From: Nobuyoshi Nakada <nobu@ruby-lang.org>
To: ruby-core@ruby-lang.org
Subject: [ruby-core:34844] Re: [Ruby 1.9-Bug#4314] spwn cause Segmantation Fault if take a long string.
Date: Tue, 25 Jan 2011 08:44:18 +0900 [thread overview]
Message-ID: <4D3E0E9C.5020200@ruby-lang.org> (raw)
In-Reply-To: <4d3e00e015d6b_1dc2b4b1062166af@redmine.ruby-lang.org>
Hi,
At Tue, 25 Jan 2011 07:44:51 +0900,
Motohiro KOSAKI wrote in [ruby-core:34842]:
> reproduce way.
>
> ./ruby -ve 'spawn "a"*100_000_000'
I propose new APIs for exception-safe temporary buffer.
\f
diff --git i/include/ruby/ruby.h w/include/ruby/ruby.h
index 4e15517..aca517c 100644
--- i/include/ruby/ruby.h
+++ w/include/ruby/ruby.h
@@ -1028,6 +1028,18 @@ NUM2CHR(VALUE x)
#define ALLOCA_N(type,n) (type*)alloca(sizeof(type)*(n))
+void *rb_alloc_tmp_buffer(volatile VALUE *store, long len);
+void rb_free_tmp_buffer(volatile VALUE *store);
+/* allocates _n_ bytes temporary buffer and stores VALUE including it
+ * in _v_. _n_ may be evaluated twice. */
+#ifdef C_ALLOCA
+# define ALLOCV(v, n) rb_alloc_tmp_buffer(&(v), (n))
+#else
+# define ALLOCV(v, n) ((n) < 1024 ? (RB_GC_GUARD(v) = 0, alloca(n)) : rb_alloc_tmp_buffer(&(v), (n)))
+#endif
+#define ALLOCV_N(type, v, n) (type*)ALLOCV((v), sizeof(type)*(n))
+#define ALLOCV_END(v) rb_free_tmp_buffer(&(v))
+
#define MEMZERO(p,type,n) memset((p), 0, sizeof(type)*(n))
#define MEMCPY(p1,p2,type,n) memcpy((p1), (p2), sizeof(type)*(n))
#define MEMMOVE(p1,p2,type,n) memmove((p1), (p2), sizeof(type)*(n))
diff --git i/process.c w/process.c
index 2a6a321..2d0dc44 100644
--- i/process.c
+++ w/process.c
@@ -1027,16 +1027,23 @@ exec_with_sh(const char *prog, char **argv)
*--argv = (char *)"sh";
execv("/bin/sh", argv);
}
-#define ALLOCA_ARGV(n) ALLOCA_N(char*, (n)+1)
+#define ARGV_COUNT(n) ((n)+1)
#else
#define try_with_sh(prog, argv) (void)0
-#define ALLOCA_ARGV(n) ALLOCA_N(char*, (n))
+#define ARGV_COUNT(n) (n)
#endif
+#define ARGV_SIZE(n) (sizeof(char*) * ARGV_COUNT(n))
+#define ALLOC_ARGV(n, v) ALLOCV_N(char*, (v), ARGV_COUNT(n))
+#define ALLOC_ARGV_WITH_STR(n, v, s, l) \
+ (char **)(((s) = ALLOCV((v), ARGV_SIZE(n) + (l)) + ARGV_SIZE(n)) - ARGV_SIZE(n))
static int
proc_exec_v(char **argv, const char *prog)
{
char fbuf[MAXPATHLEN];
+#if defined(__EMX__) || defined(OS2)
+ char **new_argv = NULL;
+#endif
if (!prog)
prog = argv[0];
@@ -1052,16 +1059,15 @@ proc_exec_v(char **argv, const char *prog)
char *extension;
if ((extension = strrchr(prog, '.')) != NULL && STRCASECMP(extension, ".bat") == 0) {
- char **new_argv;
char *p;
int n;
for (n = 0; argv[n]; n++)
/* no-op */;
- new_argv = ALLOCA_N(char*, n + 2);
+ new_argv = ALLOC_N(char*, n + 2);
for (; n > 0; n--)
new_argv[n + 1] = argv[n];
- new_argv[1] = strcpy(ALLOCA_N(char, strlen(argv[0]) + 1), argv[0]);
+ new_argv[1] = strcpy(ALLOC_N(char, strlen(argv[0]) + 1), argv[0]);
for (p = new_argv[1]; *p != '\0'; p++)
if (*p == '/')
*p = '\\';
@@ -1078,6 +1084,12 @@ proc_exec_v(char **argv, const char *prog)
before_exec();
execv(prog, argv);
preserving_errno(try_with_sh(prog, argv); after_exec());
+#if defined(__EMX__) || defined(OS2)
+ if (new_argv) {
+ xfree(new_argv[0]);
+ xfree(new_argv);
+ }
+#endif
return -1;
}
@@ -1086,15 +1098,18 @@ rb_proc_exec_n(int argc, VALUE *argv, const char *prog)
{
char **args;
int i;
+ int ret = -1;
+ VALUE v;
- args = ALLOCA_ARGV(argc+1);
+ args = ALLOC_ARGV(argc+1, v);
for (i=0; i<argc; i++) {
