New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix segfault in Range without initialize_copy #3320

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
3 participants
@clayton-shopify
Contributor

clayton-shopify commented Dec 2, 2016

@matz

The following code results in a null pointer dereference, since an uninitialized Range object is used:

Range.remove_method(:initialize_copy)
(1..2).dup.to_s

This patch solves the issue by getting rid of the mrb_range_edges struct, so that initialization can be safely skipped.

This issue was reported by https://hackerone.com/charliesome.

@matz

This comment has been minimized.

Show comment
Hide comment
@matz

matz Dec 3, 2016

Member

This patch increases the size of RVALUE (object slot) thus increasing memory consumption.
I don't think it's acceptable. I understand the issue. I will fix it.

Member

matz commented Dec 3, 2016

This patch increases the size of RVALUE (object slot) thus increasing memory consumption.
I don't think it's acceptable. I understand the issue. I will fix it.

@matz matz closed this in 79a621d Dec 3, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment