Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null pointer dereference in void_expr_error #4192

Closed
clayton-shopify opened this Issue Dec 20, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@clayton-shopify
Copy link
Contributor

commented Dec 20, 2018

The following input demonstrates a crash:

x{|(superclass)

It appears the problem began in 762f682.

ASAN report:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==86779==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0001058d81f6 bp 0x7ffeea65f180 sp 0x7ffeea65f0e0 T0)
==86779==The signal is caused by a READ memory access.
==86779==Hint: address points to the zero page.
    #0 0x1058d81f5 in void_expr_error (mruby:x86_64+0x10033f1f5)
    #1 0x1058d6ba0 in new_masgn (mruby:x86_64+0x10033dba0)
    #2 0x1058c59cc in yyparse (mruby:x86_64+0x10032c9cc)
    #3 0x1058a42bf in mrb_parser_parse (mruby:x86_64+0x10030b2bf)
    #4 0x1058d17e1 in mrb_parse_file (mruby:x86_64+0x1003387e1)
    #5 0x1058d4046 in mrb_load_file_cxt (mruby:x86_64+0x10033b046)
    #6 0x10559ba06 in main (mruby:x86_64+0x100002a06)
    #7 0x7fff761fa08c in start (libdyld.dylib:x86_64+0x1708c)

==86779==Register values:
rax = 0x0000000000000000  rbx = 0x00007ffeea65fb80  rcx = 0x00006280000044c8  rdx = 0x0000000000000000
rdi = 0x0000628000004120  rsi = 0x0000100000000000  rbp = 0x00007ffeea65f180  rsp = 0x00007ffeea65f0e0
 r8 = 0x0000000000000142   r9 = 0x0000628000004100  r10 = 0x0000000000000000  r11 = 0x0000000000000690
r12 = 0x00007ffeea65f200  r13 = 0x00007ffeea65f2a0  r14 = 0x000000010594bfe4  r15 = 0x00007ffeea65f1e0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (mruby:x86_64+0x10033f1f5) in void_expr_error
==86779==ABORTING
Abort trap: 6

This issue was reported by https://hackerone.com/hexodus

@matz matz closed this in 94b73b1 Dec 21, 2018

matz added a commit that referenced this issue Dec 31, 2018

Should not check non-node value to `void_expr_error`; fix #4203
This is also a reason for #4192 as well.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.