ruby-dev

Mailing Lists

ruby-list (For Ruby users, JA) ruby-dev (For Ruby developers, JA) ruby-core (For Ruby developers, EN) ruby-talk (For Ruby users, EN)
2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997
1 2 3 4 5 6 7 8 9 10 11 12

[#50825] [Ruby master Bug#16032] 2.6 branch is failing on darwin17 on Travis-CI — nobu@...

Issue #16032 has been reported by nobu (Nobuyoshi Nakada).

1 message 2019/08/01

[#50826] [Ruby master Feature#15931] encoding for CESU-8 — artonx@...

Issue #15931 has been updated by arton (Akio Tajima).

1 message 2019/08/02

[#50827] [Ruby master Bug#16032] 2.6 branch is failing on darwin17 on Travis-CI — nagachika00@...

Issue #16032 has been updated by nagachika (Tomoyuki Chikanaga).

1 message 2019/08/06

[#50828] [Ruby master Bug#16032] 2.6 branch is failing on darwin17 on Travis-CI — nagachika00@...

Issue #16032 has been updated by nagachika (Tomoyuki Chikanaga).

1 message 2019/08/07

[#50829] [Ruby master Bug#7877] E::Lazy#with_index should be lazy — merch-redmine@...

Issue #7877 has been updated by jeremyevans0 (Jeremy Evans).

1 message 2019/08/08

[#50830] [Ruby master Bug#7881] Windows でパスに日本語を含むスクリプトからの require が失敗する — merch-redmine@...

Issue #7881 has been updated by jeremyevans0 (Jeremy Evans).

1 message 2019/08/08

[#50831] [Ruby master Bug#7877] E::Lazy#with_index should be lazy — nobu@...

Issue #7877 has been updated by nobu (Nobuyoshi Nakada).

1 message 2019/08/09

[#50832] [Ruby master Bug#9833] OpenSSL::X509::Certificate#inspect がわかりにくくなっている — merch-redmine@...

Issue #9833 has been updated by jeremyevans0 (Jeremy Evans).

1 message 2019/08/11

[#50833] [Ruby master Bug#9868] bigdecimal#VpAlloc causes out-of-bounds read — merch-redmine@...

Issue #9868 has been updated by jeremyevans0 (Jeremy Evans).

1 message 2019/08/11

[#50834] [Ruby master Bug#11189] alias prepended module — merch-redmine@...

Issue #11189 has been updated by jeremyevans0 (Jeremy Evans).

1 message 2019/08/12

[#50836] [Ruby master Bug#10436] ruby -c and ripper inconsistency: m(&nil) {} — merch-redmine@...

Issue #10436 has been updated by jeremyevans0 (Jeremy Evans).

1 message 2019/08/21

[#50837] [Ruby master Bug#14240] warn four special variables: $; $, $/ $\ — merch-redmine@...

Issue #14240 has been updated by jeremyevans0 (Jeremy Evans).

1 message 2019/08/26

[#50838] [Ruby master Bug#14240] warn four special variables: $; $, $/ $\ — nobu@...

Issue #14240 has been updated by nobu (Nobuyoshi Nakada).

1 message 2019/08/26

[#50839] [Ruby master Bug#15906] a=a のような式をもつ条件分岐が意図しない挙動をする — usa@...

Issue #15906 has been updated by usa (Usaku NAKAMURA).

1 message 2019/08/26

[#50840] [Ruby master Bug#10436] ruby -c and ripper inconsistency: m(&nil) {} — nobu@...

Issue #10436 has been updated by nobu (Nobuyoshi Nakada).

1 message 2019/08/27

[#50841] 訃報 — Shugo Maeda <shugo@...>

前田です。

3 messages 2019/08/29
[#50843] Re: 訃報 — Shugo Maeda <shugo@...> 2019/08/29

前田です。
[#50842] Re: 訃報 — Shugo Maeda <shugo@...> 2019/08/29

前田です。

[ruby-dev:50833] [Ruby master Bug#9868] bigdecimal#VpAlloc causes out-of-bounds read

From: merch-redmine@...
Date: 2019-08-11 19:44:42 UTC
List: ruby-dev #50833 
Issue #9868 has been updated by jeremyevans0 (Jeremy Evans).

Status changed from Open to Closed

I think this is fixed by https://github.com/ruby/bigdecimal/commit/e738c1377108baa0c2fd03cdee0eeb1239f627b2.

----------------------------------------
Bug #9868: bigdecimal#VpAlloc causes out-of-bounds read
https://bugs.ruby-lang.org/issues/9868#change-80614

* Author: mame (Yusuke Endoh)
* Status: Closed
* Priority: Normal
* Assignee: mrkn (Kenta Murata)
* Target version: 
* ruby -v: ruby 2.2.0dev (2014-05-25 trunk 46107) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
以下のようなパッチを当てて

~~~diff
diff --git a/ext/bigdecimal/bigdecimal.c b/ext/bigdecimal/bigdecimal.c
index 44e13a4..400dda0 100644
--- a/ext/bigdecimal/bigdecimal.c
+++ b/ext/bigdecimal/bigdecimal.c
@@ -3911,6 +3911,7 @@ VpAlloc(size_t mx, const char *szVal)
     }
     /* Skip trailing spaces */
     while (--i > 0) {
+       printf("dereference psz[%lu]\n", i);
        if (ISSPACE(psz[i])) psz[i] = 0;
        else break;
     }
~~~

以下のようなコードを実行すると、

~~~
$ ./ruby -I .ext/x86_64-linux/ -I . -I lib -r bigdecimal -e 'p BigDecimal.new("#")'
dereference psz[1]
dereference psz[8]
dereference psz[2]
dereference psz[18446744073709551615]
#<BigDecimal:7f06266cb820,'0.0',9(9)>
~~~

見るからにまずそうなデリファレンスが行われていることが観察されます。
Coverity Scan が見つけてくれました。

-- 
Yusuke Endoh <mame@ruby-lang.org>



-- 
https://bugs.ruby-lang.org/

In This Thread

Prev Next