Issue #11830 has been updated by Tomoyuki Chikanaga.

Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED

----------------------------------------
Bug #11830: hash.each(&:destroy) dumps core
https://bugs.ruby-lang.org/issues/11830#change-55631

* Author: Toru Iwase
* Status: Closed
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.3.0dev (2015-12-17 trunk 53168) [x86_64-linux]
* Backport: 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
----------------------------------------
Following small code dumps core.

~~~
$ ./ruby --disable-gems -e '{}.each(&:destroy)'
-e:1: [BUG] Segmentation fault at 0x00000000aaf12c
ruby 2.3.0dev (2015-12-17 trunk 53168) [x86_64-linux]

... see attached crash report ...

Aborted (core dumped)
~~~

Array and Range works fine.

~~~
$ ./ruby -e '[1].each(&:destroy)'
-e:1:in `each': undefined method `destroy' for 1:Fixnum (NoMethodError)
        from -e:1:in `<main>'
$ ./ruby -e '(1..2).each(&:destroy)'
-e:1:in `each': undefined method `destroy' for 1:Fixnum (NoMethodError)
        from -e:1:in `<main>'
~~~

In rb_block_arity(), block->proc and block->iseq are invalid value I think.

~~~
$ gdb /home/tietew/ruby/ruby2.3-trunk/bin/ruby core
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
...
Program terminated with signal SIGABRT, Aborted.
(gdb) bt
...
#5  <signal handler called>
#6  rb_block_arity () at proc.c:960
...
(gdb) frame 6
#6  rb_block_arity () at proc.c:960
960             GetProcPtr(proc_value, proc);
(gdb) p proc_value
$1 = 7643404
(gdb) p proc
$2 = <optimized out>
(gdb) p *(struct RBasic *)proc_value
Cannot access memory at address 0x74a10c
(gdb) p *block
$5 = {self = 139733405230640, ep = 0x7f16380bd9d0, iseq = 0x74a10c,
  proc = 7643404}
(gdb)
~~~


---Files--------------------------------
crash.txt (8.71 KB)


-- 
https://bugs.ruby-lang.org/