Issue #6058 has been updated by Narihiro Nakamura.


Motohiro KOSAKI wrote:
> ??¹ã?¿ã????¯ã?ªã?¼ã????¼ã????­ã?¼ã????¨ã??????????¯äºº??¯ã?????????ªã?®ã?§ã?????????????????????????¾ã??SEGV????³ã????©ã????¨å??è³?printf???????????¦ã?ªã????®ã??printf????????§ã?¹ã?¿ã????¯ã??çª??????´ã????ªã????¨è???????ªã???¦ã???????????????????ªã????»ã?»ã?¨æ?©ã????§ã?¾ã?????????????¾ã??第ä??å¼¾ã?¨ã?????ALT STACK??«ã??PROT_NONE??ªã?¹ã?¿ã????¯ã?¬ã?¼ã???????¼ã?¸ã???£ã?¤ã????¦ã?¹ã?¿ã????¯ã?ªã?¼ã????¼ã????­ã?¼ã????¡ã?¢ã?ªç?´å????§ã?¯ã?ªã???¯ã?©ã????·ã?¥ã?«ã?ªã??????????«ã????¹ã????§ã??????????­ã???????®ã????¨ã????½ã?¡ã????¨ã????®ã???????¯ã????¬ã?¼ã?¹ã?¿ã?¦ã?¹ã?¿ã????¯æ??è²»ã?®å??訳ã?????対ç??????????¾ã???????????å¼????????????¾ã??

???????????¨ã?????????????¾ã??ï¼? gdb??®ã???????¯ã????¬ã?¼ã?¹ã?¯ä»¥ä¸???®ã?¨ã???????§ã?????

 (gdb) r -e 'Process.kill :SIGSEGV, $$'
 Starting program: /root/ruby/ruby-trunk-svn/miniruby -e 'Process.kill :SIGSEGV, $$'
 warning: no loadable sections found in added symbol-file system-supplied DSO at 0x2aaaaaaab000
 [Thread debugging using libthread_db enabled]
 [New Thread 0x40003940 (LWP 5991)]
 
 Program received signal SIGSEGV, Segmentation fault.
 0x000000329b6306f7 in kill () from /lib64/libc.so.6
 (gdb) c
 Continuing.
 -e:1: [BUG] Segmentation fault
 ruby 2.0.0dev (2012-02-22 trunk 34726) [x86_64-linux]
 
 -- Control frame information -----------------------------------------------
 
 Program received signal SIGSEGV, Segmentation fault.
 0x00002aaaae08d040 in ?? ()
 (gdb) bt
 #0  0x00002aaaae08d040 in ?? ()
 #1  0x00000000004e6304 in st_lookup (table=0x7f7a90, key=8368, value=0x7fa0e8) at st.c:399
 #2  0x0000000000490077 in rb_id2str (id=8368) at parse.y:10612
 #3  0x0000000000490159 in rb_id2name (id=8368) at parse.y:10643
 #4  0x000000000053d893 in control_frame_dump (th=0x7f5520, cfp=0x2aaaae18ceb0) at vm_dump.c:121
 #5  rb_vmdebug_stack_dump_raw (th=0x7f5520, cfp=0x2aaaae18ceb0) at vm_dump.c:182
 #6  0x000000000053da6c in rb_vm_bugreport () at vm_dump.c:791
 #7  0x00000000004446fe in report_bug (file=<value optimized out>, line=<value optimized out>, fmt=0x56a343 "Segmentation fault", args=0x7fa4d0) at error.c:266
 #8  0x0000000000444878 in rb_bug (fmt=0x56a343 "Segmentation fault") at error.c:285
 #9  0x00000000004df5d7 in sigsegv (sig=<value optimized out>, info=<value optimized out>, ctx=<value optimized out>) at signal.c:603
 #10 <signal handler called>
 #11 0x000000329b6306f7 in kill () from /lib64/libc.so.6
 #12 0x00000000004e049e in rb_f_kill (argc=2, argv=0x2aaaae08d048) at signal.c:397
 #13 0x0000000000531720 in vm_call_cfunc (th=0x7f5520, cfp=0x2aaaae18cf08, num=<value optimized out>, blockptr=0x1, flag=0, id=8368, me=0x8ed620, recv=8698280)
     at vm_insnhelper.c:452
     at vm_insnhelper.c:452
 #14 vm_call_method (th=0x7f5520, cfp=0x2aaaae18cf08, num=<value optimized out>, blockptr=0x1, flag=0, id=8368, me=0x8ed620, recv=8698280) at vm_insnhelper.c:578
 #15 0x00000000005345ef in vm_exec_core (th=0x7f5520, initial=<value optimized out>) at insns.def:1018
 #16 0x0000000000539372 in vm_exec (th=0x7f5520) at vm.c:1223
 #17 0x0000000000539601 in rb_iseq_eval_main (iseqval=8670360) at vm.c:1463
 #18 0x0000000000447142 in ruby_exec_internal (n=0x844c98) at eval.c:204
 #19 0x0000000000447169 in ruby_exec_node (n=0x844c98) at eval.c:251
 #20 0x00000000004485cf in ruby_run_node (n=0x844c98) at eval.c:244
 #21 0x0000000000415f63 in main (argc=3, argv=0x7fffffffe9e8) at main.c:38

----------------------------------------
Bug #6058: Stack overflow in SEGV Handler
https://bugs.ruby-lang.org/issues/6058

Author: Narihiro Nakamura
Status: Assigned
Priority: Normal
Assignee: Motohiro KOSAKI
Category: core
Target version: 2.0.0
ruby -v: ruby 2.0.0dev (2012-02-22 trunk 34726) [x86_64-linux]


nari??§ã?????

