Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault in ruby 3.0.4 #495

Closed
fschwahn opened this issue Apr 14, 2022 · 4 comments · Fixed by #496
Closed

Segmentation fault in ruby 3.0.4 #495

fschwahn opened this issue Apr 14, 2022 · 4 comments · Fixed by #496

Comments

@fschwahn
Copy link

fschwahn commented Apr 14, 2022
edited
Loading

Since upgrading to ruby 3.0.4 I am seeing segfaults when using JSON.parse to parse a JSON file which has an empty string as key. Repro case:

require "json"
puts JSON.parse('{ "": "foo" }')

This works on ruby 3.0.3, but segfaults on 3.0.4. I have observed this on both mac & linux.

➜  ruby-bug ruby test.rb
RSTRING_PTR is returning NULL!! SIGSEGV is highly expected to follow immediately. If you could reproduce, attach your debugger here, and look at the passed string.
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216: [BUG] Segmentation fault at 0x0000000000000000
ruby 3.0.4p208 (2022-04-12 revision 3fa771dded) [x86_64-darwin21]

-- Crash Report log information --------------------------------------------
   See Crash Report log file under the one of following:                    
     * ~/Library/Logs/DiagnosticReports                                     
     * /Library/Logs/DiagnosticReports                                      
   for more details.                                                        
Don't forget to include the above Crash Report log file in bug reports.     

-- Control frame information -----------------------------------------------
c:0004 p:---- s:0017 e:000016 CFUNC  :parse
c:0003 p:0027 s:0013 e:000012 METHOD /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216
c:0002 p:0020 s:0007 e:000005 EVAL   test.rb:3 [FINISH]
c:0001 p:0000 s:0003 E:002000 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
test.rb:3:in `<main>'
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216:in `parse'
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb:216:in `parse'

-- Machine register context ------------------------------------------------
 rax: 0x8080808080808080 rbx: 0x0000000000000000 rcx: 0x7b1fb2e4a2d600cb
 rdx: 0x0000600002b7c090 rdi: 0x0000600002b7c090 rsi: 0x0000000000000000
 rbp: 0x00007ff7b345ee70 rsp: 0x00007ff7b345ee10  r8: 0x00007ff85eca4a58
  r9: 0x0000000000000000 r10: 0x00000000ffffff00 r11: 0x00007ff85eca4a50
 r12: 0xfffffffffffffff9 r13: 0x000000010d34d658 r14: 0x0000600002b7c090
 r15: 0x0000000000000000 rip: 0x000000010d211e60 rfl: 0x0000000000010286

-- C level backtrace information -------------------------------------------
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_vm_bugreport+0x6cf) [0x10d28eaaf]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_bug_for_fatal_signal+0x1d8) [0x10d09e298]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(sigsegv+0x5b) [0x10d1dd5db]
/usr/lib/system/libsystem_platform.dylib(_sigtramp+0x1d) [0x7ff81d4dfdfd]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(coderange_scan+0x120) [0x10d211e60]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_enc_str_coderange+0xdb) [0x10d1f5c2b]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_str_hash+0x34) [0x10d1f4b64]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_st_update+0x44) [0x10d1e7724]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_enc_interned_str+0xb5) [0x10d204f95]
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle(json_string_unescape+0x3a7) [0x10ccda777]
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle(JSON_parse_string+0x21b) [0x10ccda3bb]
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle(JSON_parse_value+0xb26) [0x10ccd8d86]
/Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle(cParser_parse+0x145) [0x10ccd7e55]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(vm_call_cfunc_with_frame+0x155) [0x10d283c25]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(vm_sendish+0x12b) [0x10d27b78b]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(vm_exec_core+0x3c18) [0x10d25f2c8]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_vm_exec+0xbe4) [0x10d275d94]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(rb_ec_exec_node+0x136) [0x10d0a9906]
/Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib(ruby_run_node+0x57) [0x10d0a9787]
/Users/fabian/.rbenv/versions/3.0.4/bin/ruby(main+0x5d) [0x10caa3f0d]

-- Other runtime information -----------------------------------------------

* Loaded script: test.rb

* Loaded features:

