diff options
| author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-06-13 12:23:01 +0000 |
|---|---|---|
| committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-06-13 12:23:01 +0000 |
| commit | f4fe2a76b0564e8e572936dec3bd724ac22b7a44 (patch) | |
| tree | 283e745476e1d4daa093894768d153a558e4b6ed /version.h | |
| parent | 69418c9fa971551f5ced617332a91a3d7bba8da4 (diff) | |
merge revision(s) 7b7043e5da8589e01b94575d4ed647e909e5c875: [Backport #15793]
eliminate use of freed memory
rb_io_fptr_finalize_internal frees the memory region.
=================================================================
==85264==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000000d8c at pc 0x5608e38077f7 bp 0x7ffee12d5440 sp 0x7ffee12d5438
READ of size 4 at 0x610000000d8c thread T0
#0 0x5608e38077f6 in rb_io_memsize io.c:4749:24
#1 0x5608e37a0481 in obj_memsize_of gc.c:3547:14
#2 0x5608e37a4f30 in check_rvalue_consistency gc.c:1107:2
#3 0x5608e37a2624 in RVALUE_OLD_P gc.c:1218:5
#4 0x5608e37a5bae in rb_gc_force_recycle gc.c:6652:18
#5 0x5608e38191f9 in rb_f_backquote io.c:9021:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
#17 0x5608e376198b in ruby_exec_node eval.c:326:12
#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#21 0x5608e3522289 in _start (miniruby+0x15f289)
0x610000000d8c is located 76 bytes inside of 192-byte region [0x610000000d40,0x610000000e00)
freed by thread T0 here:
#0 0x5608e359a2ed in free (miniruby+0x1d72ed)
#1 0x5608e37af421 in objspace_xfree gc.c:9591:5
#2 0x5608e37af3da in ruby_sized_xfree gc.c:9687:2
#3 0x5608e3799ac8 in ruby_xfree gc.c:9694:5
#4 0x5608e380746d in rb_io_fptr_finalize_internal io.c:4728:5
#5 0x5608e38191ed in rb_f_backquote io.c:9020:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
#17 0x5608e376198b in ruby_exec_node eval.c:326:12
#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
previously allocated by thread T0 here:
#0 0x5608e359a56d in malloc (miniruby+0x1d756d)
#1 0x5608e37aed12 in objspace_xmalloc0 gc.c:9416:5
#2 0x5608e37aebe7 in ruby_xmalloc0 gc.c:9600:12
#3 0x5608e37aea8b in ruby_xmalloc_body gc.c:9609:12
#4 0x5608e37a6d64 in ruby_xmalloc gc.c:11469:12
#5 0x5608e380e4b4 in rb_io_fptr_new io.c:8040:19
#6 0x5608e380e446 in rb_io_make_open_file io.c:8077:10
#7 0x5608e3850ea0 in pipe_open io.c:6707:5
#8 0x5608e384edb4 in pipe_open_s io.c:6772:12
#9 0x5608e381910b in rb_f_backquote io.c:9014:12
#10 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#11 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#12 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#13 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#14 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#15 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#16 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#17 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
#18 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
#19 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
#20 0x5608e37620ca in ruby_exec_internal eval.c:262:2
#21 0x5608e376198b in ruby_exec_node eval.c:326:12
#22 0x5608e37617d0 in ruby_run_node eval.c:318:25
#23 0x5608e35c9486 in main main.c:42:9
#24 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-use-after-free io.c:4749:24 in
rb_io_memsize
Shadow bytes around the buggy address:
0x0c207fff8160: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff8180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff81a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c207fff81b0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c207fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==85264==ABORTING
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67710 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'version.h')
| -rw-r--r-- | version.h | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -1,10 +1,10 @@ #define RUBY_VERSION "2.6.3" #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 62 +#define RUBY_PATCHLEVEL 63 #define RUBY_RELEASE_YEAR 2019 -#define RUBY_RELEASE_MONTH 4 -#define RUBY_RELEASE_DAY 16 +#define RUBY_RELEASE_MONTH 6 +#define RUBY_RELEASE_DAY 13 #include "ruby/version.h" |