diff options
| author | Kouhei Sutou <[email protected]> | 2015-02-25 00:13:40 +0900 |
|---|---|---|
| committer | Kouhei Sutou <[email protected]> | 2015-02-25 00:13:40 +0900 |
| commit | 3fefe52ffb7286d129167c092d7ccc2908c37292 (patch) | |
| tree | f51afb13aa5ecc4831f67a9d07a32df32d68eb3c /tasks | |
| parent | a2a272ca8ebecdc037b352ee95492accfeab9457 (diff) | |
| download | mruby-3fefe52ffb7286d129167c092d7ccc2908c37292.tar.gz mruby-3fefe52ffb7286d129167c092d7ccc2908c37292.zip | |
Fix a crash bug on raising after realloc
The following program reproduces this problem:
#include <mruby.h>
static mrb_value
recursive(mrb_state *mrb, mrb_value self)
{
mrb_int n;
mrb_get_args(mrb, "i", &n);
if (n == 0) {
mrb_raise(mrb, E_RUNTIME_ERROR, "XXX");
} else {
mrb_funcall(mrb, self, "recursive", 1, mrb_fixnum_value(n - 1));
}
return self;
}
int
main(void)
{
mrb_state *mrb;
mrb = mrb_open();
mrb_define_method(mrb, mrb->kernel_module, "recursive", recursive,
MRB_ARGS_REQ(1));
mrb_funcall(mrb, mrb_top_self(mrb), "recursive", 1, mrb_fixnum_value(30));
mrb_close(mrb);
}
Recursive method call isn't required. It's just for expanding call info
stack.
If mrb_realloc() is called in cipush(), cibase address is changed. So,
we shouldn't compare ci before mrb_realloc() and cibase after
mrb_realloc(). It accesses unknown address and causes crash.
Diffstat (limited to 'tasks')
0 files changed, 0 insertions, 0 deletions