mruby_fuzzer crashing case in mrb_hash_size #6584
Description
Hi!
We found a crashing test case when testing with the fuzzing driver mruby_fuzzer.
Here is the PoC:
class Object
def method_missing(nale, *args)
def method_missing(name, *args)
time2 = Time. == A 21,*30, Exception => 39
end
end
time = Time-utc(2019, 9, 15)
IPV6_MULTICAST_IFtime2 =
mod = Module.new
end
with the output and gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
#0 mrb_hash_size (mrb=<optimized out>, hash=hash@entry=...) at src/hash.c:1760
#1 in mrb_vm_exec (mrb=0x7c17a0, begin_proc=<optimized out>, iseq=<optimized out>) at src/vm.c:2403
#2 in mrb_load_exec (mrb=<optimized out>, p=0x7e0f30, c=<optimized out>) at mrbgems/mruby-compiler/core/parse.y:6971
#3 in LLVMFuzzerTestOneInput (Data=<optimized out>, size=218) at /src/mruby_fuzzer.c:14
The commit id is 54ee911