https://redmine.ruby-lang.org/https://redmine.ruby-lang.org/favicon.ico?17113305112017-02-20T08:55:05ZRuby Issue Tracking SystemRuby master - Bug #13234: Infinite recursion (stack overflow) in parse_char_class()https://redmine.ruby-lang.org/issues/13234?journal_id=630452017-02-20T08:55:05Zshyouhei (Shyouhei Urabe)shyouhei@ruby-lang.org
<ul></ul><p>Kamil Frankowicz wrote:</p>
<blockquote>
<p>After some fuzz testing I found a crashing test case.</p>
</blockquote>
<p>Great... I can reproduce this. Not sure if this is an "infinite" recursion or just too deep to run on my machine, though.</p>
<p>Do you run a fuzz test for ruby or for your project? If this is something disclosable please do so, because currently ruby lacks such thing.</p> Ruby master - Bug #13234: Infinite recursion (stack overflow) in parse_char_class()https://redmine.ruby-lang.org/issues/13234?journal_id=630462017-02-20T09:46:18Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Closed</i></li></ul><p>Applied in changeset r57660.</p>
<hr>
<p>regparse.c: initialize return values</p>
<ul>
<li>regparse.c (parse_char_class): initialize return values before<br>
depth limit check. returned values will be freed in callers<br>
regardless the error. <a href="/issues/13234">[ruby-core:79624]</a> [Bug <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Infinite recursion (stack overflow) in parse_char_class() (Closed)" href="https://redmine.ruby-lang.org/issues/13234">#13234</a>]</li>
</ul> Ruby master - Bug #13234: Infinite recursion (stack overflow) in parse_char_class()https://redmine.ruby-lang.org/issues/13234?journal_id=630472017-02-20T10:41:18Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul><li><strong>File</strong> <a href="/attachments/6388">bug-13234.log</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/6388/bug-13234.log">bug-13234.log</a> added</li><li><strong>Description</strong> updated (<a title="View differences" href="/journals/63047/diff?detail_id=43990">diff</a>)</li><li><strong>Backport</strong> changed from <i>2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN</i> to <i>2.2: DONTNEED, 2.3: DONTNEED, 2.4: REQUIRED</i></li></ul> Ruby master - Bug #13234: Infinite recursion (stack overflow) in parse_char_class()https://redmine.ruby-lang.org/issues/13234?journal_id=630502017-02-20T16:43:51Zfumfel (Kamil Frankowicz)
<ul></ul><p>Shyouhei Urabe wrote:</p>
<blockquote>
<p>Kamil Frankowicz wrote:</p>
<blockquote>
<p>After some fuzz testing I found a crashing test case.</p>
</blockquote>
<p>Great... I can reproduce this. Not sure if this is an "infinite" recursion or just too deep to run on my machine, though.</p>
<p>Do you run a fuzz test for ruby or for your project? If this is something disclosable please do so, because currently ruby lacks such thing.</p>
</blockquote>
<p>I fuzz ruby (in this case miniruby binary) with American Fuzzy Lop fuzzer (<a href="http://lcamtuf.coredump.cx/afl/" class="external">http://lcamtuf.coredump.cx/afl/</a>). My testing corpus contains files from various open source projects written in ruby. It's all :-)</p> Ruby master - Bug #13234: Infinite recursion (stack overflow) in parse_char_class()https://redmine.ruby-lang.org/issues/13234?journal_id=630982017-02-22T09:49:20Zfumfel (Kamil Frankowicz)
<ul></ul><p>This is CVE-2017-6181.</p> Ruby master - Bug #13234: Infinite recursion (stack overflow) in parse_char_class()https://redmine.ruby-lang.org/issues/13234?journal_id=631022017-02-22T10:36:02Zshyouhei (Shyouhei Urabe)shyouhei@ruby-lang.org
<ul></ul><p>Thank you again for the useful information. Will consider using the fuzzer and hopefully integrate into our test suite if possible/allowed.</p> Ruby master - Bug #13234: Infinite recursion (stack overflow) in parse_char_class()https://redmine.ruby-lang.org/issues/13234?journal_id=634832017-03-12T14:03:19Znaruse (Yui NARUSE)naruse@airemix.jp
<ul><li><strong>Backport</strong> changed from <i>2.2: DONTNEED, 2.3: DONTNEED, 2.4: REQUIRED</i> to <i>2.2: DONTNEED, 2.3: DONTNEED, 2.4: DONE</i></li></ul><p>ruby_2_4 r57909 merged revision(s) 57660.</p>