Bug in mmap or ruby with ruby-1.8.0

H

Han Holl

Searching for a non-existing string in a mmapped region produces a segfault.
Run the following little program:

require 'mmap'
file = "/usr/bin/ruby"
fma = Mmap.new(file, "r", Mmap::MAP_SHARED, {'offset' => 8192, 'length' => 4096})
puts fma.index("\n#\n", 12)
fma.unmap

Under 1.8.0:

tt.rb:10: [BUG] Segmentation fault
ruby 1.8.0 (2003-08-04) [i686-linux]

Aborted

With 1.6.8:
nil

Cheers,

Han Holl
 
N

nobu.nokada

Hi,

At Mon, 1 Sep 2003 23:20:37 +0900,
ts said:
s+d can be > e

illegal access which give with a mapped file a segfault, with a normal
string it can work
Click to expand...

Indeed.


Index: re.c
===================================================================
RCS file: /cvs/ruby/src/ruby/re.c,v
retrieving revision 1.110
diff -u -2 -p -r1.110 re.c
--- re.c 16 Aug 2003 14:58:33 -0000 1.110
+++ re.c 1 Sep 2003 14:50:52 -0000
@@ -108,5 +108,6 @@ rb_memsearch(x0, m, y0, n)
#define KR_REHASH(a, b, h) (((h) << 1) - ((a)<<d) + (b))

- s = y; e = s + n - m + 1;
+ if (m > n) return -1;
+ s = y; e = s + n - m;

/* Preprocessing */
@@ -117,4 +118,7 @@ rb_memsearch(x0, m, y0, n)

if (ruby_ignorecase) {
+ if (n == m) {
+ return rb_memcicmp(x, s, m) == 0 ? 0 : -1;
+ }
/* Prepare hash value */
for (hy = hx = i = 0; i < d; ++i) {
@@ -123,8 +127,6 @@ rb_memsearch(x0, m, y0, n)
}
/* Searching */
- while (s < e) {
- if (hx == hy && rb_memcicmp(x, s, m) == 0) {
- return s-y;
- }
+ while (hx != hy || rb_memcicmp(x, s, m)) {
+ if (s >= e) return -1;
hy = KR_REHASH(casetable[*s], casetable[*(s+d)], hy);
s++;
@@ -132,4 +134,7 @@ rb_memsearch(x0, m, y0, n)
}
else {
+ if (n == m) {
+ return memcmp(x, s, m) == 0 ? 0 : -1;
+ }
/* Prepare hash value */
for (hy = hx = i = 0; i < d; ++i) {
@@ -138,13 +143,11 @@ rb_memsearch(x0, m, y0, n)
}
/* Searching */
- while (s < e) {
- if (hx == hy && memcmp(x, s, m) == 0) {
- return s-y;
- }
+ while (hx != hy || memcmp(x, s, m)) {
+ if (s >= e) return -1;
hy = KR_REHASH(*s, *(s+d), hy);
s++;
}
}
- return -1;
+ return s-y;
}
 
Y

Yukihiro Matsumoto

Hi,

In message "Re: Bug in mmap or ruby with ruby-1.8.0"

|At Mon, 1 Sep 2003 23:20:37 +0900,
|ts wrote:
|> s+d can be > e
|>
|> illegal access which give with a mapped file a segfault, with a normal
|> string it can work
|
|Indeed.

Commit the fix, please.
matz.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Crash in ruby 1.8.0 6
mmap causing a bus error 1
Mmap crash when appending 5
[BUG] :""[] segfaults Ruby 1
ruby-1.8.0.p3 segfault 0
Bug In Ruby 1.8.6-26 3
Problem with ruby-dbi-all-0.0.20 and/or ruby-1.8.0 4
Ruby/HPUX/syscall problem/bug 3

Members online

Total: 39 (members: 1, guests: 38)
Robots: 321

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,012
Latest member
RoxanneDzm

Latest Threads

Top