New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid read in OP_ENTER #3592

Closed
clayton-shopify opened this Issue Apr 4, 2017 · 0 comments

Comments

Projects
None yet
1 participant
@clayton-shopify
Contributor

clayton-shopify commented Apr 4, 2017

The following input demonstrates a crash:

def method_missing
end    
__send__ :f,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

ASAN report:

==73534==ERROR: AddressSanitizer: SEGV on unknown address 0x7fff000002cb (pc 0x0001096e2d01 bp 0x7fff56689290 sp 0x7fff56681780 T0)
==73534==The signal is caused by a READ memory access.
    #0 0x1096e2d00 in mrb_vm_exec vm.c:1573
    #1 0x1096d0f39 in mrb_vm_run vm.c:824
    #2 0x1096c9985 in mrb_run vm.c:2616
    #3 0x1096c7547 in mrb_funcall_with_block vm.c:451
    #4 0x1096cb365 in mrb_f_send vm.c:525
    #5 0x1096dbd88 in mrb_vm_exec vm.c:1268
    #6 0x1096d0f39 in mrb_vm_run vm.c:824
    #7 0x109703849 in mrb_top_run vm.c:2630
    #8 0x1097d4845 in mrb_load_exec parse.y:5762
    #9 0x1097d5655 in mrb_load_file_cxt parse.y:5771
    #10 0x10956de66 in main mruby.c:227
    #11 0x7fffbbbba234 in start (libdyld.dylib:x86_64+0x5234)

==73534==Register values:
rax = 0x00007fff000002cb  rbx = 0xf2f20000f2f2f200  rcx = 0x00007fff000002cb  rdx = 0x00001fffe0000059
rdi = 0x0000100000000000  rsi = 0x0000100000000000  rbp = 0x00007fff56689290  rsp = 0x00007fff56681780
 r8 = 0x0000100000000000   r9 = 0xf204f2f20000f204  r10 = 0xf2f20000f2f20000  r11 = 0xf2f2f200f2f20000
r12 = 0xf2f20000f1f1f1f1  r13 = 0x00001fffeacd10a8  r14 = 0xf2f20000f2f2f2f2  r15 = 0xf2f2f2f2f2040000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV vm.c:1573 in mrb_vm_exec
==73534==ABORTING
Abort trap: 6

This issue was reported by Dinko Galetic & Denis Kasak (https://hackerone.com/dgaletic).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment