New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null pointer dereference in OP_SEND (regression) #3640

Closed
clayton-shopify opened this Issue Apr 27, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@clayton-shopify
Contributor

clayton-shopify commented Apr 27, 2017

https://hackerone.com/icanthack noticed that the input from #3495 causes a crash again:

Hash.new{break}[0]

A bisect shows that the crash reappeared in edd9fc6.

Debug:

Process 56666 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x0000000100172e48 mruby`mrb_vm_exec(mrb=0x000061400000a440, proc=0x000062f000002170, pc=0x0000000000000000) at vm.c:1336
   1333	        mrb->c->stack = ci->stackent;
   1334	        pc = ci->pc;
   1335	        cipop(mrb);
-> 1336	        JUMP;
   1337	      }
   1338	      else {
   1339	        /* setup environment for calling method */
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x0000000100172e48 mruby`mrb_vm_exec(mrb=0x000061400000a440, proc=0x000062f000002170, pc=0x0000000000000000) at vm.c:1336
    frame #1: 0x00000001001674f0 mruby`mrb_vm_run(mrb=0x000061400000a440, proc=0x000062f000002170, self=mrb_value @ 0x00007fff5fbfe0e0, stack_keep=4) at vm.c:860
    frame #2: 0x000000010019b16a mruby`mrb_top_run(mrb=0x000061400000a440, proc=0x000062f000002170, self=mrb_value @ 0x00007fff5fbfe360, stack_keep=0) at vm.c:2733
    frame #3: 0x000000010026cbf6 mruby`mrb_load_exec(mrb=0x000061400000a440, p=0x000062800000c120, c=0x000060600000a040) at parse.y:5780
    frame #4: 0x000000010026d546 mruby`mrb_load_file_cxt(mrb=0x000061400000a440, f=0x00007fffc6e68110, c=0x000060600000a040) at parse.y:5789
    frame #5: 0x0000000100002187 mruby`main(argc=1, argv=0x00007fff5fbff518) at mruby.c:227
    frame #6: 0x00007fffbdf72235 libdyld.dylib`start + 1
    frame #7: 0x00007fffbdf72235 libdyld.dylib`start + 1

matz added a commit that referenced this issue Jun 2, 2017

@matz

This comment has been minimized.

Show comment
Hide comment
@matz

matz Jun 3, 2017

Member

The previous fix was wrong (or at most imperfect). I will try again.

Member

matz commented Jun 3, 2017

The previous fix was wrong (or at most imperfect). I will try again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment