* [ruby-core:91095] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat
[not found] <redmine.issue-15536.20190115084207@ruby-lang.org>
@ 2019-01-15 8:42 ` fg
2019-01-15 13:47 ` [ruby-core:91104] " mame
` (3 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: fg @ 2019-01-15 8:42 UTC (permalink / raw)
To: ruby-core
Issue #15536 has been reported by decuplet (Nikita Shilnikov).
----------------------------------------
Bug #15536: Crash on merging specific hashes using keyword splat
https://bugs.ruby-lang.org/issues/15536
* Author: decuplet (Nikita Shilnikov)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
* ruby -v: ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN
----------------------------------------
Here's a snippet that leads to a crash on ruby 2.5.3. I tried to make it as small as possible.
```ruby
1000.times do
{
**{
a1: nil,
a2: nil,
a3: nil,
a4: nil,
a5: nil,
a6: nil,
a7: nil,
a8: nil,
a9: nil
},
b1: nil,
b2: nil,
a4: nil,
**{ c1: nil, c2: nil },
a7: nil,
a8: nil,
a9: nil,
}
end
```
Results in `*** Error in irb': malloc(): memory corruption: 0x000055ca6c832bd0 ***` (more detail in the attached file).
We came across this on ruby 2.5.3 and as far as I can tell it's no longer a problem on 2.6 but we yet to upgrade.
---Files--------------------------------
segfault.txt (30.8 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ruby-core:91104] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat
[not found] <redmine.issue-15536.20190115084207@ruby-lang.org>
2019-01-15 8:42 ` [ruby-core:91095] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat fg
@ 2019-01-15 13:47 ` mame
2019-01-15 15:34 ` [ruby-core:91107] " fg
` (2 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: mame @ 2019-01-15 13:47 UTC (permalink / raw)
To: ruby-core
Issue #15536 has been updated by mame (Yusuke Endoh).
Good catch. The following code still crashes on trunk.
```
{
**{
a0: nil,
a1: nil,
a2: nil,
a3: nil,
a4: nil,
a5: nil,
a6: nil,
a7: nil,
a8: nil,
},
a0: nil,
a1: nil,
a2: nil,
a3: nil,
a4: nil,
a5: nil,
a6: nil,
a7: nil,
a8: nil,
**{
c: nil
},
b0: nil,
b1: nil,
b2: nil,
b3: nil,
b4: nil,
b5: nil,
b6: nil,
b7: nil,
b8: nil,
b9: nil,
b10: nil,
b11: nil,
b12: nil,
b13: nil,
b14: nil,
b15: nil,
b16: nil,
b17: nil,
b18: nil,
b19: nil,
b20: nil,
b21: nil,
}
```
Here is a patch. It might have an inefficient case, but I think it is easy to backport.
```
diff --git a/st.c b/st.c
index c6b3644e39..ed235c674e 100644
--- a/st.c
+++ b/st.c
@@ -2299,7 +2299,7 @@ rb_hash_bulk_insert_into_st_table(long argc, const VALUE *argv, VALUE hash)
st_table *tab = RHASH_ST_TABLE(hash);
tab = RHASH_TBL_RAW(hash);
- n = tab->num_entries + size;
+ n = tab->entries_bound + size;
st_expand_table(tab, n);
if (UNLIKELY(tab->num_entries))
st_insert_generic(tab, argc, argv, hash);
```
----------------------------------------
Bug #15536: Crash on merging specific hashes using keyword splat
https://bugs.ruby-lang.org/issues/15536#change-76338
* Author: decuplet (Nikita Shilnikov)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
* ruby -v: ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN
----------------------------------------
Here's a snippet that leads to a crash on ruby 2.5.3. I tried to make it as small as possible.
```ruby
1000.times do
{
**{
a1: nil,
a2: nil,
a3: nil,
a4: nil,
a5: nil,
a6: nil,
a7: nil,
a8: nil,
a9: nil
},
b1: nil,
b2: nil,
a4: nil,
**{ c1: nil, c2: nil },
a7: nil,
a8: nil,
a9: nil,
}
end
```
Results in `*** Error in irb': malloc(): memory corruption: 0x000055ca6c832bd0 ***` (more detail in the attached file).
We came across this on ruby 2.5.3 and as far as I can tell it's no longer a problem on 2.6 but we yet to upgrade.
---Files--------------------------------
segfault.txt (30.8 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [ruby-core:91107] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat
[not found] <redmine.issue-15536.20190115084207@ruby-lang.org>
2019-01-15 8:42 ` [ruby-core:91095] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat fg
2019-01-15 13:47 ` [ruby-core:91104] " mame
@ 2019-01-15 15:34 ` fg
2019-01-17 22:09 ` [ruby-core:91150] " naruse
2019-03-12 22:01 ` [ruby-core:91796] " nagachika00
4 siblings, 0 replies; 5+ messages in thread
From: fg @ 2019-01-15 15:34 UTC (permalink / raw)
To: ruby-core
Issue #15536 has been updated by decuplet (Nikita Shilnikov).
That was fast, thank you.
----------------------------------------
Bug #15536: Crash on merging specific hashes using keyword splat
https://bugs.ruby-lang.org/issues/15536#change-76343
* Author: decuplet (Nikita Shilnikov)
* Status: Closed
* Priority: Normal
* Assignee:
* Target version:
* ruby -v: ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
* Backport: 2.4: UNKNOWN, 2.5: REQUIRED, 2.6: REQUIRED
----------------------------------------
Here's a snippet that leads to a crash on ruby 2.5.3. I tried to make it as small as possible.
