[Ruby 1.9 - Bug #4456] [Open] Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Ruby Development
1

Issue #4456 has been reported by tadayoshi funaba.

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Open
Priority: Normal
Assignee:
Category:
Target version:
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]

$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault

2

Issue #4456 has been updated by Shota F…

Status changed from Open to Feedback

ruby -vからリビジョン番号が消えているような気がします。

See Also http://redmine.ruby-lang.org/projects/ruby/wiki/HowToReportJa

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Feedback
Priority: Normal
Assignee:
Category:
Target version:
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]

$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault

3

Issue #4456 has been updated by Yui NARUSE.

Status changed from Feedback to Open

trunkからビルドする場合、make upしないとrevision.hが更新されないのでリビジョンが入りませんね。

さておき、feedbackにする前に手元で再現するかは見てもいんじゃないですか。
多分ポータブルに発生すると思うのでOpenに戻します。

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Open
Priority: Normal
Assignee:
Category:
Target version:
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]

$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault

4

Issue #4456 has been updated by Naohisa G…

File strftime.patch added

ruby_1_9_3のリビジョン32548にて、sparc Solaris10 (32ビット, Solaris Studio
12)ではSEGVが未だに発生します。パッチを添付するので適用希望です。

デバッガ上で実行すると以下のような感じです。
$ dbx …/…/sparc32-cc12-debug-svn193/bin/ruby
(===snip===)
(dbx) run -e ‘Time.now.strftime(“%1000000000F”)’
Running: ruby -e Time.now.strftime(“%1000000000F”)
(process id 6581)
Reading libc_psr.so.1
Reading encdb.so
Reading transdb.so
t@1 (l@1) signal SEGV (no mapping at the fault address) in _memcpy at
0x7fb907f4
0x7fb907f4: _memcpy+0x0034: stb %o3, [%o0]
Current function is rb_strftime_with_timespec
704 STRFTIME(“%Y-%m-%d”);
(dbx) where
current thread: t@1
[1] _memcpy(0x13b5abdda, 0xffbff3e4, 0x3, 0x32, 0x3b9ac9f6,
0xffbff344), at 0x7fb907f4
=>[2] rb_strftime_with_timespec(s = 0xffbff3e4 “2011-07-15”, maxsize =
100U, format = 0x467fab “F”, vtm = 0x486998, timev = 4U, ts =
0xffbff344, gmt = 0), line 704 in “strftime.c”
[3] rb_strftime_timespec(s = 0xffbff3e4 “2011-07-15”, maxsize = 100U,
format = 0x467fa0 “%1000000000F”, vtm = 0x486998, ts = 0xffbff344, gmt =
0), line 793 in “strftime.c”
[4] rb_strftime_alloc(buf = 0xffbff3e0, format = 0x467fa0
“%1000000000F”, vtm = 0x486998, timew = 2621443089986389401ULL, gmt =
0), line 4311 in “time.c”
[5] time_strftime(time = 4707408U, format = 4707720U), line 4564 in
“time.c”
[6] call_cfunc(func = 0x1790c0 = &rubytime.c`time_strftime(VALUE
time, VALUE format), recv = 4707408U, len = 1, argc = 1, argv =
0x2bd9f4), line 323 in “vm_insnhelper.c”
(===snip===)
[15] main(argc = 3, argv = 0xffbffa5c), line 38 in “main.c”
(dbx) print s, endp, precision, s + precision
s = 0xffbff3e4 “2011-07-15”
endp = 0xffbff448 “”
precision = 1000000000
s+precision = 0x3b5abde4 “<bad address 0x3b5abde4>”

strftime.c の213行目のマクロ
#define NEEDS(n) do if (s + (n) >= endp - 1) goto err; while (0)
の s + (n) の計算が integer overflow して goto err に行かないのが原因のようです。

添付のパッチのようにオーバーフローしないように演算順序を変えるとSEGVは出なくなるのを確認しました。

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Closed
Priority: Normal
Assignee:
Category:
Target version:
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end

5

Issue #4456 has been updated by Motohiro KOSAKI.

Status changed from Closed to Open

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Open
Priority: Normal
Assignee:
Category:
Target version:
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end

6

Issue #4456 has been updated by Masaya T…

いつも手薄なSolarisでチェックしてパッチを書いていただいているので、
コミット権を取ってもらうのはどうでしょうか?
今日勝手に聞いてみたところ、メンテナをしてもよいと言ってもらいました。

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Assigned
Priority: Normal
Assignee: Yui NARUSE
Category: core
Target version: 1.9.3
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end

7

Issue #4456 has been updated by Motohiro KOSAKI.