    0 enumerator.so
    1 thread.rb
    2 rational.so
    3 complex.so
    4 ruby2_keywords.rb
    5 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/encdb.bundle
    6 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/trans/transdb.bundle
    7 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/rbconfig.rb
    8 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/compatibility.rb
    9 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/defaults.rb
   10 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/deprecate.rb
   11 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/errors.rb
   12 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/exceptions.rb
   13 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/basic_specification.rb
   14 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/stub_specification.rb
   15 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/text.rb
   16 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/user_interaction.rb
   17 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/specification_policy.rb
   18 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/util/list.rb
   19 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/platform.rb
   20 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/version.rb
   21 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/requirement.rb
   22 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/specification.rb
   23 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/util.rb
   24 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/dependency.rb
   25 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/core_ext/kernel_gem.rb
   26 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/monitor.bundle
   27 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/monitor.rb
   28 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/core_ext/kernel_require.rb
   29 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/core_ext/kernel_warn.rb
   30 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/path_support.rb
   31 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems/bundler_version_finder.rb
   32 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/rubygems.rb
   33 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/version.rb
   34 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/core_ext/name_error.rb
   35 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/levenshtein.rb
   36 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/jaro_winkler.rb
   37 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checker.rb
   38 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checkers/name_error_checkers/class_name_checker.rb
   39 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb
   40 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checkers/name_error_checkers.rb
   41 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checkers/method_name_checker.rb
   42 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checkers/key_error_checker.rb
   43 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checkers/null_checker.rb
   44 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/tree_spell_checker.rb
   45 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/spell_checkers/require_path_checker.rb
   46 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean/formatters/plain_formatter.rb
   47 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/did_you_mean.rb
   48 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/version.rb
   49 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/ostruct.rb
   50 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/generic_object.rb
   51 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/common.rb
   52 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle
   53 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/generator.bundle
   54 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext.rb
   55 /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json.rb

* Process memory map:

