rb_str_resize may be called on a non-String type
#342
Comments
matzbot
pushed a commit
to ruby/ruby
that referenced
this issue
Aug 3, 2018
* See ruby/json#342 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64177 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
I can reproduce and applied this fix in the Ruby repo: ruby/ruby@e7da0fc |
hsbt
pushed a commit
that referenced
this issue
Oct 25, 2018
* See #342 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64177 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
Fixed at 033dd10 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Revision 797ce53 introduced a change to resize strings while parsing in order to improve performance in some important cases. Unfortunately, it looks like it also attempts to resize types that aren't strings.
For example, the json_string_matching_test class that ships in the repo demonstrates a situation where internally,
*resultwould be aTimeobject, not aString. I think through a remarkable set of coincidences,RSTRING_LENcalled on most non-String objects happens to return0. Andrb_str_resizeon a non-String object sees that object as having a length0. Attempting to resize a 0-length string to 0 happens to head down a path that doesn't cause the process to segfault (any value > 0 would).Assuming my analysis is correct, I think the stated performance objective can be maintained with much more safety by doing a type check:
If there's buy-in for that, I'll pull together a pull request.
I just want to state that what's in the extension does happen to work in MRI, but I think it's exploiting a set of internals (e.g., object layout) that are subject to change and could cause the whole thing to crash. If this is an acceptable risk for some additional performance, please feel free to close the issue out.
The text was updated successfully, but these errors were encountered: