Backport #7402
closed
Avoid calling methods on user objects from segfault handler
Added by Anonymous over 11 years ago.
Updated over 11 years ago.
Description
When the segfault handler is listing loaded features, it iterates through $LOADED_FEATURES and calls StringValueCStr() on each item. This in turn calls #to_str on the object.
If a #to_str method is defined on a non-T_STRING, it is possible to have code run during the segfault handler. If an exception is raised or a tag is thrown, it is possible to escape the segfault handler and recover from a segmentation fault.
I've attached a patch that checks if an item in $LOADED_FEATURES is a T_STRING, and calls rb_any_to_s() if not. This will avoid calling any methods which could potentially call back into Ruby-land.
Files
- Status changed from Open to Assigned
- Assignee set to ko1 (Koichi Sasada)
- Target version set to 2.0.0
- Assignee changed from ko1 (Koichi Sasada) to nobu (Nobuyoshi Nakada)
nobu, could you check it?
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r38041.
Charlie, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
vm_dump.c: no methods in segv handler
- vm_dump.c (rb_vm_bugreport): get rid of calling methods in sigsegv
handler. based on a patch by charliesome (Charlie Somerville)
[ruby-core:49573] [Bug #7402]
- Tracker changed from Bug to Backport
- Project changed from Ruby master to Backport193
- Status changed from Closed to Assigned
- Assignee changed from nobu (Nobuyoshi Nakada) to usa (Usaku NAKAMURA)
- Target version deleted (
2.0.0)
- Status changed from Assigned to Closed
r38335 fixed testing issue: it generates garbage core file.
Also available in: Atom
PDF
Like0
Like0Like0Like0Like0Like0