From: Eric Wong <normalperson@yhbt.net>
To: Ruby developers <ruby-core@ruby-lang.org>
Subject: [ruby-core:69737] Re: [Ruby trunk - Bug #11306] [Open] Segmentation fault
Date: Thu, 25 Jun 2015 08:22:23 +0000 [thread overview]
Message-ID: <20150625082223.GA26549@dcvr.yhbt.net> (raw)
In-Reply-To: <redmine.issue-11306.20150625074532.e2807b9700a20ceb@ruby-lang.org>
dsaronin@gmail.com wrote:
> static VALUE cups_get_device_uri(VALUE self, VALUE printer)
> {
> if (!printer_exists(printer))
> {
> rb_raise(rb_eRuntimeError, "The printer or destination doesn't exist!");
> }
>
> VALUE options_list;
> http_t *http;
> ipp_t *request;
> ipp_t *response;
> ipp_attribute_t *attr;
> char uri[1024];
> char *location;
> char *name = RSTRING_PTR(printer);
You want to use StringValueCStr or StringValuePtr when you see
untrusted user-input instead of RSTRING_PTR. RSTRING_PTR will segfault
if the user calls a function with a non-String.
> request = ippNewRequest(IPP_GET_PRINTER_ATTRIBUTES);
> httpAssembleURIf(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipp", NULL, "localhost", 0, "/printers/%s", name);
You also need to add a GC guard for VALUE where you got `name' from
after the last use of `name' in your function:
RB_GC_GUARD(printer);
Nowadays with better optimizing compilers, the `volatile' type qualifier
for args in the StringValue* family functions is insufficient to protect
VALUEs from inadvertant GC. RB_GC_GUARD must be used.
See doc/extension.rdoc in the latest Ruby trunk or README.EXT in the
2.2 source tarball for more info on these APIs
And feel free to ask for clarification here on the ruby-core ML.
> cups.c (14.2 KB)
Lots of similar problems in cups.c too. The same pattern
described above needs to happen with
RSTRING_PTR => StringValueCStr/StringValuePtr and the addition of
RB_GC_GUARD calls after the last access to the underlying pointer.
There may be other problems in the code, too, but these are the ones
that jumped out to my tired, sleepy eyes...
next prev parent reply other threads:[~2015-06-25 7:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-11306.20150625074532@ruby-lang.org>
2015-06-25 7:45 ` [ruby-core:69736] [Ruby trunk - Bug #11306] [Open] Segmentation fault dsaronin
2015-06-25 8:22 ` Eric Wong [this message]
2015-06-25 10:14 ` [ruby-core:69738] [Ruby trunk - Bug #11306] [Third Party's Issue] " nobu
2015-06-26 1:25 ` [ruby-core:69740] [Ruby trunk - Bug #11306] " dsaronin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150625082223.GA26549@dcvr.yhbt.net \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).