Issue #10918 has been updated by Tomoyuki Chikanaga.

Backport changed from 2.0.0: DONTNEED, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: DONTNEED, 2.1: REQUIRED, 2.2: DONE

Backported into `ruby_2_2` branch at r50565.

----------------------------------------
Bug #10918: ObjectSpace._id2ref returns internal object
https://bugs.ruby-lang.org/issues/10918#change-52509

* Author: Kazuki Yamaguchi
* Status: Closed
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.0dev (2015-02-28 trunk 49782) [x86_64-linux]
* Backport: 2.0.0: DONTNEED, 2.1: REQUIRED, 2.2: DONE
----------------------------------------
Since r43539 ObjectSpace._id2ref doesn't check if the object is internal or not.

The following code gives a segmentation fault:

~~~
(ObjectSpace.each_object.first.__id__..1.0/0).each do |i|
  t = ObjectSpace._id2ref(i) rescue next # skip RangeError

  begin
    p t
  rescue NotImplementedError => e
    puts e.message
  end

  t.abc rescue next # skip NoMethodError for normal object
end
~~~

Output:

~~~
$ ./miniruby ______test.rb
[false]
35039504529680
2.003890166470031

- snip -

35039504529745
35039504529746
-2.003890166470038
35039504529747
35039504529748
2.0038901664700384
35039504529749
method `inspect' called on hidden T_ARRAY object (0x007f7914e1e558 flags=0xa007)
______test.rb:10: [BUG] Segmentation fault at 0x00000000000018
ruby 2.3.0dev (2015-02-28 trunk 49782) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0004 p:0035 s:0013 e:000011 BLOCK  ______test.rb:10 [FINISH]
c:0003 p:---- s:0007 e:000006 CFUNC  :each
c:0002 p:0024 s:0004 E:0012c0 EVAL   ______test.rb:1 [FINISH]
c:0001 p:0000 s:0002 E:0026a0 TOP    [FINISH]

-- Ruby level backtrace information ----------------------------------------
______test.rb:1:in `<main>'
______test.rb:1:in `each'
______test.rb:10:in `block in <main>'

-- Machine register context ------------------------------------------------
 RIP: 0x00007f7914362908 RBP: 0x0000000000000000 RSP: 0x00007fffcdfb4400
 RAX: 0x000000000000007f RBX: 0x00007f7914f4b830 RCX: 0x00007f7914f4a7c8
 RDX: 0x00007f7914069078 RDI: 0x00007f7914f4b830 RSI: 0x00007f7914e1e558
  R8: 0x00007f7914f4e000  R9: 0x0000000000000000 R10: 0x0000000000000003
 R11: 0x0000000000000000 R12: 0x00007f7914f4a7d8 R13: 0x00007f7914e337f0
 R14: 0x00007f7914f4a7e8 R15: 0x00007f7914168ed0 EFL: 0x0000000000010246

-- C level backtrace information -------------------------------------------
/var/build/ruby/miniruby(rb_vm_bugreport+0x4ea) [0x7f791437aefa] vm_dump.c:693
/var/build/ruby/miniruby(rb_bug_context+0xcb) [0x7f79141fc95b] error.c:425
/var/build/ruby/miniruby(sigsegv+0x3e) [0x7f79142ea4ce] signal.c:886
/usr/lib/libpthread.so.0 [0x7f7913d51210]
/var/build/ruby/miniruby(vm_search_method+0x48) [0x7f7914362908] vm_insnhelper.c:842
/var/build/ruby/miniruby(vm_exec_core+0x134d) [0x7f7914367abd] insns.def:1075
/var/build/ruby/miniruby(vm_exec+0x78) [0x7f791436c668] vm.c:1400
/var/build/ruby/miniruby(invoke_block_from_c+0x889) [0x7f791436d9d9] vm.c:813
/var/build/ruby/miniruby(rb_yield+0x63) [0x7f791436eb23] vm.c:853
/var/build/ruby/miniruby(range_each+0x2f3) [0x7f79142a6d93] range.c:691
/var/build/ruby/miniruby(vm_call_cfunc+0x11e) [0x7f7914361cee] vm_insnhelper.c:1386
/var/build/ruby/miniruby(vm_call_method+0x11e) [0x7f791437110e] vm_insnhelper.c:1695
/var/build/ruby/miniruby(vm_exec_core+0x12b0) [0x7f7914367a20] insns.def:1046
/var/build/ruby/miniruby(vm_exec+0x78) [0x7f791436c668] vm.c:1400
/var/build/ruby/miniruby(rb_iseq_eval_main+0x203) [0x7f7914378623] vm.c:1670
/var/build/ruby/miniruby(ruby_exec_internal+0xbf) [0x7f7914201e8f] eval.c:257
/var/build/ruby/miniruby(ruby_run_node+0x2f) [0x7f7914205a1f] eval.c:322
/var/build/ruby/miniruby(main+0x4b) [0x7f79141a48eb] cont.c:1414

-- Other runtime information -----------------------------------------------

* Loaded script: ______test.rb

* Loaded features:

    0 enumerator.so
    1 rational.so
    2 complex.so

* Process memory map:

7f7912048000-7f7912dd0000 r--s 00000000 fd:0a 2371114                    /var/build/ruby/miniruby
