https://redmine.ruby-lang.org/https://redmine.ruby-lang.org/favicon.ico?17113305112020-08-21T20:58:07ZRuby Issue Tracking SystemRuby master - Bug #16907: Probable use-after-free in VM assertionhttps://redmine.ruby-lang.org/issues/16907?journal_id=871552020-08-21T20:58:07Zjeremyevans0 (Jeremy Evans)merch-redmine@jeremyevans.net
<ul></ul><p>I think I've found a solution. If the thread for the EC has been killed, then don't check that the VM pointer matches, because the thread's memory (including the VM pointer) will have been freed. I've added a pull request that fixes this: <a href="https://github.com/ruby/ruby/pull/3443" class="external">https://github.com/ruby/ruby/pull/3443</a>. This passes the bootstrap/basic tests on OpenBSD, which previously resulted in VM assertion failures without the change.</p> Ruby master - Bug #16907: Probable use-after-free in VM assertionhttps://redmine.ruby-lang.org/issues/16907?journal_id=871562020-08-21T21:52:52Zjeremyevans (Jeremy Evans)code@jeremyevans.net
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Closed</i></li></ul><p>Applied in changeset <a class="changeset" title="Avoid a use after free in VM assertion If the thread for the current EC has been killed, don't c..." href="https://redmine.ruby-lang.org/projects/ruby-master/repository/git/revisions/a0273d67d044dc9fe25313e0854a33374b990e8a">git|a0273d67d044dc9fe25313e0854a33374b990e8a</a>.</p>
<hr>
<p>Avoid a use after free in VM assertion</p>
<p>If the thread for the current EC has been killed, don't check<br>
the VM ptr for the EC (which gets it via the thread), as that will<br>
have already been freed.</p>
<p>Fixes [Bug <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Probable use-after-free in VM assertion (Closed)" href="https://redmine.ruby-lang.org/issues/16907">#16907</a>]</p>