Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null pointer dereference in ary_concat #3580

clayton-shopify opened this issue Apr 3, 2017 · 0 comments

Null pointer dereference in ary_concat #3580

clayton-shopify opened this issue Apr 3, 2017 · 0 comments


Copy link

The following input demonstrates a crash:

N *case
when nil
->()do end
def e()end

ASAN report:

==56546==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x0001083ee4ab bp 0x7fff5780e4f0 sp 0x7fff5780e410 T0)
==56546==The signal is caused by a READ memory access.
==56546==Hint: address points to the zero page.
    #0 0x1083ee4aa in ary_concat array.c:265
    #1 0x1083ee364 in mrb_ary_concat array.c:284
    #2 0x108572ebc in mrb_vm_exec vm.c:2304
    #3 0x10854cf49 in mrb_vm_run vm.c:824
    #4 0x10857f859 in mrb_top_run vm.c:2630
    #5 0x108650845 in mrb_load_exec parse.y:5762
    #6 0x108651655 in mrb_load_file_cxt parse.y:5771
    #7 0x1083e9e76 in main mruby.c:227
    #8 0x7fffbbbba234 in start (libdyld.dylib:x86_64+0x5234)

==56546==Register values:
rax = 0x000000007ffffffe  rbx = 0x00007fff5780e560  rcx = 0x0000000000000018  rdx = 0x0000000000000018
rdi = 0x0000100000000000  rsi = 0x0000100000000003  rbp = 0x00007fff5780e4f0  rsp = 0x00007fff5780e410
 r8 = 0x0000100000000000   r9 = 0x0000100000000000  r10 = 0x0000000109569a48  r11 = 0x6d75ac53ed8a002a
r12 = 0xf2f20000f1f1f1f1  r13 = 0x00001fffeaf02a84  r14 = 0xf2f20000f2f2f2f2  r15 = 0xf2f2f2f2f2040000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV array.c:265 in ary_concat
Abort trap: 6

This issue was reported by

@matz matz closed this as completed in fff4a4e Apr 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

1 participant