7f7912dd0000-7f7912de6000 r-xp 00000000 fd:0a 137485                     /usr/lib/libgcc_s.so.1
7f7912de6000-7f7912fe5000 ---p 00016000 fd:0a 137485                     /usr/lib/libgcc_s.so.1
7f7912fe5000-7f7912fe6000 rw-p 00015000 fd:0a 137485                     /usr/lib/libgcc_s.so.1
7f7912fe6000-7f791317f000 r-xp 00000000 fd:0a 134268                     /usr/lib/libc-2.20.so
7f791317f000-7f791337f000 ---p 00199000 fd:0a 134268                     /usr/lib/libc-2.20.so
7f791337f000-7f7913383000 r--p 00199000 fd:0a 134268                     /usr/lib/libc-2.20.so
7f7913383000-7f7913385000 rw-p 0019d000 fd:0a 134268                     /usr/lib/libc-2.20.so
7f7913385000-7f7913389000 rw-p 00000000 00:00 0 
7f7913389000-7f791348c000 r-xp 00000000 fd:0a 134267                     /usr/lib/libm-2.20.so
7f791348c000-7f791368c000 ---p 00103000 fd:0a 134267                     /usr/lib/libm-2.20.so
7f791368c000-7f791368d000 r--p 00103000 fd:0a 134267                     /usr/lib/libm-2.20.so
7f791368d000-7f791368e000 rw-p 00104000 fd:0a 134267                     /usr/lib/libm-2.20.so
7f791368e000-7f7913696000 r-xp 00000000 fd:0a 134287                     /usr/lib/libcrypt-2.20.so
7f7913696000-7f7913896000 ---p 00008000 fd:0a 134287                     /usr/lib/libcrypt-2.20.so
7f7913896000-7f7913897000 r--p 00008000 fd:0a 134287                     /usr/lib/libcrypt-2.20.so
7f7913897000-7f7913898000 rw-p 00009000 fd:0a 134287                     /usr/lib/libcrypt-2.20.so
7f7913898000-7f79138c6000 rw-p 00000000 00:00 0 
7f79138c6000-7f79138c9000 r-xp 00000000 fd:0a 134238                     /usr/lib/libdl-2.20.so
7f79138c9000-7f7913ac8000 ---p 00003000 fd:0a 134238                     /usr/lib/libdl-2.20.so
7f7913ac8000-7f7913ac9000 r--p 00002000 fd:0a 134238                     /usr/lib/libdl-2.20.so
7f7913ac9000-7f7913aca000 rw-p 00003000 fd:0a 134238                     /usr/lib/libdl-2.20.so
7f7913aca000-7f7913b40000 r-xp 00000000 fd:0a 142271                     /usr/lib/libgmp.so.10.2.0
7f7913b40000-7f7913d3f000 ---p 00076000 fd:0a 142271                     /usr/lib/libgmp.so.10.2.0
7f7913d3f000-7f7913d40000 r--p 00075000 fd:0a 142271                     /usr/lib/libgmp.so.10.2.0
7f7913d40000-7f7913d41000 rw-p 00076000 fd:0a 142271                     /usr/lib/libgmp.so.10.2.0
7f7913d41000-7f7913d58000 r-xp 00000000 fd:0a 134247                     /usr/lib/libpthread-2.20.so
7f7913d58000-7f7913f57000 ---p 00017000 fd:0a 134247                     /usr/lib/libpthread-2.20.so
7f7913f57000-7f7913f58000 r--p 00016000 fd:0a 134247                     /usr/lib/libpthread-2.20.so
7f7913f58000-7f7913f59000 rw-p 00017000 fd:0a 134247                     /usr/lib/libpthread-2.20.so
7f7913f59000-7f7913f5d000 rw-p 00000000 00:00 0 
7f7913f5d000-7f7913f7f000 r-xp 00000000 fd:0a 134244                     /usr/lib/ld-2.20.so
7f7914047000-7f7914069000 r--s 00000000 fd:0a 134247                     /usr/lib/libpthread-2.20.so
7f7914069000-7f791416f000 rw-p 00000000 00:00 0 
7f7914179000-7f791417a000 rw-p 00000000 00:00 0 
7f791417a000-7f791417b000 ---p 00000000 00:00 0 
7f791417b000-7f791417e000 rw-p 00000000 00:00 0                          [stack:25071]
7f791417e000-7f791417f000 r--p 00021000 fd:0a 134244                     /usr/lib/ld-2.20.so
7f791417f000-7f7914180000 rw-p 00022000 fd:0a 134244                     /usr/lib/ld-2.20.so
7f7914180000-7f7914181000 rw-p 00000000 00:00 0 
7f7914181000-7f7914459000 r-xp 00000000 fd:0a 2371114                    /var/build/ruby/miniruby
7f7914659000-7f791465f000 rw-p 002d8000 fd:0a 2371114                    /var/build/ruby/miniruby
7f791465f000-7f791467000Since r43539 t0 rw-p 00000000 00:00 0 
7f7914dce000-7f7914f79000 rw-p 00000000 00:00 0                          [heap]
7fffcd7b8000-7fffcdfb7000 rw-p 00000000 00:00 0 
7fffcdffc000-7fffcdffe000 r--p 00000000 00:00 0                          [vvar]
7fffcdffe000-7fffce000000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]


[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
~~~



-- 
https://bugs.ruby-lang.org/