ruby-changes:62681
From: Jeremy <ko1@a...>
Date: Sat, 22 Aug 2020 06:52:53 +0900 (JST)
Subject: [ruby-changes:62681] a0273d67d0 (master): Avoid a use after free in VM assertion
https://git.ruby-lang.org/ruby.git/commit/?id=a0273d67d0 From a0273d67d044dc9fe25313e0854a33374b990e8a Mon Sep 17 00:00:00 2001 From: Jeremy Evans <code@j...> Date: Fri, 21 Aug 2020 12:52:02 -0700 Subject: Avoid a use after free in VM assertion If the thread for the current EC has been killed, don't check the VM ptr for the EC (which gets it via the thread), as that will have already been freed. Fixes [Bug #16907] diff --git a/vm_core.h b/vm_core.h index 8f4a020..bf04288 100644 --- a/vm_core.h +++ b/vm_core.h @@ -1754,6 +1754,7 @@ rb_current_vm(void) https://github.com/ruby/ruby/blob/trunk/vm_core.h#L1754 VM_ASSERT(ruby_current_vm_ptr == NULL || ruby_current_execution_context_ptr == NULL || rb_ec_thread_ptr(GET_EC()) == NULL || + rb_ec_thread_ptr(GET_EC())->status == THREAD_KILLED || rb_ec_vm_ptr(GET_EC()) == ruby_current_vm_ptr); return ruby_current_vm_ptr; } -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/