[前][次][番号順一覧][スレッド一覧]

ruby-changes:57743

From: nagachika <ko1@a...>
Date: Sat, 14 Sep 2019 11:25:13 +0900 (JST)
Subject: [ruby-changes:57743] a165a066e8 (ruby_2_6): merge revision(s) ade1283ca276f7d589ffd3539fbc7b9817f682d5: [Backport #16136]

https://git.ruby-lang.org/ruby.git/commit/?id=a165a066e8

From a165a066e8f976a79256188c53e0e60f11c98607 Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 14 Sep 2019 02:24:58 +0000
Subject: merge revision(s) ade1283ca276f7d589ffd3539fbc7b9817f682d5: [Backport
 #16136]

	Fix a use-after-free bug by avoiding rb_str_new_frozen

	`str2 = rb_str_new_frozen(str1)` seems to make str1 a shared string that
	refers to str2, but str2 is not marked as STR_IS_SHARED_M nor
	STR_NOFREE.
	`rb_fstring(str2)` frees str2's ptr because it is not marked, and the
	free'ed pointer is the same as str1's ptr.
	After that, accessing str1 may cause use-after-free memory corruption.

	I guess this is a bug of rb_str_new_frozen, but I'm completely unsure
	what it should be; the string states and flags are not documented.
	So, this is a workaround for [Bug #16136].  I confirmed that rspec of
	activeadmin runs gracefully.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67803 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

diff --git a/symbol.c b/symbol.c
index f3506a0..a408ee0 100644
--- a/symbol.c
+++ b/symbol.c
@@ -743,7 +743,8 @@ rb_str_intern(VALUE str) https://github.com/ruby/ruby/blob/trunk/symbol.c#L743
 	enc = ascii;
     }
     else {
-	str = rb_str_new_frozen(str);
+        str = rb_str_dup(str);
+        OBJ_FREEZE(str);
     }
     str = rb_fstring(str);
     type = rb_str_symname_type(str, IDSET_ATTRSET_FOR_INTERN);
diff --git a/version.h b/version.h
index f7f129c..4136d36 100644
--- a/version.h
+++ b/version.h
@@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1
 #define RUBY_VERSION "2.6.5"
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 107
+#define RUBY_PATCHLEVEL 108
 
 #define RUBY_RELEASE_YEAR 2019
 #define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 13
+#define RUBY_RELEASE_DAY 14
 
 #include "ruby/version.h"
 
-- 
cgit v0.10.2


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]