Issue #15189 has been reported by bannable (Joe Truba).

----------------------------------------
Bug #15189: Multiple OOB reads (of size 4) in rb_bigzero_p
https://bugs.ruby-lang.org/issues/15189

* Author: bannable (Joe Truba)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.6.0dev (2018-10-01 trunk 64894) [x86_64-linux]
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
An AFL fuzzing session against 6b4d78fc43 this weekend and turned up 17 crashes in rb_bigzero_p.

I suspect that all of these are the same underlying bug -- they are all a 4 byte OOB read in rb_bigzero_p -- so I'm including all of them in this single issue. If you'd like me to report each of these separately let me know and I'll happily do that.

For each reproducer, I have included:
* the reproducer
* stdout from ruby
* gdb backtrace
* valgrind report

---Files--------------------------------
crashes.rb_bigzero_p.zip (104 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>