Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Parser segfault (invalid read) in local_add_f #4810

Closed
dkasak opened this issue Nov 7, 2019 · 0 comments
Closed

Parser segfault (invalid read) in local_add_f #4810

dkasak opened this issue Nov 7, 2019 · 0 comments

Comments

@dkasak
Copy link

dkasak commented Nov 7, 2019

The following input causes an invalid read on latest master (c10e191):

l=j{|l:l

Valgrind report:

==579750== Memcheck, a memory error detector
==579750== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==579750== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==579750== Command: mruby ac5ab38f2702cd2ac4fe822fa9d0a49e1f4bec68
==579750==
==579750== Invalid read of size 4
==579750==    at 0x13C585: local_add_f (parse.y:306)
==579750==    by 0x13C585: local_add_f (parse.y:303)
==579750==    by 0x13C585: local_add_lv (parse.y:754)
==579750==    by 0x13C585: new_args_tail (parse.y:805)
==579750==    by 0x145D70: yyparse (parse.y:2707)
==579750==    by 0x150130: mrb_parser_parse (parse.y:6088)
==579750==    by 0x1504F5: mrb_parse_file (parse.y:6257)
==579750==    by 0x1504F5: mrb_load_file_cxt (parse.y:6348)
==579750==    by 0x10DC3E: main (mruby.c:270)
==579750==  Address 0x37 is not stack'd, malloc'd or (recently) free'd
==579750==
==579750==
==579750== Process terminating with default action of signal 11 (SIGSEGV)
==579750==  Access not within mapped region at address 0x37
==579750==    at 0x13C585: local_add_f (parse.y:306)
==579750==    by 0x13C585: local_add_f (parse.y:303)
==579750==    by 0x13C585: local_add_lv (parse.y:754)
==579750==    by 0x13C585: new_args_tail (parse.y:805)
==579750==    by 0x145D70: yyparse (parse.y:2707)
==579750==    by 0x150130: mrb_parser_parse (parse.y:6088)
==579750==    by 0x1504F5: mrb_parse_file (parse.y:6257)
==579750==    by 0x1504F5: mrb_load_file_cxt (parse.y:6348)
==579750==    by 0x10DC3E: main (mruby.c:270)
==579750==  If you believe this happened as a result of a stack
==579750==  overflow in your program's main thread (unlikely but
==579750==  possible), you can try to increase the size of the
==579750==  main thread stack using the --main-stacksize= flag.
==579750==  The main thread stack size used in this run was 8388608.
==579750==
==579750== HEAP SUMMARY:
==579750==     in use at exit: 246,243 bytes in 2,995 blocks
==579750==   total heap usage: 3,043 allocs, 48 frees, 295,247 bytes allocated
==579750==
==579750== LEAK SUMMARY:
==579750==    definitely lost: 0 bytes in 0 blocks
==579750==    indirectly lost: 0 bytes in 0 blocks
==579750==      possibly lost: 0 bytes in 0 blocks
==579750==    still reachable: 246,243 bytes in 2,995 blocks
==579750==         suppressed: 0 bytes in 0 blocks
==579750== Rerun with --leak-check=full to see details of leaked memory
==579750==
==579750== For lists of detected and suppressed errors, rerun with: -s
==579750== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant