruby/r51677/lib/ruby/2.3.0/rubygems.rb
25 /opt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/euc_jp.so
26 /opt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/japanese_euc.so
* Process memory map:
7fc250de5000-7fc250fae000 r--s 00000000 08:01 4063545 /l=
ib/x86_64-linux-gnu/libc-2.21.so
7fc250fae000-7fc251d58000 r--s 00000000 00:2a 214972 /o=
pt/ruby/r51677/bin/ruby
7fc251d58000-7fc251d6e000 r-xp 00000000 08:01 4063571 /l=
ib/x86_64-linux-gnu/libgcc_s.so.1
7fc251d6e000-7fc251f6d000 ---p 00016000 08:01 4063571 /l=
ib/x86_64-linux-gnu/libgcc_s.so.1
7fc251f6d000-7fc251f6e000 rw-p 00015000 08:01 4063571 /l=
ib/x86_64-linux-gnu/libgcc_s.so.1
7fc251f6e000-7fc251fc5000 r-xp 00000000 00:2a 215796 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/japanese_euc.so
7fc251fc5000-7fc2521c4000 ---p 00057000 00:2a 215796 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/japanese_euc.so
7fc2521c4000-7fc2521c6000 r--p 00056000 00:2a 215796 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/japanese_euc.so
7fc2521c6000-7fc2521c7000 rw-p 00058000 00:2a 215796 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/japanese_euc.so
7fc2521c7000-7fc2521ca000 r-xp 00000000 00:2a 215789 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/euc_jp.so
7fc2521ca000-7fc2523c9000 ---p 00003000 00:2a 215789 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/euc_jp.so
7fc2523c9000-7fc2523ca000 r--p 00002000 00:2a 215789 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/euc_jp.so
7fc2523ca000-7fc2523cb000 rw-p 00003000 00:2a 215789 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/euc_jp.so
7fc2523cb000-7fc2523d3000 r-xp 00000000 00:2a 215824 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/stringio.so
7fc2523d3000-7fc2525d2000 ---p 00008000 00:2a 215824 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/stringio.so
7fc2525d2000-7fc2525d3000 r--p 00007000 00:2a 215824 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/stringio.so
7fc2525d3000-7fc2525d4000 rw-p 00008000 00:2a 215824 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/stringio.so
7fc2525d4000-7fc2525d6000 r-xp 00000000 00:2a 215794 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/transdb.so
7fc2525d6000-7fc2527d6000 ---p 00002000 00:2a 215794 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/transdb.so
7fc2527d6000-7fc2527d7000 r--p 00002000 00:2a 215794 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/transdb.so
7fc2527d7000-7fc2527d8000 rw-p 00003000 00:2a 215794 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/trans/transdb.so
7fc2527d8000-7fc2527da000 r-xp 00000000 00:2a 215770 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/encdb.so
7fc2527da000-7fc2529d9000 ---p 00002000 00:2a 215770 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/encdb.so
7fc2529d9000-7fc2529da000 r--p 00001000 00:2a 215770 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/encdb.so
7fc2529da000-7fc2529db000 rw-p 00002000 00:2a 215770 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/encdb.so
7fc2529db000-7fc252d92000 r--p 00000000 08:01 1835894 /u=
sr/lib/locale/locale-archive
7fc252d92000-7fc252f52000 r-xp 00000000 08:01 4063545 /l=
ib/x86_64-linux-gnu/libc-2.21.so
7fc252f52000-7fc253152000 ---p 001c0000 08:01 4063545 /l=
ib/x86_64-linux-gnu/libc-2.21.so
7fc253152000-7fc253156000 r--p 001c0000 08:01 4063545 /l=
ib/x86_64-linux-gnu/libc-2.21.so
7fc253156000-7fc253158000 rw-p 001c4000 08:01 4063545 /l=
ib/x86_64-linux-gnu/libc-2.21.so
7fc253158000-7fc25315c000 rw-p 00000000 00:00 0=20
7fc25315c000-7fc253263000 r-xp 00000000 08:01 4063519 /l=
ib/x86_64-linux-gnu/libm-2.21.so
