The following input demonstrates a crash:
def a
b { yield }
end
def b
Fiber.new { yield }.resume
ensure
a { break }
end
aASAN report:
ASAN:DEADLYSIGNAL
=================================================================
==98907==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x00010ee28fc7 bp 0x7fff50f4a3d0 sp 0x7fff50f421a0 T0)
==98907==The signal is caused by a READ memory access.
==98907==Hint: address points to the zero page.
#0 0x10ee28fc6 in mrb_vm_exec vm.c:2055
#1 0x10ee0ea14 in mrb_vm_run vm.c:879
#2 0x10ee068ae in mrb_run vm.c:2869
#3 0x10ee416a0 in ecall vm.c:328
#4 0x10ee252ab in mrb_vm_exec vm.c:1899
#5 0x10ee0ea14 in mrb_vm_run vm.c:879
#6 0x10ee444ef in mrb_top_run vm.c:2884
#7 0x10ef1d2f8 in mrb_load_exec parse.y:5824
#8 0x10ef1e125 in mrb_load_file_cxt parse.y:5833
#9 0x10ecad693 in main mruby.c:227
#10 0x7fffe5638234 in start (libdyld.dylib:x86_64+0x5234)
==98907==Register values:
rax = 0x0000000000000018 rbx = 0xf2f20000f2f2f200 rcx = 0x0000000000000018 rdx = 0x0000100000000003
rdi = 0x000061400000a460 rsi = 0x0000100000000000 rbp = 0x00007fff50f4a3d0 rsp = 0x00007fff50f421a0
r8 = 0x0000100000000000 r9 = 0xc1d49033fac10000 r10 = 0x00007fff50f41b20 r11 = 0x00001e6f50f3b210
r12 = 0xf2f20000f1f1f1f1 r13 = 0x00001fffea1e92b8 r14 = 0xf2f20000f2f2f2f2 r15 = 0xf2f2f2f2f2040000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV vm.c:2055 in mrb_vm_exec
==98907==ABORTING
Abort trap: 6
This issue was reported by https://hackerone.com/tigadiz
The following input demonstrates a crash:
ASAN report:
This issue was reported by https://hackerone.com/tigadiz