The following input demonstrates a crash:
begin
rescue => a
end
begin
b
rescue begin
c ""
rescue => d
0
ensure
end
endmrb->exc ends up NULL here:
|
exc = mrb_obj_value(mrb->exc); |
This looks to be related to #3487
ASAN report:
==63757==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010572b22c bp 0x7fff5a6286f0 sp 0x7fff5a628580 T0)
#0 0x10572b22b in mrb_obj_value (mruby+0x10015d22b)
#1 0x10573aef0 in mrb_vm_exec (mruby+0x10016cef0)
#2 0x1057342f9 in mrb_vm_run (mruby+0x1001662f9)
#3 0x105766929 in mrb_top_run (mruby+0x100198929)
#4 0x105835b65 in mrb_load_exec (mruby+0x100267b65)
#5 0x105836975 in mrb_load_file_cxt (mruby+0x100268975)
#6 0x1055d0936 in main mruby.c:227
#7 0x7fffaf458254 in start (libdyld.dylib+0x5254)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (mruby+0x10015d22b) in mrb_obj_value
==63757==ABORTING
Abort trap: 6
This issue was reported by https://hackerone.com/icanthack
The following input demonstrates a crash:
mrb->excends up NULL here:mruby/src/vm.c
Line 1096 in f8b31a0
This looks to be related to #3487
ASAN report:
This issue was reported by https://hackerone.com/icanthack