Monday, January 09, 2006

Ruby interpreter crashes with invalid input

Last week I found a bug in ruby's parser, NULL pointer reference will happen when the following program is parsed:

C:\ruby-1.8.4-i386-mswin32\bin>ruby -e 'def a=.a=;end'
-e:1: identifier a= is not valid
-e:1: [BUG] Segmentation fault ruby 1.8.4 (2005-12-24) [i386-mswin32]
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

Now it was fixed in CVS.

This is not a serious security problem. I tried to find if it will result in a remote DOS vulnerability in Ruby on Rails, but find nothing.


Blogger joegilbert6071 said...

I read over your blog, and i found it inquisitive, you may find My Blog interesting. So please Click Here To Read My Blog

11:45 AM  

Post a Comment

<< Home