Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Heap buffer overflow #3506
The following input demonstrates a crash:
def to_str `` 0 end 0.times.inspect
Since backquotes are not implemented, this code should result in infinite recursion but it crashes well before the C stack overflows. An attempt is made to write past the end of the Ruby VM stack here:
This suggests that the size of the VM stack was not calculated correctly at some previous point.
This issue was reported by https://hackerone.com/ston3