```ruby
1000.times do
{
**{
a1: nil,
a2: nil,
a3: nil,
a4: nil,
a5: nil,
a6: nil,
a7: nil,
a8: nil,
a9: nil
},
b1: nil,
b2: nil,
a4: nil,
**{ c1: nil, c2: nil },
a7: nil,
a8: nil,
a9: nil,
}
end
```
Results in `*** Error in irb': malloc(): memory corruption: 0x000055ca6c832bd0 ***` (more detail in the attached file).
We came across this on ruby 2.5.3 and as far as I can tell it's no longer a problem on 2.6 but we yet to upgrade.
---Files--------------------------------
segfault.txt (30.8 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ruby-core:91150] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat
[not found] <redmine.issue-15536.20190115084207@ruby-lang.org>
` (2 preceding siblings ...)
2019-01-15 15:34 ` [ruby-core:91107] " fg
@ 2019-01-17 22:09 ` naruse
2019-03-12 22:01 ` [ruby-core:91796] " nagachika00
4 siblings, 0 replies; 5+ messages in thread
From: naruse @ 2019-01-17 22:09 UTC (permalink / raw)
To: ruby-core
Issue #15536 has been updated by naruse (Yui NARUSE).
Backport changed from 2.4: UNKNOWN, 2.5: REQUIRED, 2.6: REQUIRED to 2.4: UNKNOWN, 2.5: REQUIRED, 2.6: DONE
ruby_2_6 r66853 merged revision(s) 66832.
----------------------------------------
Bug #15536: Crash on merging specific hashes using keyword splat
https://bugs.ruby-lang.org/issues/15536#change-76381
* Author: decuplet (Nikita Shilnikov)
* Status: Closed
* Priority: Normal
* Assignee:
* Target version:
* ruby -v: ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
* Backport: 2.4: UNKNOWN, 2.5: REQUIRED, 2.6: DONE
----------------------------------------
Here's a snippet that leads to a crash on ruby 2.5.3. I tried to make it as small as possible.
```ruby
1000.times do
{
**{
a1: nil,
a2: nil,
a3: nil,
a4: nil,
a5: nil,
a6: nil,
a7: nil,
a8: nil,
a9: nil
},
b1: nil,
b2: nil,
a4: nil,
**{ c1: nil, c2: nil },
a7: nil,
a8: nil,
a9: nil,
}
end
```
Results in `*** Error in irb': malloc(): memory corruption: 0x000055ca6c832bd0 ***` (more detail in the attached file).
We came across this on ruby 2.5.3 and as far as I can tell it's no longer a problem on 2.6 but we yet to upgrade.
---Files--------------------------------
segfault.txt (30.8 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ruby-core:91796] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat
[not found] <redmine.issue-15536.20190115084207@ruby-lang.org>
` (3 preceding siblings ...)
2019-01-17 22:09 ` [ruby-core:91150] " naruse
@ 2019-03-12 22:01 ` nagachika00
4 siblings, 0 replies; 5+ messages in thread
From: nagachika00 @ 2019-03-12 22:01 UTC (permalink / raw)
To: ruby-core
Issue #15536 has been updated by nagachika (Tomoyuki Chikanaga).
Backport changed from 2.4: UNKNOWN, 2.5: REQUIRED, 2.6: DONE to 2.4: UNKNOWN, 2.5: DONE, 2.6: DONE
ruby_2_5 r67236 merged revision(s) 66832.
----------------------------------------
Bug #15536: Crash on merging specific hashes using keyword splat
https://bugs.ruby-lang.org/issues/15536#change-77070
* Author: decuplet (Nikita Shilnikov)
* Status: Closed
* Priority: Normal
* Assignee:
* Target version:
* ruby -v: ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
* Backport: 2.4: UNKNOWN, 2.5: DONE, 2.6: DONE
----------------------------------------
Here's a snippet that leads to a crash on ruby 2.5.3. I tried to make it as small as possible.
```ruby
1000.times do
{
**{
a1: nil,
a2: nil,
a3: nil,
a4: nil,
a5: nil,
a6: nil,
a7: nil,
a8: nil,
a9: nil
},
b1: nil,
b2: nil,
a4: nil,
**{ c1: nil, c2: nil },
a7: nil,
a8: nil,
a9: nil,
}
end
```
Results in `*** Error in irb': malloc(): memory corruption: 0x000055ca6c832bd0 ***` (more detail in the attached file).
We came across this on ruby 2.5.3 and as far as I can tell it's no longer a problem on 2.6 but we yet to upgrade.
---Files--------------------------------
segfault.txt (30.8 KB)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-03-12 22:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <redmine.issue-15536.20190115084207@ruby-lang.org>
2019-01-15 8:42 ` [ruby-core:91095] [Ruby trunk Bug#15536] Crash on merging specific hashes using keyword splat fg
2019-01-15 13:47 ` [ruby-core:91104] " mame
2019-01-15 15:34 ` [ruby-core:91107] " fg
2019-01-17 22:09 ` [ruby-core:91150] " naruse
2019-03-12 22:01 ` [ruby-core:91796] " nagachika00
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).