Project

General

Profile

Actions

Bug #15406

closed

Loaded iseq may cause SEGV on GC

Added by wanabe (_ wanabe) over 5 years ago. Updated over 5 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.6.0dev (2018-12-13 trunk 66370) [x86_64-linux]
[ruby-core:90456]

Description

Attached test.rb causes SEGV on trunk r66370.
test.log is stderr log.

I don't known what [0, 13, 0] means, but I guess environment dependent.
./miniruby test.rb 4 17 0 also causes SEGV on mn environment but ./miniruby test.rb 4 16 0 doesn't.

Note:
I've found the issue during the investigation of #15395, but I don't know it is related or not.


Files

test.rb (282 Bytes) test.rb wanabe (_ wanabe), 12/12/2018 08:43 PM
test.log (10.5 KB) test.log wanabe (_ wanabe), 12/12/2018 08:46 PM

Updated by ko1 (Koichi Sasada) over 5 years ago

This patch will fix.
Aaron, could you confirm it?

Index: compile.c
===================================================================
--- compile.c	(revision 66375)
+++ compile.c	(working copy)
@@ -8786,7 +8786,6 @@ ibf_load_code(const struct ibf_load *loa
 		/* code[code_index] = op; */
 		continue;
 	    }
-	    load_body->iseq_size = code_index + 1;
 	}
 	if (insn_len(insn) != op_index+1) {
 	    rb_raise(rb_eRuntimeError, "operand size mismatch");

Actions #2

Updated by tenderlovemaking (Aaron Patterson) over 5 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r66376.


Don't increment code_index

code_index doesn't need to be incremented since the mark array has
been removed. Thanks for the patch ko1!

[ruby-core:90456] [Bug #15406]

Updated by tenderlovemaking (Aaron Patterson) over 5 years ago

ko1 (Koichi Sasada) wrote:

This patch will fix.
Aaron, could you confirm it?

I bisected this and r62851 introduced the issue. The patch makes sense, so I applied it in r66376. Thanks ko1!

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0