7fc253263000-7fc253462000 ---p 00107000 08:01 4063519 /l=
ib/x86_64-linux-gnu/libm-2.21.so
7fc253462000-7fc253463000 r--p 00106000 08:01 4063519 /l=
ib/x86_64-linux-gnu/libm-2.21.so
7fc253463000-7fc253464000 rw-p 00107000 08:01 4063519 /l=
ib/x86_64-linux-gnu/libm-2.21.so
7fc253464000-7fc25346d000 r-xp 00000000 08:01 4063494 /l=
ib/x86_64-linux-gnu/libcrypt-2.21.so
7fc25346d000-7fc25366c000 ---p 00009000 08:01 4063494 /l=
ib/x86_64-linux-gnu/libcrypt-2.21.so
7fc25366c000-7fc25366d000 r--p 00008000 08:01 4063494 /l=
ib/x86_64-linux-gnu/libcrypt-2.21.so
7fc25366d000-7fc25366e000 rw-p 00009000 08:01 4063494 /l=
ib/x86_64-linux-gnu/libcrypt-2.21.so
7fc25366e000-7fc25369c000 rw-p 00000000 00:00 0=20
7fc25369c000-7fc25369f000 r-xp 00000000 08:01 4063450 /l=
ib/x86_64-linux-gnu/libdl-2.21.so
7fc25369f000-7fc25389e000 ---p 00003000 08:01 4063450 /l=
ib/x86_64-linux-gnu/libdl-2.21.so
7fc25389e000-7fc25389f000 r--p 00002000 08:01 4063450 /l=
ib/x86_64-linux-gnu/libdl-2.21.so
7fc25389f000-7fc2538a0000 rw-p 00003000 08:01 4063450 /l=
ib/x86_64-linux-gnu/libdl-2.21.so
7fc2538a0000-7fc25391e000 r-xp 00000000 08:01 1835614 /u=
sr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7fc25391e000-7fc253b1e000 ---p 0007e000 08:01 1835614 /u=
sr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7fc253b1e000-7fc253b1f000 r--p 0007e000 08:01 1835614 /u=
sr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7fc253b1f000-7fc253b20000 rw-p 0007f000 08:01 1835614 /u=
sr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7fc253b20000-7fc253b38000 r-xp 00000000 08:01 4063491 /l=
ib/x86_64-linux-gnu/libpthread-2.21.so
7fc253b38000-7fc253d38000 ---p 00018000 08:01 4063491 /l=
ib/x86_64-linux-gnu/libpthread-2.21.so
7fc253d38000-7fc253d39000 r--p 00018000 08:01 4063491 /l=
ib/x86_64-linux-gnu/libpthread-2.21.so
7fc253d39000-7fc253d3a000 rw-p 00019000 08:01 4063491 /l=
ib/x86_64-linux-gnu/libpthread-2.21.so
7fc253d3a000-7fc253d3e000 rw-p 00000000 00:00 0=20
7fc253d3e000-7fc253d62000 r-xp 00000000 08:01 4063489 /l=
ib/x86_64-linux-gnu/ld-2.21.so
7fc253eb0000-7fc253f61000 r--s 00000000 08:01 1848523 /u=
sr/lib/debug/lib/x86_64-linux-gnu/libpthread-2.21.so
7fc253f61000-7fc253f62000 r--p 00023000 08:01 4063489 /l=
ib/x86_64-linux-gnu/ld-2.21.so
7fc253f62000-7fc253f63000 rw-p 00024000 08:01 4063489 /l=
ib/x86_64-linux-gnu/ld-2.21.so
7fc253f63000-7fc253f64000 rw-p 00000000 00:00 0=20
7fc253f64000-7fc25423a000 r-xp 00000000 00:2a 214972 /o=
pt/ruby/r51677/bin/ruby
7fc254295000-7fc2542c5000 r--s 00000000 00:2a 215789 /o=
pt/ruby/r51677/lib/ruby/2.3.0/x86_64-linux/enc/euc_jp.so
7fc2542c5000-7fc2542e8000 r--s 00000000 08:01 4063491 /l=
ib/x86_64-linux-gnu/libpthread-2.21.so
7fc2542e8000-7fc25440f000 rw-p 00000000 00:00 0=20
7fc254410000-7fc254433000 rw-p 00000000 00:00 0=20
7fc254433000-7fc254434000 ---p 00000000 00:00 0=20
7fc254434000-7fc254439000 rw-p 00000000 00:00 0 [s=
tack:21767]
7fc254439000-7fc25443e000 r--p 002d5000 00:2a 214972 /o=
pt/ruby/r51677/bin/ruby
7fc25443e000-7fc25443f000 rw-p 002da000 00:2a 214972 /o=
pt/ruby/r51677/bin/ruby
7fc25443f000-7fc254450000 rw-p 00000000 00:00 0=20
7fc25491a000-7fc2559c2000 rw-p 00000000 00:00 0 [h=
eap]
7ffe0bd93000-7ffe0c592000 rw-p 00000000 00:00 0=20
7ffe0c5c4000-7ffe0c5c6000 r--p 00000000 00:00 0 [v=
var]
7ffe0c5c6000-7ffe0c5c8000 r-xp 00000000 00:00 0 [v=
dso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [v=
syscall]
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension librari=
es.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
=E4=B8=AD=E6=AD=A2 (=E3=82=B3=E3=82=A2=E3=83=80=E3=83=B3=E3=83=97)
~~~
--=20
https://bugs.ruby-lang.org/