Bug #8654
closedSEGV in Array#count
Added by Glass_saga (Masaki Matsushita) over 11 years ago. Updated about 11 years ago.
Description
Following code causes SEGV.
a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
p i
a2.replace(a1) if i == 0
end
Files
0001-array.c-rb_ary_count-check-length-to-avoid-SEGV.patch (2.37 KB) 0001-array.c-rb_ary_count-check-length-to-avoid-SEGV.patch | Eregon (Benoit Daloze), 07/18/2013 07:50 PM |
Updated by Eregon (Benoit Daloze) over 11 years ago
- File 0001-array.c-rb_ary_count-check-length-to-avoid-SEGV.patch 0001-array.c-rb_ary_count-check-length-to-avoid-SEGV.patch added
What do you think of this patch?
I am not sure assert_in_out_err is good for segfaults checks,
but I could not reproduce so reliably when removing the "p i".
Updated by Glass_saga (Masaki Matsushita) over 11 years ago
What do you think of this patch?
I already fixed it on r42040, but this ticket hasn't been closed because I have commited it with wrong commit message.
It's my fault.
However, I will add your test code.
Thank you for your patch,
Updated by mrkn (Kenta Murata) over 11 years ago
- Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED
I confirmed it is reproducible on the both head revisions of ruby_1_9_3 and ruby_2_0_0.
Updated by Eregon (Benoit Daloze) over 11 years ago
Glass_saga (Masaki Matsushita) wrote:
What do you think of this patch?
I already fixed it on r42040, but this ticket hasn't been closed because I have commited it with wrong commit message.
It's my fault.However, I will add your test code.
Thank you for your patch,
Ah, I should have looked the newest commits.
It might be worth adding the second change to avoid the pointer loop (seems about the only one in array.c), RARRAY_PTR() is kind of deprecated with the new GC for these cases in core.
I will commit it as I can rebase easily if it is OK.
Updated by Eregon (Benoit Daloze) over 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r42041.
Masaki, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- array.c (rb_ary_count): check length to avoid SEGV
while iterating. Remove other pointer loop when arg is given. - test/ruby/test_array.rb (test_count): add test for bug.
[ruby-core:56072] [Bug #8654]
Updated by Eregon (Benoit Daloze) over 11 years ago
- Status changed from Closed to Open
Reopening for backport.
(The fix will need to be a bit different as there is no RARRAY_AREF() in older versions).
Updated by Eregon (Benoit Daloze) over 11 years ago
- Status changed from Open to Closed
This issue was solved with changeset r42047.
Masaki, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- test/ruby/test_array.rb (test_count): add a test case for #count
with an argument. See Bug #8654.
Updated by nagachika (Tomoyuki Chikanaga) about 11 years ago
- Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED to 1.9.3: REQUIRED, 2.0.0: DONE
backported r42040, r42041 and r42047 to ruby_2_0_0 at r43228.
Updated by nagachika (Tomoyuki Chikanaga) about 11 years ago
... and backport r42068, r42069 to suppress warning and fix failure on CI (run with -w option).
Updated by usa (Usaku NAKAMURA) about 11 years ago
- Backport changed from 1.9.3: REQUIRED, 2.0.0: DONE to 1.9.3: DONE, 2.0.0: DONE
Backported to ruby_1_9_3 at r43491.