Project

General

Profile

Actions

Bug #3752

closed

ruby/dl and segmentation fault

Added by vinc-mai (Vincent Carmona) over 13 years ago. Updated almost 13 years ago.

Status:
Rejected
Target version:
-
ruby -v:
ruby 1.9.1p378 (2010-01-10 revision 26273) [i486-linux]
Backport:
[ruby-core:31892]

Description

=begin
I am trying to port ruby-taglib to ruby 1.9
My current efforts can be dowload at http://rubyforge.org/frs/?group_id=5494 .

When I trying to access an unsupported format file (i.e. an empty file) I have an segmentation fault.
Here is a test case which work with the 1.8 serie (TagLib::BadFile is thrown).

require 'taglib'
begin
tag=TagLib::File.new("/unsupported/format/file")
p tag.title
rescue TagLib::BadFile
p 'TagLib::BadFile'
ensure
tag.close if tag
end

The segfault happens is the private method TagLib::File#tag when TagLib.taglib_file_tag is called.

The important steps are in ruby-taglib code are:
require 'dl'
require 'dl/import'
extend DL::Importer
dlload 'libtag_c.so'
extern 'void* taglib_file_tag(void*)'
@tag (Andrii Tereshchenko) ||= TagLib.taglib_file_tag(@file)

See the full code (less than 250 lignes) for more info.

I think TagLib.taglib_file_tag returns nil on error with ruby 1.8.
Can this behavior be ported to ruby 1.9 ? A crash is not very handy.

Here is the trace :

/usr/lib/ruby/1.9.1/dl/func.rb:39: [BUG] Segmentation fault
ruby 1.9.1p378 (2010-01-10 revision 26273) [i486-linux]

-- control frame ----------
c:0008 p:---- s:0031 b:0031 l:000030 d:000030 CFUNC :call
c:0007 p:0076 s:0027 b:0027 l:000026 d:000026 METHOD /usr/lib/ruby/1.9.1/dl/func.rb:39
c:0006 p:0019 s:0020 b:0020 l:000019 d:000019 METHOD (eval):2
c:0005 p:0027 s:0015 b:0015 l:000014 d:000014 METHOD /home/instable/Desktop/zik/dev/taglib.rb:227
c:0004 p:0018 s:0012 b:0011 l:000010 d:000010 METHOD /home/instable/Desktop/zik/dev/taglib.rb:153
c:0003 p:0048 s:0008 b:0007 l:0014e4 d:000618 EVAL ./es.rb:9
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:0014e4 d:0014e4 TOP

-- Ruby level backtrace information-----------------------------------------
/usr/lib/ruby/1.9.1/dl/func.rb:39:in call' /usr/lib/ruby/1.9.1/dl/func.rb:39:in call'
(eval):2:in taglib_file_tag' /home/instable/Desktop/zik/dev/taglib.rb:227:in tag'
/home/instable/Desktop/zik/dev/taglib.rb:153:in title' ./es.rb:9:in '

-- C level backtrace information -------------------------------------------
0xb76dc929 /usr/lib/libruby-1.9.1.so.1.9(rb_vm_bugreport+0x69) [0xb76dc929]
0xb75f592f /usr/lib/libruby-1.9.1.so.1.9(+0x4692f) [0xb75f592f]
0xb75f59ca /usr/lib/libruby-1.9.1.so.1.9(rb_bug+0x3a) [0xb75f59ca]
0xb76829c4 /usr/lib/libruby-1.9.1.so.1.9(+0xd39c4) [0xb76829c4]
0xb7751410 [0xb7751410]
0xb71c7fa0 /usr/lib/ruby/1.9.1/i486-linux/dl.so(rb_dlcfunc_call+0x5cc0) [0xb71c7fa0]
0xb76c9af3 /usr/lib/libruby-1.9.1.so.1.9(+0x11aaf3) [0xb76c9af3]
0xb76c9e84 /usr/lib/libruby-1.9.1.so.1.9(+0x11ae84) [0xb76c9e84]
0xb76d617c /usr/lib/libruby-1.9.1.so.1.9(+0x12717c) [0xb76d617c]
0xb76d0673 /usr/lib/libruby-1.9.1.so.1.9(+0x121673) [0xb76d0673]
0xb76d3b46 /usr/lib/libruby-1.9.1.so.1.9(+0x124b46) [0xb76d3b46]
0xb76d3dbb /usr/lib/libruby-1.9.1.so.1.9(rb_iseq_eval_main+0xab) [0xb76d3dbb]
0xb75f7c77 /usr/lib/libruby-1.9.1.so.1.9(ruby_exec_node+0xb7) [0xb75f7c77]
0xb75f9276 /usr/lib/libruby-1.9.1.so.1.9(ruby_run_node+0x56) [0xb75f9276]
0x80487c8 ruby1.9.1(main+0x68) [0x80487c8]
0xb73ecbd6 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb73ecbd6]
0x80486c1 ruby1.9.1() [0x80486c1]

[NOTE]
You may encounter a bug of Ruby interpreter. Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

Abandon
=end

Actions #1

Updated by tenderlovemaking (Aaron Patterson) over 13 years ago

  • Category set to ext
  • Assignee set to tenderlovemaking (Aaron Patterson)

=begin

=end

Actions #2

Updated by shyouhei (Shyouhei Urabe) over 13 years ago

  • Status changed from Open to Assigned

=begin

=end

Actions #3

Updated by tenderlovemaking (Aaron Patterson) over 13 years ago

  • Status changed from Assigned to Rejected

=begin
If you pass a wrong pointer to a function, it will segv just like the C code would segv. DL is not meant to protect you from errors you could also make in C.

Here is an example of doing a null check, but with a crash. Provide a good file to taglib, and it won't crash.

 require 'dl'
 require 'dl/import'
 
 module Foo
   extend DL::Importer
   dlload '/opt/local/lib/libtag_c.dylib'
   extern 'void* taglib_file_tag(void*)'
   extern 'void* taglib_file_new(char*)'
 end
 
 taglib_file = Foo.taglib_file_new(ARGV[0] || 'foo')
 
 if taglib_file.null?
   puts "bad file"
   Foo.taglib_file_tag(taglib_file) # This will SEGV because it's a NULL pointer
 else
   file_tag = Foo.taglib_file_tag(taglib_file)
 end

=end

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0