-
Notifications
You must be signed in to change notification settings - Fork 814
Closed
Description
The following input demonstrates a crash:
ObjectSpace.count_objects.reject!{0}-ObjectSpace.each_object{|z:0|}
ASAN report:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==88994==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010be3ffbf bp 0x7ffee3e2ad70 sp 0x7ffee3e2ac00 T0)
==88994==The signal is caused by a READ memory access.
==88994==Hint: address points to the zero page.
#0 0x10be3ffbe in mrb_class (mruby:x86_64+0x100088fbe)
#1 0x10be3c056 in mrb_funcall_with_block (mruby:x86_64+0x100085056)
#2 0x10be3ac95 in mrb_funcall_argv (mruby:x86_64+0x100083c95)
#3 0x10be3a6bf in mrb_funcall (mruby:x86_64+0x1000836bf)
#4 0x10beb6dec in mrb_obj_as_string (mruby:x86_64+0x1000ffdec)
#5 0x10bf305f7 in mrb_vformat (mruby:x86_64+0x1001795f7)
#6 0x10bf31d47 in mrb_format (mruby:x86_64+0x10017ad47)
#7 0x10be68dff in mrb_vm_exec (mruby:x86_64+0x1000b1dff)
#8 0x10be49f49 in mrb_vm_run (mruby:x86_64+0x100092f49)
#9 0x10be4103b in mrb_run (mruby:x86_64+0x10008a03b)
#10 0x10be47324 in mrb_yield_with_class (mruby:x86_64+0x100090324)
#11 0x10be482c2 in mrb_yield (mruby:x86_64+0x1000912c2)
#12 0x10c06c6cb in os_each_object_cb (mruby:x86_64+0x1002b56cb)
#13 0x10bf92f2d in gc_each_objects (mruby:x86_64+0x1001dbf2d)
#14 0x10bf92c2b in mrb_objspace_each_objects (mruby:x86_64+0x1001dbc2b)
#15 0x10c06b52b in os_each_object (mruby:x86_64+0x1002b452b)
#16 0x10be5b520 in mrb_vm_exec (mruby:x86_64+0x1000a4520)
#17 0x10be49f49 in mrb_vm_run (mruby:x86_64+0x100092f49)
#18 0x10bea7a4f in mrb_top_run (mruby:x86_64+0x1000f0a4f)
#19 0x10c0f0f61 in mrb_load_exec (mruby:x86_64+0x100339f61)
#20 0x10c0f1af9 in mrb_load_file_cxt (mruby:x86_64+0x10033aaf9)
#21 0x10bdb9e16 in main (mruby:x86_64+0x100002e16)
#22 0x7fff62a57ed8 in start (libdyld.dylib:x86_64+0x16ed8)
==88994==Register values:
rax = 0x0000100000000000 rbx = 0x00007ffee3e2ac40 rcx = 0x00007ffee3e2ac20 rdx = 0xbebebebebebebec6
rdi = 0x00007ffee3e2ac28 rsi = 0x17d7d7d7d7d7d7d8 rbp = 0x00007ffee3e2ad70 rsp = 0x00007ffee3e2ac00
r8 = 0x00001fffdc7c5585 r9 = 0x53f21d1030e10000 r10 = 0x000061b000000080 r11 = 0x00001c3600000010
r12 = 0xf2f2f2f2f2f2f2f8 r13 = 0xf8f8f8f8f8f8f8f8 r14 = 0x00001fffdc7c56ec r15 = 0xf2f8f2f2f8f8f2f2
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (mruby:x86_64+0x100088fbe) in mrb_class
==88994==ABORTING
Abort trap: 6
This issue was reported by Dinko Galetic & Denis Kasak (https://hackerone.com/dgaletic).
Metadata
Metadata
Assignees
Labels
No labels