10caa0000-10caa4000 r-x /Users/fabian/.rbenv/versions/3.0.4/bin/ruby
10caa4000-10caa8000 r-- /Users/fabian/.rbenv/versions/3.0.4/bin/ruby
10caa8000-10caac000 rw- /Users/fabian/.rbenv/versions/3.0.4/bin/ruby
10caac000-10caad000 r-- /Users/fabian/.rbenv/versions/3.0.4/bin/ruby
10caad000-10cab0000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cab0000-10cbb0000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbb0000-10cbb2000 rw- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbb2000-10cbb4000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbb4000-10cbb5000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbb5000-10cbb9000 rw- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbb9000-10cbba000 --- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbba000-10cbc3000 rw- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbc3000-10cbc4000 --- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbc4000-10cbc5000 --- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbc5000-10cbce000 rw- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbce000-10cbcf000 --- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbcf000-10cbd0000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbd0000-10cbd1000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbd1000-10cbd8000 rw- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbd8000-10cbd9000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cbd9000-10cc19000 rw- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cc25000-10cc85000 r-x /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cc85000-10cc89000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cc89000-10cc8d000 rw- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cc8d000-10cc9d000 r-- /usr/local/Cellar/gmp/6.2.1_1/lib/libgmp.10.dylib
10cc9d000-10cca1000 r-x /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/encdb.bundle
10cca1000-10cca5000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/encdb.bundle
10cca5000-10cca9000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/encdb.bundle
10cca9000-10ccad000 r-x /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/trans/transdb.bundle
10ccad000-10ccb1000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/trans/transdb.bundle
10ccb1000-10ccb5000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/enc/trans/transdb.bundle
10ccb5000-10ccb9000 r-x /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/monitor.bundle
10ccb9000-10ccbd000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/monitor.bundle
10ccbd000-10ccc1000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/monitor.bundle
10ccc1000-10ccc5000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/3.0.0/x86_64-darwin21/monitor.bundle
10ccc5000-10ccd2000 r-- /Users/fabian/.rbenv/versions/3.0.4/bin/ruby
10ccd3000-10ccdb000 r-x /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle
10ccdb000-10ccdf000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle
10ccdf000-10cce3000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle
10cce3000-10cce7000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle
10cce7000-10ccf5000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/parser.bundle
10ccf7000-10ccff000 r-x /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/generator.bundle
10ccff000-10cd03000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/generator.bundle
10cd03000-10cd07000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/generator.bundle
10cd07000-10cd0b000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/ruby/gems/3.0.0/gems/json-2.6.1/lib/json/ext/generator.bundle
10cd0b000-10cd89000 r-- /usr/lib/system/libsystem_platform.dylib
10cff9000-10d345000 r-x /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d345000-10d34d000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d34d000-10d351000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d351000-10d35d000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d35d000-10d451000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d451000-10d452000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d452000-10d4f3000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d4f3000-10d4f4000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d4f4000-10d595000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d595000-10d596000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d596000-10d637000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d637000-10d638000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d638000-10d6d9000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d6d9000-10d6da000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d6da000-10d77b000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d77b000-10d77c000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d77c000-10d81d000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d81d000-10d81e000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d81e000-10d8bf000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d8bf000-10d8c0000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d8c0000-10d961000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d961000-10d962000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10d962000-10da03000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10da03000-10da04000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10da04000-10daa5000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10daa5000-10daa6000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10daa6000-10db47000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10db47000-10db48000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10db48000-10dbe9000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dbe9000-10dbea000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dbea000-10dc8b000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dc8b000-10dc8c000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dc8c000-10dd2d000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dd2d000-10dd2e000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dd2e000-10ddcf000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10ddcf000-10ddd0000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10ddd0000-10de71000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10de71000-10de72000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10de72000-10df13000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10df13000-10df14000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10df14000-10dfb5000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dfb5000-10dfb6000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10dfb6000-10e057000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e057000-10e058000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e058000-10e0f9000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e0f9000-10e0fa000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e0fa000-10e19b000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e19b000-10e19c000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e19c000-10e23d000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e23d000-10e23e000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e23e000-10e2df000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e2df000-10e2e0000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e2e0000-10e381000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e381000-10e382000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e382000-10e423000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e423000-10e424000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e424000-10e4c5000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e4c5000-10e4c6000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e4c6000-10e567000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e567000-10e568000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e568000-10e609000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e609000-10e60a000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e60a000-10e6ab000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e6ab000-10e6ac000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e6ac000-10e74d000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e74d000-10e74e000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e74e000-10e7ef000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e7ef000-10e7f0000 --- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e7f0000-10e891000 rw- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
10e891000-10ecda000 r-- /Users/fabian/.rbenv/versions/3.0.4/lib/libruby.3.0.dylib
11c543000-11c5af000 r-x /usr/lib/dyld
11c5af000-11c5c3000 r-- /usr/lib/dyld
11c5c3000-11c5c7000 rw- /usr/lib/dyld
11c5c7000-11c5f8000 r-- /usr/lib/dyld
11c5f8000-11c5fb000 r--
600000000000-600008000000 rw-
600008000000-600010000000 rw-
600010000000-600018000000 rw-
600018000000-600020000000 rw-
700004bad000-700004bae000 ---
700004bae000-700004c30000 rw-
7fb9c5700000-7fb9c5800000 rw-
7fb9c5800000-7fb9c6000000 rw-
7fb9c6000000-7fb9c6100000 rw-
7fb9c6100000-7fb9c6200000 rw-
7fb9c6200000-7fb9c621b000 rw-
7fb9c621b000-7fb9c631b000 rw-
7fb9c631b000-7fb9c632b000 rw-
7fb9c632b000-7fb9c638b000 rw-
7fb9c638b000-7fb9c6397000 rw-
7fb9c6397000-7fb9c63af000 rw-
7fb9c63af000-7fb9c63be000 rw-
7fb9c63be000-7fb9c63db000 rw-
7fb9c6400000-7fb9c6500000 rw-
7fb9c6500000-7fb9c6539000 rw-
7fb9c6600000-7fb9c6700000 rw-
7fb9c6700000-7fb9c6800000 rw-
7fb9c6800000-7fb9c7000000 rw-
7fb9c7000000-7fb9c9000000 rw-
7fb9c9000000-7fb9c9800000 rw-
7fb9c9800000-7fb9ca000000 rw-
7fb9ca000000-7fb9ca800000 rw-
7fb9ca800000-7fb9cb000000 rw-
7fb9cb000000-7fb9cb800000 rw-
7fb9cb800000-7fb9cc000000 rw-
7fb9cc000000-7fb9cc100000 rw-
7fb9cc100000-7fb9cc200000 rw-
7ff7af460000-7ff7b2c60000 ---
7ff7b2c60000-7ff7b3460000 rw-
7ff800000000-7ff840000000 r--
7ff840000000-7ff85eacd000 r--
7ff85eacd000-7ff85ec00000 rw-
7ff85ec00000-7ff85ee00000 rw-
7ff85ee00000-7ff85f400000 r--
7ff85f400000-7ff85f600000 rw-
7ff85f600000-7ff860400000 r--
7ff860400000-7ff860600000 rw-
7ff860600000-7ff880000000 r--
7ff880000000-7ffffe000000 r--
7fffffe00000-7fffffe01000 r--
7fffffe84000-7fffffe85000 r-x
[IMPORTANT]
Don't forget to include the Crash Report log file under
DiagnosticReports directory in bug reports.

