Since backquotes are not implemented, this code should result in infinite recursion but it crashes well before the C stack overflows. An attempt is made to write past the end of the Ruby VM stack here:
This suggests that the size of the VM stack was not calculated correctly at some previous point.
ASAN report:
==30916==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62700001b908 at pc 0x00010213cf0f bp 0x7fff5d8fd890 sp 0x7fff5d8fd888
WRITE of size 4 at 0x62700001b908 thread T0
#0 0x10213cf0e in mrb_vm_exec (mruby+0x10016ef0e)
#1 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#2 0x10212d01e in mrb_run (mruby+0x10015f01e)
#3 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#4 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#5 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#6 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#7 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#8 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#9 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#10 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#11 0x10212d01e in mrb_run (mruby+0x10015f01e)
#12 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#13 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#14 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#15 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#16 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#17 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#18 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#19 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#20 0x10212d01e in mrb_run (mruby+0x10015f01e)
#21 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#22 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#23 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#24 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#25 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#26 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#27 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#28 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#29 0x10212d01e in mrb_run (mruby+0x10015f01e)
#30 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#31 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#32 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#33 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#34 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#35 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#36 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#37 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#38 0x10212d01e in mrb_run (mruby+0x10015f01e)
#39 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#40 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#41 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#42 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#43 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#44 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#45 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#46 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#47 0x10212d01e in mrb_run (mruby+0x10015f01e)
#48 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#49 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#50 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#51 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#52 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#53 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#54 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#55 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#56 0x10212d01e in mrb_run (mruby+0x10015f01e)
#57 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#58 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#59 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#60 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#61 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#62 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#63 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#64 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#65 0x10212d01e in mrb_run (mruby+0x10015f01e)
#66 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#67 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#68 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#69 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#70 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#71 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#72 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#73 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#74 0x10212d01e in mrb_run (mruby+0x10015f01e)
#75 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#76 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#77 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#78 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#79 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#80 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#81 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#82 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#83 0x10212d01e in mrb_run (mruby+0x10015f01e)
#84 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#85 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#86 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#87 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#88 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#89 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#90 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#91 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#92 0x10212d01e in mrb_run (mruby+0x10015f01e)
#93 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#94 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#95 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#96 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#97 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#98 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#99 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#100 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#101 0x10212d01e in mrb_run (mruby+0x10015f01e)
#102 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#103 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#104 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#105 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#106 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#107 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#108 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#109 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#110 0x10212d01e in mrb_run (mruby+0x10015f01e)
#111 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#112 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#113 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#114 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#115 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#116 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#117 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#118 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#119 0x10212d01e in mrb_run (mruby+0x10015f01e)
#120 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#121 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#122 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#123 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#124 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#125 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#126 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#127 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#128 0x10212d01e in mrb_run (mruby+0x10015f01e)
#129 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#130 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#131 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#132 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#133 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#134 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#135 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#136 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#137 0x10212d01e in mrb_run (mruby+0x10015f01e)
#138 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#139 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#140 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#141 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#142 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#143 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#144 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#145 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#146 0x10212d01e in mrb_run (mruby+0x10015f01e)
#147 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#148 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#149 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#150 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#151 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#152 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#153 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#154 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#155 0x10212d01e in mrb_run (mruby+0x10015f01e)
#156 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#157 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#158 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#159 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#160 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#161 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#162 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#163 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#164 0x10212d01e in mrb_run (mruby+0x10015f01e)
#165 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#166 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#167 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#168 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#169 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#170 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#171 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#172 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#173 0x10212d01e in mrb_run (mruby+0x10015f01e)
#174 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#175 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#176 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#177 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#178 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#179 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#180 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#181 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#182 0x10212d01e in mrb_run (mruby+0x10015f01e)
#183 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#184 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#185 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#186 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#187 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#188 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#189 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#190 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#191 0x10212d01e in mrb_run (mruby+0x10015f01e)
#192 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#193 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#194 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#195 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#196 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#197 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#198 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#199 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#200 0x10212d01e in mrb_run (mruby+0x10015f01e)
#201 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#202 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#203 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#204 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#205 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#206 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#207 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#208 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#209 0x10212d01e in mrb_run (mruby+0x10015f01e)
#210 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#211 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#212 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#213 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#214 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#215 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#216 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#217 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#218 0x10212d01e in mrb_run (mruby+0x10015f01e)
#219 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#220 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#221 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#222 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#223 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#224 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#225 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#226 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#227 0x10212d01e in mrb_run (mruby+0x10015f01e)
#228 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#229 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#230 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#231 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#232 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#233 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#234 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#235 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#236 0x10212d01e in mrb_run (mruby+0x10015f01e)
#237 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#238 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#239 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#240 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#241 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#242 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#243 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#244 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#245 0x10212d01e in mrb_run (mruby+0x10015f01e)
#246 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#247 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#248 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#249 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#250 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#251 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#252 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#253 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#254 0x10212d01e in mrb_run (mruby+0x10015f01e)
#255 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
0x62700001b908 is located 8 bytes to the right of 12288-byte region [0x627000018900,0x62700001b900)
allocated by thread T0 here:
#0 0x102379f87 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib+0x4af87)
#1 0x1020c9675 in mrb_default_allocf (mruby+0x1000fb675)
#2 0x10204b228 in mrb_realloc_simple gc.c:201
#3 0x10204b90e in mrb_realloc gc.c:215
#4 0x1021670b1 in stack_extend_alloc (mruby+0x1001990b1)
#5 0x10212c747 in stack_extend (mruby+0x10015e747)
#6 0x102129484 in mrb_funcall_with_block (mruby+0x10015b484)
#7 0x10200db49 in mrb_instance_new (mruby+0x10003fb49)
#8 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#9 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#10 0x10212d01e in mrb_run (mruby+0x10015f01e)
#11 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#12 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#13 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#14 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#15 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#16 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#17 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#18 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#19 0x10212d01e in mrb_run (mruby+0x10015f01e)
#20 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
#21 0x102127337 in mrb_funcall_argv (mruby+0x100159337)
#22 0x1020acc9e in convert_type (mruby+0x1000dec9e)
#23 0x1020addba in mrb_check_convert_type (mruby+0x1000dfdba)
#24 0x1020dbb9d in mrb_check_string_type (mruby+0x10010db9d)
#25 0x1020779c3 in mrb_f_raise (mruby+0x1000a99c3)
#26 0x10213eb73 in mrb_vm_exec (mruby+0x100170b73)
#27 0x102133f99 in mrb_vm_run (mruby+0x100165f99)
#28 0x10212d01e in mrb_run (mruby+0x10015f01e)
#29 0x10212a967 in mrb_funcall_with_block (mruby+0x10015c967)
SUMMARY: AddressSanitizer: heap-buffer-overflow (mruby+0x10016ef0e) in mrb_vm_exec
Shadow bytes around the buggy address:
0x1c4e000036d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c4e000036e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c4e000036f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c4e00003700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c4e00003710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x1c4e00003720: fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4e00003730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4e00003740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4e00003750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4e00003760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c4e00003770: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30916==ABORTING
Abort trap: 6
The following input demonstrates a crash:
Since backquotes are not implemented, this code should result in infinite recursion but it crashes well before the C stack overflows. An attempt is made to write past the end of the Ruby VM stack here:
mruby/src/vm.c
Line 1205 in 4b1e5d4
This suggests that the size of the VM stack was not calculated correctly at some previous point.
ASAN report:
This issue was reported by https://hackerone.com/ston3
The text was updated successfully, but these errors were encountered: