Issue #7402 has been reported by charliesome (Charlie Somerville).

----------------------------------------
Bug #7402: Avoid calling methods on user objects from segfault handler
https://bugs.ruby-lang.org/issues/7402

Author: charliesome (Charlie Somerville)
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: 
ruby -v: ruby 2.0.0dev (2012-11-19 trunk 37722) [x86_64-darwin11.4.0]


When the segfault handler is listing loaded features, it iterates through $LOADED_FEATURES and calls StringValueCStr() on each item. This in turn calls #to_str on the object.

If a #to_str method is defined on a non-T_STRING, it is possible to have code run during the segfault handler. If an exception is raised or a tag is thrown, it is possible to escape the segfault handler and recover from a segmentation fault.

I've attached a patch that checks if an item in $LOADED_FEATURES is a T_STRING, and calls rb_any_to_s() if not. This will avoid calling any methods which could potentially call back into Ruby-land.


-- 
http://bugs.ruby-lang.org/