[1]    27595 abort      ruby test.rb

I also opened a bug on the ruby bugtracker: https://bugs.ruby-lang.org/issues/18728
@fschwahn fschwahn changed the title Segmentation fault under ruby 3.0.4 Segmentation fault in ruby 3.0.4 Apr 14, 2022
@jeremyevans
Copy link
Contributor

This is a bug in the json library, not in Ruby. The json extension is passing a NULL pointer as the first argument to rb_enc_interned_str. From running with a debugger:

0x000000d438758ca5 in json_string_unescape (string=<optimized out>,
    stringEnd=0xd48117bfb2 "\":\"foo\"}", intern=1, symbolize=0) at parser.rl:557
(gdb) s
rb_enc_interned_str (ptr=0x0, len=0, enc=0xd46b458a00) at string.c:11558

I think this is because the ALLOC_N call returns NULL, because you are asking to allocate a 0 byte memory region. rb_enc_interned_str does not accept NULL pointers, unlike rb_utf8_str_new and rb_str_new.

This patch fixes the issue from my testing:

diff --git a/ext/json/ext/parser/parser.c b/ext/json/ext/parser/parser.c
index b7de60d..046c2ab 100644
--- a/ext/json/ext/parser/parser.c
+++ b/ext/json/ext/parser/parser.c
@@ -2363,9 +2363,9 @@ static VALUE json_string_unescape(char *string, char *stringEnd, int intern, int
        char buf[4];

        if (bufferSize > MAX_STACK_BUFFER_SIZE) {
-               bufferStart = buffer = ALLOC_N(char, bufferSize);
+               bufferStart = buffer = ALLOC_N(char, bufferSize ? bufferSize : 1);
        } else {
-               bufferStart = buffer = ALLOCA_N(char, bufferSize);
+               bufferStart = buffer = ALLOCA_N(char, bufferSize ? bufferSize : 1);
        }

        while (pe < stringEnd) {

You would obviously want to make the patch to the ragel file and regenerate the parser.

@fschwahn
Copy link
Author

I can confirm that regressing to version 2.5.1 fixes the issue for me.

@abrom abrom mentioned this issue Apr 20, 2022
Merged
@skaes
Copy link

skaes commented May 10, 2022

We have a large number of Ruby 3.0.3 apps in production and we would really like to upgrade to 3.0.4 a.s.ap. to fix the security issues of 3.0.3. But this issue here kind of prevents us from doing so. A new gem release including abrom@b59368a would help a lot.

@jaggederest jaggederest mentioned this issue May 12, 2022
Merged
9 tasks
@flori flori closed this as completed in b59368a May 16, 2022
@flori
Copy link
Member

flori commented May 16, 2022

I have released a version 2.6.2 for ext and pure parsers with this fix now. I couldn't release a jruby version 2.6.2 even though I attempted to set up a build environment and failed. Maybe someone knows how to build and release this? I don't use java or jruby.

This was referenced Aug 1, 2022
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix parser bug for empty string allocation abrom/json
4 participants
@jeremyevans @flori @skaes @fschwahn