Bug #11928
closed
Segmentation fault in did_you_mean extension
Description
I'm getting a segmentation fault in my Rails application test suite if I attempt to use an undefined method/object.
I was not able to reproduce this outside of the complex environment of my application, but hopefully you might be able to figure out what is going on just using the crash logs. I had to filter out lines that contained file paths of my application - fortunately they were only in the "Loaded features" section and not anywhere in C or Ruby backtraces.
Files
Updated by nobu (Nobuyoshi Nakada) almost 9 years ago
- Status changed from Open to Feedback
What exception will raise with --disable=did_you_mean command line option?
Updated by hirokiraj (Jakub Jatczak) almost 9 years ago
I think i encountered similiar or even the same issue, managed to replicate in quite simple env with roda
https://github.com/hirokiraj/roda-2.3.0-bug
Control frame and backtrace -> https://gist.github.com/hirokiraj/83d917de90e0f60253ba
Crash diagnostic report -> https://gist.github.com/hirokiraj/4ef37abec72bec2f6ada
Will investigate what happens with --disable=did_you_mean
Updated by yuki24 (Yuki Nishijima) almost 9 years ago
I was able to replicate it without did_you_mean.
-
Save this file as
loader.rb:-> { require_relative 'segfault' }.call -
Save this file as
segfault.rb:class Segfault at_exit { Segfault.new.segfault } define_method 'segfault' do while true do (foo rescue $!).local_variables end end end -
Then run:
$ ruby --disable-gems loader.rb
Updated by wanabe (_ wanabe) almost 9 years ago
- Status changed from Feedback to Open
- Assignee deleted (
yuki24 (Yuki Nishijima))
With the just experimental patch, I didn't encounter SEGV.
I suspect about GC mark matter of T_IMEMO iseq, referenced by NameError#local_variables.
diff --git a/gc.c b/gc.c
index 874cb98..e34da14 100644
--- a/gc.c
+++ b/gc.c
@@ -2064,6 +2064,10 @@ obj_free(rb_objspace_t *objspace, VALUE obj)
#endif
#endif
+ if (BUILTIN_TYPE(obj) == T_IMEMO && imemo_type(obj) == imemo_iseq) {
+ return 1;
+ }
+
switch (BUILTIN_TYPE(obj)) {
case T_OBJECT:
if (!(RANY(obj)->as.basic.flags & ROBJECT_EMBED) &&
I changed the status and the assignee because this seem not to be a did_you_mean matter.
Updated by nobu (Nobuyoshi Nakada) almost 9 years ago
- Status changed from Open to Closed
Applied in changeset r53514.
iseq.c: mark parents of wrapped iseq
- iseq.c (iseqw_mark): as wrapped iseq is isolated from the call
stack, it needs to take care of its parent and ancestors, so
that they do not become orphans. [ruby-core:72620] [Bug #11928]
Updated by wanabe (_ wanabe) almost 9 years ago
This script still causes SEGV.
Confirmed with ruby 2.4.0dev (2016-01-13 trunk 53518) [x86_64-darwin15] and ruby 2.4.0dev (2016-01-13 trunk 53518) [x86_64-linux].
->{
->{
->{
eval <<-EOS
class Segfault
at_exit { Segfault.new.segfault }
define_method :segfault do
GC.disable
0.step do |n|
n.times do
(foo rescue $!).local_variables
end
GC.start
end
end
end
EOS
}.call
}.call
}.call
Updated by wanabe (_ wanabe) almost 9 years ago
_ wanabe wrote:
This script still causes SEGV.
Fixed at r53524. Thanks!
Updated by nobu (Nobuyoshi Nakada) almost 9 years ago
- Has duplicate Bug #12000: Crash report for 2.3.0 added
Updated by wanabe (_ wanabe) over 8 years ago
ruby-2.3 seems to have the bug as pointed by #12078.
I guess the issue should be set "2.3: REQUIRED" to make r53514 and r53524 backported, shouldn't this?
Updated by amw (Adam Wróbel) over 8 years ago
- Backport changed from 2.3: UNKNOWN to 2.3: REQUIRED
I've changed the backport flag as requested, but can't change ticket status. Hope a responsible party will be notified.
Updated by yuki24 (Yuki Nishijima) over 8 years ago
- Status changed from Closed to Open
- Backport changed from 2.3: REQUIRED to 2.1: DONTNEED, 2.2: DONTNEED, 2.3: REQUIRED
I'm re-opening this ticket as the fix needs to be backported to 2.3.0 as well.
Updated by usa (Usaku NAKAMURA) over 8 years ago
- Status changed from Open to Closed
Never change the status!
"Open" means that it's not fixed in trunk and then not be able to be backported yet.
"Closed" means "It's already fixed! Now it can be backported!"
Updated by nobu (Nobuyoshi Nakada) over 8 years ago
- Has duplicate Bug #12107: Segmentation fault at 0x000000000000b8 - did_you_mean added
Updated by nobu (Nobuyoshi Nakada) over 8 years ago
- Has duplicate Bug #12078: Segmentation fault in did_you_mean with ruby revision 53608 added
Updated by naruse (Yui NARUSE) over 8 years ago
- Backport changed from 2.1: DONTNEED, 2.2: DONTNEED, 2.3: REQUIRED to 2.1: DONTNEED, 2.2: DONTNEED, 2.3: DONE
ruby_2_3 r54405 merged revision(s) 53514,53524.
Updated by nobu (Nobuyoshi Nakada) over 8 years ago
- Has duplicate Bug #12265: did_you_mean spell checker crash added
Updated by nobu (Nobuyoshi Nakada) about 8 years ago
- Has duplicate Bug #12796: Segmentation fault at ~/.rvm/gems/ruby-2.3.0@global/gems/did_you_mean-1.0.0/lib/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb:10: [BUG] added