Null pointer dereference in mrb_ary_ref #3537
Description
The following input to mirb demonstrates a crash:
w
Fiber.new do w end.resume
y=f=GC.start
g=s=t=().()
a=[D]
aNote that this input must be given to mirb, not mruby.
ASAN report:
==24404==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fffc774bf3d bp 0x7fff57771860 sp 0x7fff57771860 T0)
#0 0x7fffc774bf3c in _platform_memmove$VARIANT$Haswell (libsystem_platform.dylib+0x5f3c)
#1 0x108821bf8 in __asan_memcpy (libclang_rt.asan_osx_dynamic.dylib+0x41bf8)
#2 0x10848cee4 in mrb_ary_ref array.c:552
#3 0x108496a28 in mrb_ary_aget array.c:753
#4 0x1085f1d50 in mrb_vm_exec vm.c:1259
#5 0x1085e73d9 in mrb_vm_run vm.c:823
#6 0x1085e011e in mrb_run vm.c:2603
#7 0x1085dda67 in mrb_funcall_with_block vm.c:451
#8 0x1085dac57 in mrb_funcall_with_block vm.c:354
#9 0x1085da437 in mrb_funcall_argv vm.c:461
#10 0x1085d9ebe in mrb_funcall vm.c:339
#11 0x108485c9b in p mirb.c:92
#12 0x108484634 in main mirb.c:564
#13 0x7fffc753b254 in start (libdyld.dylib+0x5254)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (libsystem_platform.dylib+0x5f3c) in _platform_memmove$VARIANT$Haswell
==24404==ABORTING
Abort trap: 6
This issue was reported by https://hackerone.com/ston3