Forum: Ruby-core [ruby-trunk - Bug #8654][Assigned] SEGV in Array#count

C042517d59bed4761cc88681bf71fca8?d=identicon&s=25 Glass_saga (Masaki Matsushita) (Guest)
on 2013-07-18 11:03
(Received via mailing list)
Issue #8654 has been reported by Glass_saga (Masaki Matsushita).

----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654

Author: Glass_saga (Masaki Matsushita)
Status: Assigned
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 Eregon (Benoit Daloze) (Guest)
on 2013-07-18 12:51
(Received via mailing list)
Issue #8654 has been updated by Eregon (Benoit Daloze).

File 0001-array.c-rb_ary_count-check-length-to-avoid-SEGV.patch added

What do you think of this patch?

I am not sure assert_in_out_err is good for segfaults checks,
but I could not reproduce so reliably when removing the "p i".
----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-40568

Author: Glass_saga (Masaki Matsushita)
Status: Assigned
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
C042517d59bed4761cc88681bf71fca8?d=identicon&s=25 Glass_saga (Masaki Matsushita) (Guest)
on 2013-07-18 13:15
(Received via mailing list)
Issue #8654 has been updated by Glass_saga (Masaki Matsushita).


> What do you think of this patch?

I already fixed it on r42040, but this ticket hasn't been closed because
I have commited it with wrong commit message.
It's my fault.

However, I will add your test code.
Thank you for your patch,
----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-40570

Author: Glass_saga (Masaki Matsushita)
Status: Assigned
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
7cca11c5257fda526eeb4b1ada28f904?d=identicon&s=25 mrkn (Kenta Murata) (Guest)
on 2013-07-18 13:18
(Received via mailing list)
Issue #8654 has been updated by mrkn (Kenta Murata).

Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED,
2.0.0: REQUIRED

I confirmed it is reproducible on the both head revisions of ruby_1_9_3
and ruby_2_0_0.

----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-40571

Author: Glass_saga (Masaki Matsushita)
Status: Assigned
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: REQUIRED


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 Eregon (Benoit Daloze) (Guest)
on 2013-07-18 13:26
(Received via mailing list)
Issue #8654 has been updated by Eregon (Benoit Daloze).


Glass_saga (Masaki Matsushita) wrote:
> > What do you think of this patch?
>
> I already fixed it on r42040, but this ticket hasn't been closed because I have
commited it with wrong commit message.
> It's my fault.
>
> However, I will add your test code.
> Thank you for your patch,

Ah, I should have looked the newest commits.

It might be worth adding the second change to avoid the pointer loop
(seems about the only one in array.c), RARRAY_PTR() is kind of
deprecated with the new GC for these cases in core.
I will commit it as I can rebase easily if it is OK.
----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-40572

Author: Glass_saga (Masaki Matsushita)
Status: Assigned
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: REQUIRED


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
C4e88907313843cf07f6d85ba8162120?d=identicon&s=25 Eregon (Benoit Daloze) (Guest)
on 2013-07-18 13:42
(Received via mailing list)
Issue #8654 has been updated by Eregon (Benoit Daloze).

Status changed from Closed to Open

Reopening for backport.
(The fix will need to be a bit different as there is no RARRAY_AREF() in
older versions).
----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-40574

Author: Glass_saga (Masaki Matsushita)
Status: Open
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: REQUIRED


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
5cf8f058a4c094bb708174fb43e7a387?d=identicon&s=25 nagachika (Tomoyuki Chikanaga) (Guest)
on 2013-10-09 18:05
(Received via mailing list)
Issue #8654 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED to 1.9.3:
REQUIRED, 2.0.0: DONE

backported r42040, r42041 and r42047 to ruby_2_0_0 at r43228.
----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-42394

Author: Glass_saga (Masaki Matsushita)
Status: Closed
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: DONE


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
5cf8f058a4c094bb708174fb43e7a387?d=identicon&s=25 nagachika (Tomoyuki Chikanaga) (Guest)
on 2013-10-10 17:10
(Received via mailing list)
Issue #8654 has been updated by nagachika (Tomoyuki Chikanaga).


... and backport r42068, r42069 to suppress warning and fix failure on
CI (run with -w option).
----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-42419

Author: Glass_saga (Masaki Matsushita)
Status: Closed
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: REQUIRED, 2.0.0: DONE


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
8cbb39dadafaf2287a83a13ee4981ec9?d=identicon&s=25 usa (Usaku NAKAMURA) (Guest)
on 2013-10-31 16:00
(Received via mailing list)
Issue #8654 has been updated by usa (Usaku NAKAMURA).

Backport changed from 1.9.3: REQUIRED, 2.0.0: DONE to 1.9.3: DONE,
2.0.0: DONE

Backported to ruby_1_9_3 at r43491.
----------------------------------------
Bug #8654: SEGV in Array#count
https://bugs.ruby-lang.org/issues/8654#change-42695

Author: Glass_saga (Masaki Matsushita)
Status: Closed
Priority: Normal
Assignee: Glass_saga (Masaki Matsushita)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-07-18 trunk 42039) [x86_64-linux]
Backport: 1.9.3: DONE, 2.0.0: DONE


Following code causes SEGV.

a1 = []
a2 = Array.new(100) {|i| i }
a2.count do |i|
  p i
  a2.replace(a1) if i == 0
end
This topic is locked and can not be replied to.