Actions
Bug #10127
closedWIN32OLE segfaults
Description
fole_initialize()
では引数をStringValue()
で変換していますが、ole_create_dcom()
には変換前の引数がそのまま渡されています。
そのため、to_str
メソッドを持つオブジェクトをホスト名とともに渡すと、不正なアクセスが起きます。
分かりやすい例では、NilClass#to_str
などを追加すればSEGVします。
https://github.com/nobu/ruby/compare/win32ole-fix
$ ./x64-mswin32_120/bin/ruby -rwin32ole -e 'class NilClass; alias to_str to_s; end; WIN32OLE.new(nil, "localhost") rescue p $!.message'
-e:1: [BUG] Segmentation fault
ruby 2.2.0dev (2014-08-12 trunk 47145) [x64-mswin64_120]
-- Control frame information -----------------------------------------------
c:0004 p:---- s:0011 e:000010 CFUNC :initialize
c:0003 p:---- s:0009 e:000008 CFUNC :new
c:0002 p:0024 s:0004 E:001738 EVAL -e:1 [FINISH]
c:0001 p:0000 s:0002 E:001438 TOP [FINISH]
-- Ruby level backtrace information ----------------------------------------
-e:1:in `<main>'
-e:1:in `new'
-e:1:in `initialize'
-- C level backtrace information -------------------------------------------
C:\Windows\SYSTEM32\ntdll.dll(NtWaitForSingleObject+0xa) [0x00000000770D12FA]
C:\Windows\system32\KERNELBASE.dll(WaitForSingleObjectEx+0x9c) [0x000007FEFD1D10DC]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_print_backtrace+0x34) [0x000007FEF12A39C4] c:\users\nobu\work\ruby\trunk\src\vm_dump.c:711
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_vm_bugreport+0x6f) [0x000007FEF12A3A3B] c:\users\nobu\work\ruby\trunk\src\vm_dump.c:973
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_bug_context+0x5e) [0x000007FEF11EF09A] c:\users\nobu\work\ruby\trunk\src\error.c:391
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(sigsegv+0x69) [0x000007FEF1252701] c:\users\nobu\work\ruby\trunk\src\signal.c:831
C:\Windows\system32\MSVCR120.dll(XcptFilter+0x1a9) [0x000007FEF4A0FC99]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(__tmainCRTStartup$filt$0+0x16) [0x000000013F8B16D6] f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c:666
C:\Windows\system32\MSVCR120.dll(_C_specific_handler+0x93) [0x000007FEF4A0F2CB]
C:\Windows\SYSTEM32\ntdll.dll(RtlDecodePointer+0xad) [0x00000000770A9D2D]
C:\Windows\SYSTEM32\ntdll.dll(RtlUnwindEx+0xbbf) [0x00000000770991CF]
C:\Windows\SYSTEM32\ntdll.dll(KiUserExceptionDispatcher+0x2e) [0x00000000770D1248]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_encoding2cp+0x9) [0x000007FEFA0F6A89] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:638
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_vstr2wc+0x47) [0x000007FEFA0FA4A3] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:1017
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_create_dcom+0xad) [0x000007FEFA0F6761] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:2317
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(fole_initialize+0xeb) [0x000007FEFA0F3BE7] c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:2904
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0_cfunc_with_frame+0x11b) [0x000007FEF11E3E07] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:124
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0_body+0x31c) [0x000007FEF11E3C74] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:179
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0+0x44) [0x000007FEF11E3950] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:55
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_call0+0xae) [0x000007FEF11DF1EE] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:334
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_funcallv+0x25) [0x000007FEF11E0289] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:811
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_class_new_instance+0x2c) [0x000007FEF11FF394] c:\users\nobu\work\ruby\trunk\src\object.c:1879
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call_cfunc_with_frame+0x12d) [0x000007FEF11E4105] c:\users\nobu\work\ruby\trunk\src\vm_insnhelper.c:1522
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call_general+0x3d9) [0x000007FEF11E4589] c:\users\nobu\work\ruby\trunk\src\vm_insnhelper.c:1957
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_exec_core+0xf96) [0x000007FEF11E7D3E] c:\users\nobu\work\ruby\trunk\x64-mswin32_120\vm.inc:1422
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_exec+0xb9) [0x000007FEF11E65B9] c:\users\nobu\work\ruby\trunk\src\vm.c:1377
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_iseq_eval_main+0x81) [0x000007FEF11E04F1] c:\users\nobu\work\ruby\trunk\src\vm.c:1647
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_exec_internal+0xcb) [0x000007FEF11A6FA3] c:\users\nobu\work\ruby\trunk\src\eval.c:255
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_exec_node+0x1d) [0x000007FEF11A6FFD] c:\users\nobu\work\ruby\trunk\src\eval.c:318
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_run_node+0x30) [0x000007FEF11A728C] c:\users\nobu\work\ruby\trunk\src\eval.c:309
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(main+0x40) [0x000000013F8B1040] c:\users\nobu\work\ruby\trunk\src\main.c:38
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(__tmainCRTStartup+0x10f) [0x000000013F8B12A7] f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c:626
C:\Windows\system32\kernel32.dll(BaseThreadInitThunk+0xd) [0x0000000076E759ED]
-- Other runtime information -----------------------------------------------
* Loaded script: -e
* Loaded features:
0 enumerator.so
1 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/encdb.so
2 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/windows_31j.so
3 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/trans/transdb.so
4 C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/win32ole.so
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
Updated by suke (Masaki Suketa) over 10 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Applied in changeset r47153.
- ext/win32ole/win32ole.c (ole_create_dcom): use the converted
result if the argument can be converted to a string, to get rid
of invalid access. Thanks to nobu. [ruby-dev:48467] [Bug #10127]
Updated by nagachika (Tomoyuki Chikanaga) about 10 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE
Backported into ruby_2_1
branch at r47325.
Updated by usa (Usaku NAKAMURA) about 10 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: DONE to 2.0.0: DONE, 2.1: DONE
backported into ruby_2_0_0
at r47405.
Actions
Like0
Like0Like0Like0