Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid read in mrb_class #4270

Closed
clayton-shopify opened this Issue Feb 9, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@clayton-shopify
Copy link
Contributor

commented Feb 9, 2019

The following input demonstrates a crash:

ObjectSpace.count_objects.reject!{0}-ObjectSpace.each_object{|z:0|}

ASAN report:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==88994==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010be3ffbf bp 0x7ffee3e2ad70 sp 0x7ffee3e2ac00 T0)
==88994==The signal is caused by a READ memory access.
==88994==Hint: address points to the zero page.
    #0 0x10be3ffbe in mrb_class (mruby:x86_64+0x100088fbe)
    #1 0x10be3c056 in mrb_funcall_with_block (mruby:x86_64+0x100085056)
    #2 0x10be3ac95 in mrb_funcall_argv (mruby:x86_64+0x100083c95)
    #3 0x10be3a6bf in mrb_funcall (mruby:x86_64+0x1000836bf)
    #4 0x10beb6dec in mrb_obj_as_string (mruby:x86_64+0x1000ffdec)
    #5 0x10bf305f7 in mrb_vformat (mruby:x86_64+0x1001795f7)
    #6 0x10bf31d47 in mrb_format (mruby:x86_64+0x10017ad47)
    #7 0x10be68dff in mrb_vm_exec (mruby:x86_64+0x1000b1dff)
    #8 0x10be49f49 in mrb_vm_run (mruby:x86_64+0x100092f49)
    #9 0x10be4103b in mrb_run (mruby:x86_64+0x10008a03b)
    #10 0x10be47324 in mrb_yield_with_class (mruby:x86_64+0x100090324)
    #11 0x10be482c2 in mrb_yield (mruby:x86_64+0x1000912c2)
    #12 0x10c06c6cb in os_each_object_cb (mruby:x86_64+0x1002b56cb)
    #13 0x10bf92f2d in gc_each_objects (mruby:x86_64+0x1001dbf2d)
    #14 0x10bf92c2b in mrb_objspace_each_objects (mruby:x86_64+0x1001dbc2b)
    #15 0x10c06b52b in os_each_object (mruby:x86_64+0x1002b452b)
    #16 0x10be5b520 in mrb_vm_exec (mruby:x86_64+0x1000a4520)
    #17 0x10be49f49 in mrb_vm_run (mruby:x86_64+0x100092f49)
    #18 0x10bea7a4f in mrb_top_run (mruby:x86_64+0x1000f0a4f)
    #19 0x10c0f0f61 in mrb_load_exec (mruby:x86_64+0x100339f61)
    #20 0x10c0f1af9 in mrb_load_file_cxt (mruby:x86_64+0x10033aaf9)
    #21 0x10bdb9e16 in main (mruby:x86_64+0x100002e16)
    #22 0x7fff62a57ed8 in start (libdyld.dylib:x86_64+0x16ed8)

==88994==Register values:
rax = 0x0000100000000000  rbx = 0x00007ffee3e2ac40  rcx = 0x00007ffee3e2ac20  rdx = 0xbebebebebebebec6
rdi = 0x00007ffee3e2ac28  rsi = 0x17d7d7d7d7d7d7d8  rbp = 0x00007ffee3e2ad70  rsp = 0x00007ffee3e2ac00
 r8 = 0x00001fffdc7c5585   r9 = 0x53f21d1030e10000  r10 = 0x000061b000000080  r11 = 0x00001c3600000010
r12 = 0xf2f2f2f2f2f2f2f8  r13 = 0xf8f8f8f8f8f8f8f8  r14 = 0x00001fffdc7c56ec  r15 = 0xf2f8f2f2f8f8f2f2
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (mruby:x86_64+0x100088fbe) in mrb_class
==88994==ABORTING
Abort trap: 6

This issue was reported by Dinko Galetic & Denis Kasak (https://hackerone.com/dgaletic).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.