You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following code causes an invalid read and subsequent crash on current master:
$s = "%43b" % 2
0 while $s.chop![3,34].to_f
Valgrind report:
==550328== Memcheck, a memory error detector
==550328== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==550328== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==550328== Command: mruby 145f728aa44f35ec123f8141b154fae0a5d59503
==550328==
==550328== Invalid read of size 4
==550328== at 0x11576D: str_init_shared (string.c:79)
==550328== by 0x11576D: str_share (string.c:538)
==550328== by 0x11759D: mrb_str_byte_subseq (string.c:593)
==550328== by 0x11835B: str_substr (string.c:638)
==550328== by 0x11835B: mrb_str_aref (string.c:1208)
==550328== by 0x11835B: mrb_str_aref_m (string.c:1271)
==550328== by 0x12393D: mrb_vm_exec (vm.c:1444)
==550328== by 0x128A43: mrb_vm_run (vm.c:947)
==550328== by 0x14E44E: mrb_load_exec (parse.y:6339)
==550328== by 0x10DC3E: main (mruby.c:270)
==550328== Address 0x2a is not stack'd, malloc'd or (recently) free'd
==550328==
==550328==
==550328== Process terminating with default action of signal 11 (SIGSEGV)
==550328== Access not within mapped region at address 0x2A
==550328== at 0x11576D: str_init_shared (string.c:79)
==550328== by 0x11576D: str_share (string.c:538)
==550328== by 0x11759D: mrb_str_byte_subseq (string.c:593)
==550328== by 0x11835B: str_substr (string.c:638)
==550328== by 0x11835B: mrb_str_aref (string.c:1208)
==550328== by 0x11835B: mrb_str_aref_m (string.c:1271)
==550328== by 0x12393D: mrb_vm_exec (vm.c:1444)
==550328== by 0x128A43: mrb_vm_run (vm.c:947)
==550328== by 0x14E44E: mrb_load_exec (parse.y:6339)
==550328== by 0x10DC3E: main (mruby.c:270)
==550328== If you believe this happened as a result of a stack
==550328== overflow in your program's main thread (unlikely but
==550328== possible), you can try to increase the size of the
==550328== main thread stack using the --main-stacksize= flag.
==550328== The main thread stack size used in this run was 8388608.
==550328==
==550328== HEAP SUMMARY:
==550328== in use at exit: 230,644 bytes in 3,006 blocks
==550328== total heap usage: 3,068 allocs, 62 frees, 332,730 bytes allocated
==550328==
==550328== LEAK SUMMARY:
==550328== definitely lost: 0 bytes in 0 blocks
==550328== indirectly lost: 0 bytes in 0 blocks
==550328== possibly lost: 0 bytes in 0 blocks
==550328== still reachable: 230,644 bytes in 3,006 blocks
==550328== suppressed: 0 bytes in 0 blocks
==550328== Rerun with --leak-check=full to see details of leaked memory
==550328==
==550328== For lists of detected and suppressed errors, rerun with: -s
==550328== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)
zsh: segmentation fault (core dumped) valgrind mruby 145f728aa44f35ec123f8141b154fae0a5d59503
The text was updated successfully, but these errors were encountered:
Probably related to chop! since this similar input
$s ="%80b" % 15while $s.chop!while $s.chop
causes another invalid read (and crash) in a different function:
==565556== Invalid read of size 4
==565556== at 0x116B04: mrb_str_modify_keep_ascii (string.c:820)
==565556== by 0x116B04: mrb_str_modify_keep_ascii (string.c:814)
==565556== by 0x116B04: mrb_str_chop_bang (string.c:1637)
==565556== by 0x12393D: mrb_vm_exec (vm.c:1444)
==565556== by 0x128A43: mrb_vm_run (vm.c:947)
==565556== by 0x14E44E: mrb_load_exec (parse.y:6339)
==565556== by 0x10DC3E: main (mruby.c:270)
==565556== Address 0x50 is not stack'd, malloc'd or (recently) free'd
The following code causes an invalid read and subsequent crash on current master:
Valgrind report:
The text was updated successfully, but these errors were encountered: