In the test case, the client raises an exception in the session_new_cb
and may not cleanly close the connection. Let's ignore exceptions raised
at the server side.
Fixes: https://github.com/ruby/openssl/issues/828210ba0334a
OpenSSL::Digest#finish overrides Digest::Instance#finish and is called
from the Digest::Class framework in the digest library. This method is
not supposed to take any arguments, as suggested by the RDoc comment for
Digest::Instance#finish.
It is a private method and not exposed to users. Let's remove it.
This optional parameter exists since r15602 in Ruby trunk, the commit
which converted OpenSSL::Digest to a subclass of Digest::Class.
dcb2a4f30b
OpenSSL::Cipher#update accepts a String as the second argument to be
used as the output buffer. The buffer must be directly writable, in
other words, it must not be frozen and not a shared string.
rb_str_resize() does not make the String independent if the String
already has the intended length. Use the rb_str_modify() family instead
to check it.
Fixes: https://bugs.ruby-lang.org/issues/209371de3b80a46
Add a binding for PKCS12_set_mac() to set MAC parameters and
(re-)calculate MAC for the content.
This allows generating PKCS #12 with consistent MAC parameters with
different OpenSSL versions. OpenSSL 3.0 changed the default hash
function used for HMAC and the KDF from SHA-1 to SHA-256.
Fixes: https://github.com/ruby/openssl/issues/772f5ed2a74b6
under "Implementation improvements", similarly to past versions.
We also don't do categorization like "* New features" (which was in this
file) or "New features:" (which was on the release notes), so I used the
standard header format instead.
I applied the same change to release notes, copied the same thing back
to NEWS.md, and then removed the TL;DR section from it.
Warnings aren't something to brag first on the release notes. So I
lowered the string literal one just a little. However, it still seems
significant compared to other Bug tickets and incompatibilities/warnings,
so I still kept it relatively high.
The fiber pool allocations form a singly-linked list, so when we're
running with RUBY_FREE_AT_EXIT we need to walk the linked list freeing
each element, otherwise it can be detected as a memory leak.
When searching for native extensions, if the name does not end in ".so"
then we create a new string and append ".so" so it. If the native extension
is in static_ext_inits, then we could trigger a GC in the rb_filesystem_str_new_cstr.
This could cuase the GC to free lookup_name since we don't use the local
variable anymore.
This bug was caught in this ASAN build:
http://ci.rvm.jp/results/trunk_asan@ruby-sp1/5479182
==435614==ERROR: AddressSanitizer: use-after-poison on address 0x715a63022da0 at pc 0x5e7463873e4e bp 0x7fff383c8b00 sp 0x7fff383c82c0
READ of size 14 at 0x715a63022da0 thread T0
#0 0x5e7463873e4d in __asan_memcpy (/tmp/ruby/build/trunk_asan/ruby+0x214e4d) (BuildId: 607411c0626a2f66b4c20c02179b346aace20898)
#1 0x5e7463b50a82 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10
#2 0x5e7463b50a82 in ruby_nonempty_memcpy /tmp/ruby/src/trunk_asan/include/ruby/internal/memory.h:671:16
#3 0x5e7463b50a82 in str_enc_new /tmp/ruby/src/trunk_asan/string.c:1035:9
#4 0x5e74639b97dd in search_required /tmp/ruby/src/trunk_asan/load.c:1126:21
#5 0x5e74639b97dd in require_internal /tmp/ruby/src/trunk_asan/load.c:1274:17
#6 0x5e74639b83c1 in rb_require_string_internal /tmp/ruby/src/trunk_asan/load.c:1401:22
#7 0x5e74639b83c1 in rb_require_string /tmp/ruby/src/trunk_asan/load.c:1387:12
* Migrate standard library doc page to markdown
* Improve libraries listing and link to source code
* Fix grammar and improve phrasing
Co-authored-by: Jeremy Evans <code@jeremyevans.net>
If we have local variables outside of the eval, the local variables names
are IDs. We convert these IDs to char * using rb_id2name. However, these
char * are actually Ruby strings, which may be embedded. This means that
it is not safe to rb_id2name and call any potential GC entrypoints because
if a GC compaction runs, the embedded string may move and the pointer will
change.
