Issue #4456 has been updated by Naohisa G…
File strftime.patch added
ruby_1_9_3のリビジョン32548にて、sparc Solaris10 (32ビット, Solaris Studio
12)ではSEGVが未だに発生します。パッチを添付するので適用希望です。
デバッガ上で実行すると以下のような感じです。
$ dbx …/…/sparc32-cc12-debug-svn193/bin/ruby
(===snip===)
(dbx) run -e ‘Time.now.strftime(“%1000000000F”)’
Running: ruby -e Time.now.strftime(“%1000000000F”)
(process id 6581)
Reading libc_psr.so.1
Reading encdb.so
Reading transdb.so
t@1 (l@1) signal SEGV (no mapping at the fault address) in _memcpy at
0x7fb907f4
0x7fb907f4: _memcpy+0x0034: stb %o3, [%o0]
Current function is rb_strftime_with_timespec
704 STRFTIME(“%Y-%m-%d”);
(dbx) where
current thread: t@1
[1] _memcpy(0x13b5abdda, 0xffbff3e4, 0x3, 0x32, 0x3b9ac9f6,
0xffbff344), at 0x7fb907f4
=>[2] rb_strftime_with_timespec(s = 0xffbff3e4 “2011-07-15”, maxsize =
100U, format = 0x467fab “F”, vtm = 0x486998, timev = 4U, ts =
0xffbff344, gmt = 0), line 704 in “strftime.c”
[3] rb_strftime_timespec(s = 0xffbff3e4 “2011-07-15”, maxsize = 100U,
format = 0x467fa0 “%1000000000F”, vtm = 0x486998, ts = 0xffbff344, gmt =
0), line 793 in “strftime.c”
[4] rb_strftime_alloc(buf = 0xffbff3e0, format = 0x467fa0
“%1000000000F”, vtm = 0x486998, timew = 2621443089986389401ULL, gmt =
0), line 4311 in “time.c”
[5] time_strftime(time = 4707408U, format = 4707720U), line 4564 in
“time.c”
[6] call_cfunc(func = 0x1790c0 = &ruby
time.c`time_strftime(VALUE
time, VALUE format), recv = 4707408U, len = 1, argc = 1, argv =
0x2bd9f4), line 323 in “vm_insnhelper.c”
(===snip===)
[15] main(argc = 3, argv = 0xffbffa5c), line 38 in “main.c”
(dbx) print s, endp, precision, s + precision
s = 0xffbff3e4 “2011-07-15”
endp = 0xffbff448 “”
precision = 1000000000
s+precision = 0x3b5abde4 “<bad address 0x3b5abde4>”
strftime.c の213行目のマクロ
#define NEEDS(n) do if (s + (n) >= endp - 1) goto err; while (0)
の s + (n) の計算が integer overflow して goto err に行かないのが原因のようです。
添付のパッチのようにオーバーフローしないように演算順序を変えるとSEGVは出なくなるのを確認しました。
Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合
Author: tadayoshi funaba
Status: Closed
Priority: Normal
Assignee:
Category:
Target version:
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]
=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]
– Control frame information
c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP
– Ruby level backtrace information
-e:1:in `’
Segmentation fault
=end