[ruby-core:53023] [ruby-trunk - Bug #7982] rb_raise segfaults on %lli format with (0xffffffff + 1)

< ^ > P N |<>| ^ _>< --- | ~ ...Help
Issue #7982 has been updated by phasis68 (Heesob Park).



Here is a patch:
diff --git a/vsnprintf.c b/vsnprintf.c.new
index 1e4cdc5..29bdfda 100644
--- a/vsnprintf.c
+++ b/vsnprintf.c.new
@@ -809,10 +809,10 @@ reswitch:	switch (ch) {
 			if (fp->vextra && (flags & INTPTR_MASK) == INTPTR_FLAG) {
 				FLUSH();
 #if defined _HAVE_SANE_QUAD_ && SIZEOF_VOIDP == SIZEOF_LONG_LONG
-				uqval = va_arg(ap, u_quad_t);
+				uqval = LL2NUM(va_arg(ap, u_quad_t));
 				cp = (*fp->vextra)(fp, sizeof(uqval), &uqval, &fieldsz, sign);
 #else
-				ulval = va_arg(ap, u_long);
+				ulval = LONG2NUM(va_arg(ap, u_long));
 				cp = (*fp->vextra)(fp, sizeof(ulval), &ulval, &fieldsz, sign);
 #endif
 				sign = '\0';

----------------------------------------
Bug #7982: rb_raise segfaults on %lli format with (0xffffffff + 1)
https://bugs.ruby-lang.org/issues/7982#change-37177

Author: erik.s.chang (Erik Chang)
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: current: 2.1.0
ruby -v: ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]


This was not a problem on 1.9.3

Run attached "t" extension with:
ruby -rt  -e '"".blowup(0xffffffff + 1)'

to reproduce. Using %lld works around the issue.


-- 
http://bugs.ruby-lang.org/