Bug 2256789 - skf: C type errors in the Ruby bindings lead to crashes, compilation failures
Summary: skf: C type errors in the Ruby bindings lead to crashes, compilation failures
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: skf
Version: rawhide
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Mamoru TASAKA
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: PortingToModernCHelpNeeded
TreeView+ depends on / blocked
 
Reported: 2024-01-04 14:59 UTC by Florian Weimer
Modified: 2024-01-05 05:23 UTC (History)
1 user (show)

Fixed In Version: skf-2.10.16-4.fc40
Clone Of:
Environment:
Last Closed: 2024-01-05 05:23:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Florian Weimer 2024-01-04 14:59:22 UTC 
Reproducer:

$ ruby -e 'require "skf";print(Skf::convert(1,"\\377"))'

GDB reports:

Program received signal SIGSEGV, Segmentation fault.
0x00007fc99bb79900 in rbimpl_rstring_getmem (str=3)
    at /usr/include/ruby/internal/core/rstring.h:460
Downloading source file /usr/include/ruby/internal/core/rstring.h
warning: Source file is more recent than executable.                            
460	 * @return     Its length, in bytes.
(gdb) bt
#0  0x00007fc99bb79900 in rbimpl_rstring_getmem (str=3)
    at /usr/include/ruby/internal/core/rstring.h:460
#1  RSTRING_PTR (str=3) at /usr/include/ruby/internal/core/rstring.h:500
#2  skf_rbstring2skfstring (rstr=3)
    at /usr/src/debug/skf-2.10.16-2.fc39.x86_64/ruby/skf_convert_f_wrap.c:2400
#3  0x00007fc99bb7c7f9 in _wrap_convert (argc=<optimized out>, 
    argv=0x7fc9a07a5050, self=<optimized out>)
    at /usr/src/debug/skf-2.10.16-2.fc39.x86_64/ruby/skf_convert_f_wrap.c:3524
#4  0x00007fc9a0fb554d in vm_call_cfunc_with_frame (ec=0x55a177dd14b0, 
    reg_cfp=<optimized out>, calling=<optimized out>)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/vm_insnhelper.c:3268
#5  0x00007fc9a0fb92ff in vm_sendish (ec=0x55a177dd14b0, 
    reg_cfp=0x7fc9a08a4f90, cd=0x55a178056f20, block_handler=<optimized out>, 
    method_explorer=<optimized out>)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/vm_callinfo.h:367
#6  0x00007fc9a0fbb089 in vm_exec_core (ec=0x55a177dd14b0, initial=0)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/redhat-linux-build/insns.def:820
#7  0x00007fc9a0fd0ca2 in rb_vm_exec (ec=0x55a177dd14b0, jit_enable_p=true)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/vm.c:2391
#8  0x00007fc9a0e31a5e in rb_ec_exec_node (ec=ec@entry=0x55a177dd14b0, 
    n=n@entry=0x7fc99c13fb10)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/eval.c:289
#9  0x00007fc9a0e359a3 in ruby_run_node (n=0x7fc99c13fb10)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/eval.c:330
#10 0x000055a176d22197 in rb_main (argv=0x7ffc753f8348, argc=3)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/main.c:38
#11 main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/ruby-3.2.2-183.fc40.x86_64/main.c:57

This is probably related to a compilation error with GCC 14:

In file included from skf_convert_f_wrap.c:2015:
skf_convert_f_wrap.c: In function ‘convert’:
skf_convert_f_wrap.c:3112:28: error: passing argument 1 of ‘RSTRING_LEN’ makes integer from pointer without a cast
 3112 |     ibuflen = get_rstr_len(cstr);
      |                            ^~~~
      |                            |
      |                            struct Skf_localestring *
skf_convert.h:60:37: note: in definition of macro ‘get_rstr_len’
   60 | #define get_rstr_len(x) RSTRING_LEN(x)
      |                                     ^
In file included from /usr/include/ruby/internal/arithmetic/char.h:29,
                 from /usr/include/ruby/internal/arithmetic.h:24,
                 from /usr/include/ruby/ruby.h:28,
                 from /usr/include/ruby.h:38,
                 from skf_convert_f_wrap.c:872:
/usr/include/ruby/internal/core/rstring.h:484:19: note: expected ‘VALUE’ {aka ‘long unsigned int’} but argument is of type ‘struct Skf_localestring *’
  484 | RSTRING_LEN(VALUE str)
      |             ~~~~~~^~~


Reproducible: Always
Comment 1 Mamoru TASAKA 2024-01-04 15:14:34 UTC 
I don't understand from which you brought such an example.
I don't think '1' is the valid value for 1st argument. Although there can be a discussion that
segfault should not occur, I don't understand this leads to "compilation failure".
Comment 2 Mamoru TASAKA 2024-01-04 15:35:59 UTC 
The first argument must be some string. Again although there can be a discussion that
segfault should not occur anyway, I am not sure if I must check every possibility.
Comment 3 Florian Weimer 2024-01-04 16:58:38 UTC 
Hmm, I assumed the segfault was in the error handling code (like in some other packages), but in this case, there is just no error handling at all.

The compilation failure happens because the code uses Ruby's C API type VALUE as if it were a Ruby string pointer. Previously, this was accepted with a -Wint-conversion warning, as can be seen in this build log:

“
In file included from skf_convert_f_wrap.c:2015:
skf_convert_f_wrap.c: In function ‘convert’:
skf_convert_f_wrap.c:3112:28: warning: passing argument 1 of ‘RSTRING_LEN’ makes integer from pointer without a cast [-Wint-conversion]
 3112 |     ibuflen = get_rstr_len(cstr);
      |                            ^~~~
      |                            |
      |                            struct Skf_localestring *
skf_convert.h:60:37: note: in definition of macro ‘get_rstr_len’
   60 | #define get_rstr_len(x) RSTRING_LEN(x)
      |                                     ^
”

<https://kojipkgs.fedoraproject.org//packages/skf/2.10.16/3.fc40/data/logs/x86_64/build.log>
Comment 4 Mamoru TASAKA 2024-01-05 05:10:44 UTC 
Anyway, I think I've fixed cast issue with skf-2.10.16-4.fc40 , would you check this?

https://koji.fedoraproject.org/koji/buildinfo?buildID=2341122
https://src.fedoraproject.org/rpms/skf/c/f8d272996a8f14dcdf879998af4318030cd0de1b?branch=rawhide
Comment 5 Florian Weimer 2024-01-05 05:23:23 UTC 
It fixes the issue, thanks!
Note You need to log in before you can comment on or make changes to this bug.