[Closed] WIN32OLE segfaults

Issue #10127 has been updated by Masaki S…

Status changed from Assigned to Closed
% Done changed from 0 to 100

Applied in changeset r47153.


  • ext/win32ole/win32ole.c (ole_create_dcom): use the converted
    result if the argument can be converted to a string, to get rid
    of invalid access. Thanks to nobu. [ruby-dev:48467] [Bug #10127]

Bug #10127: WIN32OLE segfaults

  • Author: Nobuyoshi N.
  • Status: Closed
  • Priority: Normal
  • Assignee: Masaki S.
  • Category: platform/windows
  • Target version: current: 2.2.0
  • ruby -v: trunk
  • Backport: 2.0.0: REQUIRED, 2.1: REQUIRED

fole_initialize()では引数をStringValue()で変換していますが、ole_create_dcom()には変換前の引数がそのまま渡されています。
そのため、to_strメソッドを持つオブジェクトをホスト名とともに渡すと、不正なアクセスが起きます。
分かりやすい例では、NilClass#to_strなどを追加すればSEGVします。

https://github.com/nobu/ruby/compare/win32ole-fix

$ ./x64-mswin32_120/bin/ruby -rwin32ole -e 'class NilClass; alias to_str 
to_s; end; WIN32OLE.new(nil, "localhost") rescue p $!.message'
-e:1: [BUG] Segmentation fault
ruby 2.2.0dev (2014-08-12 trunk 47145) [x64-mswin64_120]

-- Control frame information 
-----------------------------------------------
c:0004 p:---- s:0011 e:000010 CFUNC  :initialize
c:0003 p:---- s:0009 e:000008 CFUNC  :new
c:0002 p:0024 s:0004 E:001738 EVAL   -e:1 [FINISH]
c:0001 p:0000 s:0002 E:001438 TOP    [FINISH]

-- Ruby level backtrace information 
----------------------------------------
-e:1:in `<main>'
-e:1:in `new'
-e:1:in `initialize'

-- C level backtrace information 
-------------------------------------------
C:\Windows\SYSTEM32\ntdll.dll(NtWaitForSingleObject+0xa) 
[0x00000000770D12FA]
C:\Windows\system32\KERNELBASE.dll(WaitForSingleObjectEx+0x9c) 
[0x000007FEFD1D10DC]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_print_backtrace+0x34) 
[0x000007FEF12A39C4] c:\users\nobu\work\ruby\trunk\src\vm_dump.c:711
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_vm_bugreport+0x6f) 
[0x000007FEF12A3A3B] c:\users\nobu\work\ruby\trunk\src\vm_dump.c:973
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_bug_context+0x5e) 
[0x000007FEF11EF09A] c:\users\nobu\work\ruby\trunk\src\error.c:391
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(sigsegv+0x69) 
[0x000007FEF1252701] c:\users\nobu\work\ruby\trunk\src\signal.c:831
C:\Windows\system32\MSVCR120.dll(XcptFilter+0x1a9) [0x000007FEF4A0FC99]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(__tmainCRTStartup$filt$0+0x16) 
[0x000000013F8B16D6] f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c:666
C:\Windows\system32\MSVCR120.dll(_C_specific_handler+0x93) 
[0x000007FEF4A0F2CB]
C:\Windows\SYSTEM32\ntdll.dll(RtlDecodePointer+0xad) 
[0x00000000770A9D2D]
C:\Windows\SYSTEM32\ntdll.dll(RtlUnwindEx+0xbbf) [0x00000000770991CF]
C:\Windows\SYSTEM32\ntdll.dll(KiUserExceptionDispatcher+0x2e) 
[0x00000000770D1248]
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_encoding2cp+0x9) 
[0x000007FEFA0F6A89] 
c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:638
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_vstr2wc+0x47) 
[0x000007FEFA0FA4A3] 
c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:1017
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(ole_create_dcom+0xad) 
[0x000007FEFA0F6761] 
c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:2317
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\lib\ruby\2.2.0\x64-mswin64_120\win32ole.so(fole_initialize+0xeb) 
[0x000007FEFA0F3BE7] 
c:\users\nobu\work\ruby\trunk\src\ext\win32ole\win32ole.c:2904
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0_cfunc_with_frame+0x11b) 
[0x000007FEF11E3E07] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:124
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0_body+0x31c) 
[0x000007FEF11E3C74] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:179
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call0+0x44) 
[0x000007FEF11E3950] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:55
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_call0+0xae) 
[0x000007FEF11DF1EE] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:334
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_funcallv+0x25) 
[0x000007FEF11E0289] c:\users\nobu\work\ruby\trunk\src\vm_eval.c:811
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_class_new_instance+0x2c) 
[0x000007FEF11FF394] c:\users\nobu\work\ruby\trunk\src\object.c:1879
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call_cfunc_with_frame+0x12d) 
[0x000007FEF11E4105] 
c:\users\nobu\work\ruby\trunk\src\vm_insnhelper.c:1522
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_call_general+0x3d9) 
[0x000007FEF11E4589] 
c:\users\nobu\work\ruby\trunk\src\vm_insnhelper.c:1957
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_exec_core+0xf96) 
[0x000007FEF11E7D3E] 
c:\users\nobu\work\ruby\trunk\x64-mswin32_120\vm.inc:1422
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(vm_exec+0xb9) 
[0x000007FEF11E65B9] c:\users\nobu\work\ruby\trunk\src\vm.c:1377
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(rb_iseq_eval_main+0x81) 
[0x000007FEF11E04F1] c:\users\nobu\work\ruby\trunk\src\vm.c:1647
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_exec_internal+0xcb) 
[0x000007FEF11A6FA3] c:\users\nobu\work\ruby\trunk\src\eval.c:255
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_exec_node+0x1d) 
[0x000007FEF11A6FFD] c:\users\nobu\work\ruby\trunk\src\eval.c:318
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\x64-msvcr120-ruby220.dll(ruby_run_node+0x30) 
[0x000007FEF11A728C] c:\users\nobu\work\ruby\trunk\src\eval.c:309
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(main+0x40) 
[0x000000013F8B1040] c:\users\nobu\work\ruby\trunk\src\main.c:38
C:\Users\nobu\work\ruby\trunk\x64-mswin32_120\ruby.exe(__tmainCRTStartup+0x10f) 
[0x000000013F8B12A7] f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c:626
C:\Windows\system32\kernel32.dll(BaseThreadInitThunk+0xd) 
[0x0000000076E759ED]

-- Other runtime information 
-----------------------------------------------

* Loaded script: -e

* Loaded features:

    0 enumerator.so
    1 
C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/encdb.so
    2 
C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/windows_31j.so
    3 
C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/enc/trans/transdb.so
    4 
C:/Users/nobu/work/ruby/trunk/x64-mswin32_120/lib/ruby/2.2.0/x64-mswin64_120/win32ole.so

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension 
libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html