[MacRuby] #1166: Segfaults occurs when was passed NULL pointer into rb_protect's 3rd argument.
MacRuby
ruby-noreply at macosforge.org
Fri Feb 25 08:12:11 PST 2011
#1166: Segfaults occurs when was passed NULL pointer into rb_protect's 3rd
argument.
----------------------------------+-----------------------------------------
Reporter: watson1978@… | Owner: lsansonetti@…
Type: defect | Status: new
Priority: blocker | Milestone:
Component: MacRuby | Keywords:
----------------------------------+-----------------------------------------
Test Script:
{{{
#!ruby
class Object
def singleton_class
class << self; self; end
end
def respond(sym)
singleton_class.class_eval <<-END
def respond_to?(sym)
sym.to_sym == #{sym.to_sym.inspect} ? true : super
end
END
end
end
obj = Object.new
obj.respond(:to_s)
obj.instance_eval{ undef :to_s }
Kernel.send(:String, obj)
}}}
Result:
{{{
$ DYLD_LIBRARY_PATH=. gdb --args ./macruby ~/tmp/tt.rb
GNU gdb 6.3.50-20050815 (Apple version gdb-1510) (Wed Sep 22 02:45:02 UTC
2010)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for
shared libraries ..... done
(gdb) r
Starting program: /Users/watson/src/macruby-trunk-svn/macruby
/Users/watson/tmp/tt.rb
Reading symbols for shared libraries .++++........................ done
Reading symbols for shared libraries . done
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x0000000100039362 in protect_rescue (obj=0, exc=8590646752) at eval.c:490
490 *(int *)obj = 1;
(gdb) bt 20
#0 0x0000000100039362 in protect_rescue (obj=0, exc=8590646752) at
eval.c:490
#1 0x000000010015508d in rb_rescue2 (b_proc=0x10003664e <safe_inspect>,
data1=8590336512, r_proc=0x10003934e <protect_rescue>, data2=0) at
vm.cpp:3500
#2 0x00000001000393db in rb_protect (proc=0x10003664e <safe_inspect>,
data=8590336512, state=0x0) at eval.c:502
#3 0x0000000100036735 in name_err_mesg_to_str (obj=8590336512,
sel=0x100ec60e0) at error.c:831
#4 0x000000010013bdb0 in __rb_vm_rcall [inlined] () at /Users/watson/src
/macruby-trunk-svn/dispatcher.cpp:159
#5 0x000000010013bdb0 in ruby_dispatch [inlined] () at /Users/watson/src
/macruby-trunk-svn/dispatcher.cpp:466
#6 0x000000010013bdb0 in rb_vm_dispatch () at dispatcher.cpp:863
#7 0x000000010005e0f9 in rb_vm_call0 (vm=0x100e23a70, top=0,
self=8590037920, klass=0x20003a120, sel=0x100ec60e0, block=0x0, opt=2
'\002', argc=0, argv=0x0) at vm.h:637
#8 0x000000010005df8a in rb_vm_call (self=8590037920, sel=0x100ec60e0,
argc=0, argv=0x0) at vm.h:644
#9 0x00000001000628d9 in convert_type (val=8590037920, tname=0x100906450
"String", method=0x100906208 "to_str", raise=2) at object.c:2515
#10 0x000000010006292b in rb_convert_type (val=8590037920, type=5,
tname=0x100906450 "String", method=0x100906208 "to_str") at object.c:2524
#11 0x00000001000bbf96 in rb_str_to_str (str=8590037920) at string.c:6381
#12 0x00000001000bbf2f in rb_string_value (ptr=0x7fff5fbfa0d0) at
string.c:6366
#13 0x0000000100036241 in name_err_to_s (exc=8590641568, sel=0x100e21210)
at error.c:725
#14 0x000000010013bdb0 in __rb_vm_rcall [inlined] () at /Users/watson/src
/macruby-trunk-svn/dispatcher.cpp:159
#15 0x000000010013bdb0 in ruby_dispatch [inlined] () at /Users/watson/src
/macruby-trunk-svn/dispatcher.cpp:466
#16 0x000000010013bdb0 in rb_vm_dispatch () at dispatcher.cpp:863
#17 0x00000001000e81d2 in rb_vm_call0 (vm=0x100e23a70, top=0,
self=8590641568, klass=0x20003a5e0, sel=0x100e21210, block=0x0, opt=2
'\002', argc=0, argv=0x0) at vm.h:637
#18 0x00000001000e92a5 in rb_vm_call2 (block=0x0, self=8590641568,
klass=8590173664, sel=0x100e21210, argc=0, argv=0x0) at vm.h:662
#19 0x00000001000e9145 in rb_call (recv=8590641568, mid=11472, argc=0,
argv=0x0, scope=1, pass_current_block=false) at vm_eval.c:32
(More stack frames follow...)
Current language: auto; currently c
(gdb)
}}}
Patch:
{{{
#!diff
diff --git a/eval.c b/eval.c
index 5d52151..b6f9069 100644
--- a/eval.c
+++ b/eval.c
@@ -487,7 +487,9 @@ static VALUE protect_exc = Qnil;
static VALUE
protect_rescue(VALUE obj, VALUE exc)
{
- *(int *)obj = 1;
+ if ((void *)obj != NULL) {
+ *(int *)obj = 1;
+ }
GC_RETAIN(exc);
protect_exc = exc;
return Qnil;
}}}
--
Ticket URL: <http://www.macruby.org/trac/ticket/1166>
MacRuby <http://macruby.org/>
More information about the macruby-tickets
mailing list