args[i] = RSTRING_PTR(argv[i]);
}
args[i] = 0;
if (args[0]) {
- return proc_exec_v(args, prog);
+ ret = proc_exec_v(args, prog);
}
+ ALLOCV_END(v);
return -1;
}
@@ -1105,6 +1120,8 @@ rb_proc_exec(const char *str)
const char *s = str;
char *ss, *t;
char **argv, **a;
+ VALUE v;
+ int ret = -1;
#endif
while (*str && ISSPACE(*str))
@@ -1114,6 +1131,7 @@ rb_proc_exec(const char *str)
before_exec();
rb_w32_spawn(P_OVERLAY, (char *)str, 0);
after_exec();
+ return -1;
#else
for (s=str; *s; s++) {
if (ISSPACE(*s)) {
@@ -1145,8 +1163,7 @@ rb_proc_exec(const char *str)
return -1;
}
}
- a = argv = ALLOCA_ARGV((s-str)/2+2);
- ss = ALLOCA_N(char, s-str+1);
+ a = argv = ALLOC_ARGV_WITH_STR((s-str)/2+2, v, ss, s-str+1);
memcpy(ss, str, s-str);
ss[s-str] = '\0';
if ((*a++ = strtok(ss, " \t")) != 0) {
@@ -1156,11 +1173,14 @@ rb_proc_exec(const char *str)
*a = NULL;
}
if (argv[0]) {
- return proc_exec_v(argv, 0);
+ ret = proc_exec_v(argv, 0);
+ }
+ else {
+ errno = ENOENT;
}
- errno = ENOENT;
+ ALLOCV_END(v);
+ return ret;
#endif /* _WIN32 */
- return -1;
}
#if defined(_WIN32)
@@ -1202,15 +1222,18 @@ proc_spawn_n(int argc, VALUE *argv, VALUE prog)
{
char **args;
int i;
+ VALUE v;
+ rb_pid_t pid = -1;
- args = ALLOCA_ARGV(argc + 1);
+ args = ALLOC_ARGV(argc + 1, v);
for (i = 0; i < argc; i++) {
args[i] = RSTRING_PTR(argv[i]);
}
args[i] = (char*) 0;
if (args[0])
- return proc_spawn_v(args, prog ? RSTRING_PTR(prog) : 0);
- return -1;
+ pid = proc_spawn_v(args, prog ? RSTRING_PTR(prog) : 0);
+ ALLOCV_END(v);
+ return pid;
}
#if defined(_WIN32)
@@ -1223,6 +1246,7 @@ proc_spawn(char *str)
char *s, *t;
char **argv, **a;
rb_pid_t status;
+ VALUE v;
for (s = str; *s; s++) {
if (*s != ' ' && !ISALPHA(*s) && strchr("*?{}[]<>()~&|\\$;'`\"\n",*s)) {
@@ -1234,15 +1258,16 @@ proc_spawn(char *str)
return status;
}
}
- a = argv = ALLOCA_ARGV((s - str) / 2 + 2);
- s = ALLOCA_N(char, s - str + 1);
+ a = argv = ALLOC_ARGV_WITH_STR((s - str) / 2 + 2, v, s, s - str + 1);
strcpy(s, str);
if (*a++ = strtok(s, " \t")) {
while (t = strtok(NULL, " \t"))
*a++ = t;
*a = NULL;
}
- return argv[0] ? proc_spawn_v(argv, 0) : -1;
+ status = argv[0] ? proc_spawn_v(argv, 0) : -1;
+ ALLOCV_END(v);
+ return status;
}
#endif
#endif
diff --git i/string.c w/string.c
index e5e24ac..c3468b9 100644
--- i/string.c
+++ w/string.c
@@ -45,6 +45,8 @@
#undef rb_str_buf_cat2
#undef rb_str_cat2
+static VALUE rb_str_clear(VALUE str);
+
VALUE rb_cString;
VALUE rb_cSymbol;
@@ -765,6 +767,22 @@ rb_str_tmp_new(long len)
return str_new(0, 0, len);
}
+void *
+rb_alloc_tmp_buffer(volatile VALUE *store, long len)
+{
+ VALUE s = rb_str_tmp_new(len);
+ *store = s;
+ return RSTRING_PTR(s);
+}
+
+void
+rb_free_tmp_buffer(volatile VALUE *store)
+{
+ VALUE s = *store;
+ *store = 0;
+ if (s) rb_str_clear(s);
+}
+
void
rb_str_free(VALUE str)
{
\f
--
Nobu Nakada
next prev parent reply other threads:[~2011-01-24 23:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-24 14:44 [ruby-core:34832] [Ruby 1.9-Bug#4314][Open] spwn cause Segmantation Fault if take a long string Motohiro KOSAKI
2011-01-24 22:44 ` [ruby-core:34842] [Ruby 1.9-Bug#4314] " Motohiro KOSAKI
2011-01-24 23:44 ` Nobuyoshi Nakada [this message]
2011-01-27 8:38 ` [ruby-core:34890] [Ruby 1.9-Bug#4314][Closed] " Motohiro KOSAKI
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D3E0E9C.5020200@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).