以ä????®ã???????«ã????¾ã??SEGV??®ã????¹ã????§è?½ã?¡ã???????¨ã??????????¾ã????¦ã??

http://c5664.rubyci.org/~chkbuild/ruby-trunk/log/20120221T130301Z.log.html.gz

?????????調æ?»ã???????¨ã????????SIGSEGV????³ã????©ã?®ä¸­??§ã?¹ã?¿ã????¯ã?ªã?¼ã???????­ã?¼ã????¦ã?????
????????§ã????????

 # uname -orv
 2.6.18-274.el5 #1 SMP Fri Jul 22 04:43:29 EDT 2011 GNU/Linux

 # cat /etc/redhat-release 
 CentOS release 5.7 (Final)

 # ./miniruby -v
 ruby 2.0.0dev (2012-02-22 trunk 34726) [x86_64-linux]

64bit??°å?????CentOS??????100%????????¾ã????????
./configure??®æ??å®????chkbuild??¨å???????«ã????¦ã????¾ã?????

 # gdb ./miniruby
 (gdb) r -e 'Process.kill :SIGSEGV, $$'
 Starting program: /root/ruby/ruby-trunk-svn/miniruby -e 'Process.kill :SIGSEGV, $$'
 warning: no loadable sections found in added symbol-file system-supplied DSO at 0x2aaaaaaab000
 [Thread debugging using libthread_db enabled]
 [New Thread 0x40003940 (LWP 5662)]
 
 Program received signal SIGSEGV, Segmentation fault.
 0x000000329b6306f7 in kill () from /lib64/libc.so.6
 (gdb) c
 Continuing.
 -e:1: [BUG] Segmentation fault
 ruby 2.0.0dev (2012-02-22 trunk 34726) [x86_64-linux]
 
 -- Control frame information -----------------------------------------------
 
 Program received signal SIGSEGV, Segmentation fault.
 0x00002aaaae08d040 in ?? ()
 (gdb) up
 #1  0x00000000004e6304 in st_lookup (table=0x7f7a90, key=8368, value=0x7fa0e8) at st.c:399
 399         hash_val = do_hash(key, table);
 (gdb) p table
 $1 = (st_table *) 0x7f7a90
 (gdb) p *table
 $2 = {type = 0x2aaaae18cf08, num_bins = 217355419913, entries_packed = 0, num_entries = 1664379390147606789, bins = 0x2820766564302e30, head = 0x2d32302d32313032, 
   tail = 0x6b6e757274203232}
 (gdb) up
 #2  0x0000000000490077 in rb_id2str (id=8368) at parse.y:10612
 10612       if (st_lookup(global_symbols.id_str, id, &data)) {
 (gdb) p global_symbols.id_str
 $3 = (st_table *) 0x7f7a90

gdb??§èª¿??¹ã????¨ã??global_symbols.id_str???????????¡ã?¢ã?ªé??????????©ã???????§ç?´å????????
??¦ã?????????????§ã????????

 (gdb) (gdb) watch (((st_table *) 0x7f7a90)->type == 0x7d61f0)
 Hardware watchpoint 2: (((st_table *) 0x7f7a90)->type == 0x7d61f0)
 (gdb) r
 ...
 Old value = 1
 New value = 0
 0x000000329b642841 in vfprintf () from /lib64/libc.so.6
 (gdb) info frame
 Stack level 0, Stack frame at 0x7f7aa0:
  rip = 0x329b642841 in vfprintf; saved rip 0x329b648086
  called by frame at 0x7f9bf0
  Arglist at 0x7f7a90, args: 
  Locals at 0x7f7a90, Previous frame's sp is 0x7f7aa0
  Saved registers:
   rbp at 0x7f7a90, rip at 0x7f7a98

対象??®ã?¡ã?¢ã?ªé??????????´å?????????????¹ã???¡Ö?????¨ã??vfprintf()??«è?????å½??????£ã?¦ã????¹ã?¿ã??
??¯ã????¬ã?¼ã????®æ????±ã??è¦???????Locals??®ã?¢ã????¬ã?¹ã??global_symbols.id_str??®ã?¢ã?????
??¹ã?¨å???????«ã?ªã?£ã?¦ã??????????¨ã????????????¾ã????????

??®ã?§ã???????¶ã????¹ã?¿ã????¯ã????ªã?¼ã???????­ã?¼ã????¦ã???????®ã?§ã?¯ã?ªã???????¨æ???????¾ã?????
?????¾ã??詳ã??????ªã????®ã?§ã?¨ã????????????????°å?±å???????¦ã???????¾ã?????


-- 
http://bugs.ruby-lang.org/