We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The following input demonstrates a crash:
"1".upto("10000") {}
It appears the problem was introduced in e96f254.
ASAN report:
ASAN:DEADLYSIGNAL ================================================================= ==49777==ERROR: AddressSanitizer: SEGV on unknown address 0x63003235354a (pc 0x00010c6f97a0 bp 0x7fff535778b0 sp 0x7fff53577660 T0) #0 0x10c6f979f in mrb_obj_alloc gc.c:518 #1 0x10c777b1c in str_new string.c:59 #2 0x10c77791f in mrb_str_new string.c:193 #3 0x10c86420c in mrb_str_upto (mruby:x86_64+0x1001e720c) #4 0x10c7ec04e in mrb_vm_exec vm.c:1396 #5 0x10c7e0654 in mrb_vm_run vm.c:879 #6 0x10c8160ff in mrb_top_run vm.c:2883 #7 0x10c8ee26d in mrb_load_exec parse.y:5823 #8 0x10c8ef085 in mrb_load_file_cxt parse.y:5832 #9 0x10c67f3a3 in main mruby.c:227 #10 0x7fffe5638234 in start (libdyld.dylib:x86_64+0x5234) ==49777==Register values: rax = 0x000063003235354a rbx = 0x00007fff535776a0 rcx = 0x000063003235354a rdx = 0x00001c600646a6a9 rdi = 0x0000100000000000 rsi = 0x0000100000000000 rbp = 0x00007fff535778b0 rsp = 0x00007fff53577660 r8 = 0x0000000000000010 r9 = 0x000061400000a500 r10 = 0x0000000000000004 r11 = 0x000000010c921ce4 r12 = 0x00007fff53577b80 r13 = 0x00007fff53577ba0 r14 = 0x00007fff53577b40 r15 = 0x00007fff53577b60 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV gc.c:518 in mrb_obj_alloc ==49777==ABORTING Abort trap: 6
This issue was reported by Dinko Galetic & Denis Kasak (https://hackerone.com/dgaletic).
The text was updated successfully, but these errors were encountered:
Got a fix, PR incoming.
Sorry, something went wrong.
Save gc_arena after buffer got allocated
abca63c
Latest fix was freeing the buffer while it was still in use. Fixes mruby#3712
a723a93
Successfully merging a pull request may close this issue.
The following input demonstrates a crash:
It appears the problem was introduced in e96f254.
ASAN report:
This issue was reported by Dinko Galetic & Denis Kasak (https://hackerone.com/dgaletic).
The text was updated successfully, but these errors were encountered: