Skip to content
Blame Permalink
  • U.Nakamura's avatar
    c96ef4ee
    merge revision(s) 02a7e12b: [Backport #19593] · c96ef4ee
    U.Nakamura authored 
    

	Ensure throw data is not set as cause

	[Bug #19593]

	rb_ec_setup_exception did not check if errinfo is a throw_data. This can
	cause crashes in code since it is assumed that id_cause is an object.

	We saw a crash in show_cause due to id_cause of errinfo being a
	throw_data. It crashes on rb_obj_is_kind_of since it cannot be called on
	T_IMEMO objects.

	Unfortunately, we couldn't find a reproduction script, however we
	debugged the core dump and rb_ec_setup_exception is the only place where
	id_cause is assigned from errinfo without checking if it is a
	throw_data.

	```
	0x0000556c5708e6dd in sigsegv (sig=11, info=0x7f301befa3f0, ctx=0x7f301befa2c0) at signal.c:964
	0x00007f301d046420 in <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
	class_search_class_ancestor (c=139844586301760, cl=<optimized out>) at object.c:810
	rb_obj_is_kind_of (obj=obj@entry=139839221734880, c=139844586301760) at object.c:861
	0x0000556c56f2f00f in show_cause
	    (errinfo=errinfo@entry=139838840645160, str=str@entry=139839221730520, opt=139839221730480, highlight=0, reverse=reverse@entry=0, backtrace_limit=backtrace_limit@entry=-1, shown_causes=0x7ffe9d1a2d68) at ./include/ruby/internal/special_consts.h:175
	```

Co-Authored-By: default avatarJean Boussier <byroot@ruby-lang.org>
	---
	 eval.c | 4 ++++
	 1 file changed, 4 insertions(+)
    c96ef4ee
    merge revision(s) 02a7e12b: [Backport #19593]
    U.Nakamura authored 
    

	Ensure throw data is not set as cause

	[Bug #19593]

	rb_ec_setup_exception did not check if errinfo is a throw_data. This can
	cause crashes in code since it is assumed that id_cause is an object.

	We saw a crash in show_cause due to id_cause of errinfo being a
	throw_data. It crashes on rb_obj_is_kind_of since it cannot be called on
	T_IMEMO objects.

	Unfortunately, we couldn't find a reproduction script, however we
	debugged the core dump and rb_ec_setup_exception is the only place where
	id_cause is assigned from errinfo without checking if it is a
	throw_data.

	```
	0x0000556c5708e6dd in sigsegv (sig=11, info=0x7f301befa3f0, ctx=0x7f301befa2c0) at signal.c:964
	0x00007f301d046420 in <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
	class_search_class_ancestor (c=139844586301760, cl=<optimized out>) at object.c:810
	rb_obj_is_kind_of (obj=obj@entry=139839221734880, c=139844586301760) at object.c:861
	0x0000556c56f2f00f in show_cause
	    (errinfo=errinfo@entry=139838840645160, str=str@entry=139839221730520, opt=139839221730480, highlight=0, reverse=reverse@entry=0, backtrace_limit=backtrace_limit@entry=-1, shown_causes=0x7ffe9d1a2d68) at ./include/ruby/internal/special_consts.h:175
	```

Co-Authored-By: default avatarJean Boussier <byroot@ruby-lang.org>
	---
	 eval.c | 4 ++++
	 1 file changed, 4 insertions(+)