The following input demonstrates a crash:
I suspect this occurs due to invalid code generation.
$ bin/mruby -v 214171.rb
mruby 1.2.0 (2015-11-17)
214171.rb:1:3: '*' interpreted as argument prefix
00002 NODE_SCOPE:
00002 NODE_BEGIN:
00002 NODE_FCALL:
00002 NODE_SELF
00004 method='a' (358)
00002 args:
00004 NODE_SPLAT:
00002 NODE_BEGIN:
00002 NODE_ARRAY:
00002 NODE_SPLAT:
00002 NODE_BEGIN:
00003 NODE_INT 0 base 10
irep 0x60c000014740 nregs=5 nlocals=1 pools=0 syms=1 reps=0
file: 214171.rb
2 000 OP_LOADSELF R1
2 001 OP_ARRAY R2 R2 0
2 002 OP_LOADNIL R3
3 003 OP_LOADI R4 0
3 004 OP_ARYCAT R3 R4
3 005 OP_SEND R2 :a 127
3 006 OP_STOP
ASAN:DEADLYSIGNAL
=================================================================
==83636==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x0001062e9bfb bp 0x7fff59913610 sp 0x7fff59913530 T0)
#0 0x1062e9bfa in ary_concat array.c:260
#1 0x1062e9ab4 in mrb_ary_concat array.c:279
#2 0x10646d8c3 in mrb_vm_exec (mruby+0x10018a8c3)
#3 0x106447f79 in mrb_vm_run (mruby+0x100164f79)
#4 0x10647a249 in mrb_top_run (mruby+0x100197249)
#5 0x106549a85 in mrb_load_exec (mruby+0x100266a85)
#6 0x10654a895 in mrb_load_file_cxt (mruby+0x100267895)
#7 0x1062e55c6 in main mruby.c:227
#8 0x7fff8cb21254 in start (libdyld.dylib+0x5254)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV array.c:260 in ary_concat
==83636==ABORTING
Abort trap: 6
This issue was reported by https://hackerone.com/ssarong
The following input demonstrates a crash:
I suspect this occurs due to invalid code generation.
This issue was reported by https://hackerone.com/ssarong