For example, if you compile with `-DRGENGC_CHECK_MODE=1`, then the following
script will crash:
GC.auto_compact = :empty
GC.stress = true
o = Object.new
eval("def o.m(k: 0) k end")
The crash message is:
test.rb:6: [BUG] Local with constant_id 1 does not exist
ruby 3.4.0dev (2024-12-17T18:34:57Z prism-local-compac.. 434346726c) +PRISM [arm64-darwin24]
-- C level backtrace information -------------------------------------------
miniruby(rb_print_backtrace+0x24) [0x10312fec4] vm_dump.c:823
miniruby(rb_print_backtrace) (null):0
miniruby(rb_vm_bugreport+0x2d4) [0x1031301b8] vm_dump.c:1155
miniruby(rb_bug_without_die_internal+0xa8) [0x102dd6a94] error.c:1097
miniruby(rb_bug+0x28) [0x102dd6b00] error.c:1115
miniruby(pm_lookup_local_index+0xec) [0x102d61e4c] prism_compile.c:1237
miniruby(pm_compile_node+0x45d0) [0x102d252f4] prism_compile.c:9334
miniruby(pm_compile_node+0x1864) [0x102d22588] prism_compile.c:8650
miniruby(pm_compile_node+0x65ec) [0x102d27310] prism_compile.c:9897
miniruby(pm_compile_scope_node+0x3008) [0x102d77bcc] prism_compile.c:6584
miniruby(pm_compile_node+0x5ec4) [0x102d26be8] prism_compile.c:9768
miniruby(pm_iseq_compile_node+0xac) [0x102d20bf0] prism_compile.c:10069
miniruby(pm_iseq_new_with_opt_try+0x2c) [0x102e7d088] iseq.c:1029
miniruby(rb_protect+0x108) [0x102dea9bc] eval.c:1033
miniruby(pm_iseq_new_with_opt+0x264) [0x102e7c444] iseq.c:1082
miniruby(pm_iseq_new_eval+0xec) [0x102e7c8e0] iseq.c:961
miniruby(pm_eval_make_iseq+0x594) [0x1031209cc] vm_eval.c:1770
miniruby(eval_make_iseq+0x54) [0x103120068] vm_eval.c:1799
Put a pop as needed. This example currently causes [BUG]:
$ ruby --parser=prism -e'1.times{"".freeze;nil}'
-e:1: [BUG] Stack consistency error (sp: 15, bp: 14)
ruby 3.4.0dev (2024-12-20T00:48:01Z master 978df259ca) +PRISM [x86_64-linux]
* TCPSocket.new: Close resources in ensure
* TCPSocket.new: Remove unnecessary comments
* Socket.tcp: Make assert_separately in TestSocket more readable
* Socket.tcp: Returning instead of exiting
* Socket.tcp: Close resources in ensure
* Socket.tcp: Avoid test failures on hosts that only support IPv4
[Bug #20942]
If we've raised a memerror while the VM is locked, and the tag we're
jumping to has been locked at a different level to the current lock (ie.
we've locked the VM again since the tag we're jumping to) then we should
consider this memerror fatal and exit, since the tag cannot unlock the
VM.
Co-Authored-By: Peter Zhu <peter@peterzhu.ca>
`struct rb_callcache *` point to an imemo object on the GC heap when
pushed into `struct rb_class_cc_entries`, but by the time vm_ccs_free()
runs, the entire GC page the imemo was on could already be deallocated.
With the right conditions, vm_ccs_free() wrote to freed memory.
rb_objspace_garbage_object_p() by itself is not enough to determine
liveness.
I conjectured this situation to be possible in
<https://github.com/ruby/ruby/pull/11995> using hints from crashes
in the wild. With c37bdfa531 ("Make
asan_poison_object poison the whole slot"), the in-tree test suite
now recreates this scenario[^1][^2][^3].
Use rb_gc_pointer_to_heap_p(). Other uses of
rb_objspace_garbage_object_p() could be making the same mistake, but
correcting them might introduce serious performance regressions, so
leave them alone for now.
[^1]: http://ci.rvm.jp/results/trunk_asan@ruby-sp1/5477412
[^2]: http://ci.rvm.jp/results/trunk_asan@ruby-sp1/5477445
[^3]: http://ci.rvm.jp/results/trunk_asan@ruby-sp1/5477448
It used to quote only part of the method name because NUL byte in
the method terminates the C string:
```
(irb)> "abcdef".encode("UTF-16LE").bytes
=> [97, 0, 98, 0, 99, 0, 100, 0, 101, 0, 102, 0]
```
```
expected: /abcdef/
actual: warning: Skipping set of ruby2_keywords flag for a (method not defined in Ruby)\n".
```
For the universal parser, `rb_reg_named_capture_assign_iter_impl`
function is shared between the parser and ripper. However
`parser_params` struct is partially different, and `assignable`
function depends on that part indirectly.
If we try to use GET_PAGE_HEADER, it can trigger the read barrier. If we
try to align on the slot then we end up unlocking the heap page of a
lower memory address.
This change poisons the whole slot of the object rather than just the flags.
This allows ASAN to find any reads/writes into the slot after it has been
freed.
