Conversation
This was referenced Nov 7, 2019
headius
pushed a commit
that referenced
this pull request
Jan 6, 2020
eliminate use of freed memory rb_io_fptr_finalize_internal frees the memory region. ================================================================= ==85264==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000000d8c at pc 0x5608e38077f7 bp 0x7ffee12d5440 sp 0x7ffee12d5438 READ of size 4 at 0x610000000d8c thread T0 #0 0x5608e38077f6 in rb_io_memsize io.c:4749:24 #1 0x5608e37a0481 in obj_memsize_of gc.c:3547:14 #2 0x5608e37a4f30 in check_rvalue_consistency gc.c:1107:2 #3 0x5608e37a2624 in RVALUE_OLD_P gc.c:1218:5 ruby#4 0x5608e37a5bae in rb_gc_force_recycle gc.c:6652:18 ruby#5 0x5608e38191f9 in rb_f_backquote io.c:9021:5 ruby#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12 ruby#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11 ruby#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12 ruby#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9 ruby#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13 ruby#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12 ruby#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11 ruby#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11 ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22 ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11 ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2 ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12 ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25 ruby#19 0x5608e35c9486 in main main.c:42:9 #20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 ruby#21 0x5608e3522289 in _start (miniruby+0x15f289) 0x610000000d8c is located 76 bytes inside of 192-byte region [0x610000000d40,0x610000000e00) freed by thread T0 here: #0 0x5608e359a2ed in free (miniruby+0x1d72ed) #1 0x5608e37af421 in objspace_xfree gc.c:9591:5 #2 0x5608e37af3da in ruby_sized_xfree gc.c:9687:2 #3 0x5608e3799ac8 in ruby_xfree gc.c:9694:5 ruby#4 0x5608e380746d in rb_io_fptr_finalize_internal io.c:4728:5 ruby#5 0x5608e38191ed in rb_f_backquote io.c:9020:5 ruby#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12 ruby#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11 ruby#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12 ruby#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9 ruby#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13 ruby#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12 ruby#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11 ruby#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11 ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22 ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11 ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2 ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12 ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25 ruby#19 0x5608e35c9486 in main main.c:42:9 #20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 previously allocated by thread T0 here: #0 0x5608e359a56d in malloc (miniruby+0x1d756d) #1 0x5608e37aed12 in objspace_xmalloc0 gc.c:9416:5 #2 0x5608e37aebe7 in ruby_xmalloc0 gc.c:9600:12 #3 0x5608e37aea8b in ruby_xmalloc_body gc.c:9609:12 ruby#4 0x5608e37a6d64 in ruby_xmalloc gc.c:11469:12 ruby#5 0x5608e380e4b4 in rb_io_fptr_new io.c:8040:19 ruby#6 0x5608e380e446 in rb_io_make_open_file io.c:8077:10 ruby#7 0x5608e3850ea0 in pipe_open io.c:6707:5 ruby#8 0x5608e384edb4 in pipe_open_s io.c:6772:12 ruby#9 0x5608e381910b in rb_f_backquote io.c:9014:12 ruby#10 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12 ruby#11 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11 ruby#12 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12 ruby#13 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9 ruby#14 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13 ruby#15 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12 ruby#16 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11 ruby#17 0x5608e3d06cf5 in vm_exec_core insns.def:789:11 ruby#18 0x5608e3d43700 in rb_vm_exec vm.c:1892:22 ruby#19 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11 #20 0x5608e37620ca in ruby_exec_internal eval.c:262:2 ruby#21 0x5608e376198b in ruby_exec_node eval.c:326:12 ruby#22 0x5608e37617d0 in ruby_run_node eval.c:318:25 ruby#23 0x5608e35c9486 in main main.c:42:9 ruby#24 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 SUMMARY: AddressSanitizer: heap-use-after-free io.c:4749:24 in rb_io_memsize Shadow bytes around the buggy address: 0x0c207fff8160: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c207fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c207fff8180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c207fff8190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c207fff81a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c207fff81b0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c207fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==85264==ABORTING git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67710 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
headius
added a commit
to jruby/jruby
that referenced
this pull request
Jan 7, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
removed in jruby/jruby@7b964fd#diff-9db60b68eedf0d5f16826d2ce0afb1c1
fixes jruby/jruby#3462 (again)