Category set to core
Status changed from Open to Assigned
Assignee set to Yui NARUSE
Target version set to 1.9.3

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Assigned
Priority: Normal
Assignee: Yui NARUSE
Category: core
Target version: 1.9.3
ruby -v: ruby 1.9.3dev (2011-03-02) [i686-linux]

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end

8

$BHs>o$K=EMW$J=j$,H4$1$F$^$7$?!#(B

$B!X8eF#(B $BD>5W$5$s!Y$O(B

$B$$$D$b<jGv$J(BSolaris$B$G%A%’%C%/$7$F%Q%C%A$r=q$$$F$$$?$@$$$F$$$k$N$G!"(B

$B$G$9!#(B

9

2011$BG/(B7$B7n(B18$BF|(B0:24 Masaya TARUI [email protected]:

$BHs>o$K=EMW$J=j$,H4$1$F$^$7$?!#(B

$B!X8eF#(B $BD>5W$5$s!Y$O(B

$B$$$D$b<jGv$J(BSolaris$B$G%A%'%C%/$7$F%Q%C%A$r=q$$$F$$$?$@$$$F$$$k$N$G!"(B

+1.

10

$B$^$D$b$H(B $B$f$-$R$m$G$9(B

In message “Re: [ruby-dev:44143] Re: [Ruby 1.9 - Bug #4456]
Time#strftime $B$G(B %F $B;XDj;R$KBg$-$JI}$r;XDj$7$?:]$NIT6q9g(B”
on Mon, 18 Jul 2011 00:30:09 +0900, KOSAKI Motohiro
[email protected] writes:

|2011$BG/(B7$B7n(B18$BF|(B0:24 Masaya TARUI [email protected]:
|> $BHs>o$K=EMW$J=j$,H4$1$F$^$7$?!#(B
|>
|> $B!X8eF#(B $BD>5W$5$s!Y$O(B
|>> $B$$$D$b<jGv$J(BSolaris$B$G%A%'%C%/$7$F%Q%C%A$r=q$$$F$$$?$@$$$F$$$k$N$G!"(B
|
|+1.

$BK?M$N>5Bz$,$($i$l$?$H$$$&$3$H$G$“$l$P!”$$$D$bDL$j$N<j=g$G%3(B
$B%_%C%H8"$r:9$7>e$2$F$/$@$5$$!#(B

11

Issue #4456 has been updated by Yui NARUSE.

Assignee changed from Yui NARUSE to Naohisa G.

=begin
後藤さんにアサインしておきます。

コミットログに「[ruby-dev:43284] [Bug
#4456]」という文字列を含めつつ、[[ruby:CommitterHowtoJa]] を参考にコミットしてくださいませ
=end

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Assigned
Priority: Normal
Assignee: Naohisa G.
Category: core
Target version: 1.9.3
ruby -v: -

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end

12

Issue #4456 has been updated by Naohisa G…

%Fの指定をもっと大きく(2**31-1=2147483647)すると i686-linux でも再現しました。
既出のパッチで治ります。
こういう場合はテストを追加または変更すべきでしょうか?

% ruby -e ‘Time.now.strftime(“%2147483647F”)’
-e:1: [BUG] Segmentation fault
ruby 1.9.4dev (2011-07-21 trunk 32598) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :strftime
c:0003 p:0023 s:0006 b:0006 l:00212c d:0008cc EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:00212c d:00212c TOP

PS. 火曜夜遅くにcvs-admin@ruby-langに必要事項をメールしました。

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Assigned
Priority: Normal
Assignee: Naohisa G.
Category: core
Target version: 1.9.3
ruby -v: -

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end

13

Issue #4456 has been updated by Motohiro KOSAKI.

一週間たちましたが、こちら進捗はいかがでしょうか

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Assigned
Priority: Normal
Assignee: Naohisa G.
Category: core
Target version: 1.9.3
ruby -v: -

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end

14

Issue #4456 has been updated by Naohisa G…

Motohiro KOSAKI wrote:

一週間たちましたが、こちら進捗はいかがでしょうか

無事にコミット権をもらえましたので、今日中にはtrunkとruby_1_9_3両方にコミットします。

Bug #4456: Time#strftime で %F 指定子に大きな幅を指定した際の不具合

Author: tadayoshi funaba
Status: Assigned
Priority: Normal
Assignee: Naohisa G.
Category: core
Target version: 1.9.3
ruby -v: -

=begin
$ ruby -e “Time.now.strftime(‘%100000F’)”
-e:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-03-02) [i686-linux]

– Control frame information

c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :(null)
c:0003 p:0023 s:0006 b:0006 l:000d2c d:00034c EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000d2c d:000d2c TOP

– Ruby level backtrace information

-e:1:in `’
Segmentation fault
=end