Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null pointer dereference in OP_SEND #3721

Closed
clayton-shopify opened this issue Jun 22, 2017 · 0 comments
Closed

Null pointer dereference in OP_SEND #3721

clayton-shopify opened this issue Jun 22, 2017 · 0 comments

Comments

@clayton-shopify
Copy link
Contributor

The following input demonstrates a crash:

def method_missing(m)
ensure
begin A rescue
break
rescue
end
end

send ''

ASAN report:

ASAN:DEADLYSIGNAL
=================================================================
==3315==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010b264e0a bp 0x7fff54b08f90 sp 0x7fff54b00d60 T0)
==3315==The signal is caused by a READ memory access.
==3315==Hint: address points to the zero page.
    #0 0x10b264e09 in mrb_vm_exec (mruby:x86_64+0x10016fe09)
    #1 0x10b258944 in mrb_vm_run (mruby:x86_64+0x100163944)
    #2 0x10b28e41f in mrb_top_run (mruby:x86_64+0x10019941f)
    #3 0x10b36724d in mrb_load_exec (mruby:x86_64+0x10027224d)
    #4 0x10b368065 in mrb_load_file_cxt (mruby:x86_64+0x100273065)
    #5 0x10b0f75a3 in main mruby.c:227
    #6 0x7fffe5638234 in start (libdyld.dylib:x86_64+0x5234)

==3315==Register values:
rax = 0x000000010b4165e0  rbx = 0xf2f20000f2f2f200  rcx = 0x0000000000000000  rdx = 0x0000630000001e00
rdi = 0x0000100000000000  rsi = 0x0000630000001e70  rbp = 0x00007fff54b08f90  rsp = 0x00007fff54b00d60
 r8 = 0x0000000000000000   r9 = 0x000000000000000e  r10 = 0x0000000000000000  r11 = 0xfffffe7000001d50
r12 = 0xf2f20000f1f1f1f1  r13 = 0x00001fffea961030  r14 = 0xf2f20000f2f2f2f2  r15 = 0xf2f2f2f2f2040000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (mruby:x86_64+0x10016fe09) in mrb_vm_exec
==3315==ABORTING
Abort trap: 6

This issue was reported by @titanous

@matz matz closed this as completed in d0717ef Jun 23, 2017
@matz matz mentioned this issue Jul 4, 2017
matz added a commit that referenced this issue Aug 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant