Closed
Description
The following input demonstrates a crash:
b = []
c = (0..0)
d = 0
e = ""
begin
z = x
rescue
end
1.instance_exec {
begin
break
Proc.new{}
ensure
def l
end
end
}
z.inspect
ASAN report:
ASAN:DEADLYSIGNAL
=================================================================
==54237==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x000104f2c817 bp 0x7fff5ae09890 sp 0x7fff5ae09720 T0)
==54237==The signal is caused by a READ memory access.
==54237==Hint: address points to the zero page.
#0 0x104f2c816 in mrb_obj_iv_get (mruby:x86_64+0x100141816)
#1 0x104e2b13c in mrb_class_path (mruby:x86_64+0x10004013c)
#2 0x104e2c97f in mrb_class_name (mruby:x86_64+0x10004197f)
#3 0x104e2d462 in mrb_obj_classname (mruby:x86_64+0x100042462)
#4 0x104ec84ea in mrb_any_to_s (mruby:x86_64+0x1000dd4ea)
#5 0x104e9111f in mrb_method_missing (mruby:x86_64+0x1000a611f)
#6 0x104f5910b in mrb_vm_exec (mruby:x86_64+0x10016e10b)
#7 0x104f4e654 in mrb_vm_run (mruby:x86_64+0x100163654)
#8 0x104f840ff in mrb_top_run (mruby:x86_64+0x1001990ff)
#9 0x10505c26d in mrb_load_exec (mruby:x86_64+0x10027126d)
#10 0x10505d085 in mrb_load_file_cxt (mruby:x86_64+0x100272085)
#11 0x104ded3a3 in main mruby.c:227
#12 0x7fffe5638234 in start (libdyld.dylib:x86_64+0x5234)
==54237==Register values:
rax = 0x0000000000000018 rbx = 0x00007fff5ae09780 rcx = 0x000061400000a440 rdx = 0x00001fffeb5c12e4
rdi = 0x00007fff5ae09740 rsi = 0x0000000000000000 rbp = 0x00007fff5ae09890 rsp = 0x00007fff5ae09720
r8 = 0x00007fff5ae09760 r9 = 0x00000000000002a7 r10 = 0x0000000000000018 r11 = 0x0000100000000003
r12 = 0x00007fff5ae098e0 r13 = 0x00007fff5ae09900 r14 = 0x0000100000000000 r15 = 0x00007fff5ae098c0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (mruby:x86_64+0x100141816) in mrb_obj_iv_get
==54237==ABORTING
Abort trap: 6
This issue was reported by https://hackerone.com/ahihi
Metadata
Metadata
Assignees
Labels
No labels