Wednesday, January 18, 2012

ruby: gem install dies with buffer overflow

In hopes the Google machine will help some other poor hapless soul who stumbles across the same problem...

At work, I'm trying to use vlad-push to do pushes of current code to remote hosts.  I found a few bugs, fixed, them on my Mac, minted a new gem, and then tried to make a RPM at work using the newly built gemfile.  This fails spectacularly anytime you try to parse the gemfile's metadata, like so:

[nhruby@rpmbuilder1 rubygem-vlad-push]$ gem specification vlad-push-1.1.0.gem
*** buffer overflow detected ***: /usr/bin/ruby terminated
======= Backtrace: =========
/lib64/libc.so.6(__chk_fail+0x2f)[0x36cf6e807f]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(rb_syck_mktime+0x48e)[0x2aaaaade298e]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(yaml_org_handler+0x860)[0x2aaaaade32a0]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(syck_defaultresolver_node_import+0x39)[0x2aaaaade34a9]
/usr/lib64/libruby.so.1.8[0x322503492e] 
/usr/lib64/libruby.so.1.8[0x3225034e48] 
/usr/lib64/libruby.so.1.8[0x32250353f2] 
/usr/lib64/libruby.so.1.8(rb_funcall+0x85)[0x32250356c5]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(rb_syck_load_handler+0x47)[0x2aaaaade2437]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(syck_hdlr_add_node+0x39)[0x2aaaaaddd839]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(syckparse+0xb45)[0x2aaaaadde605]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(syck_parse+0x19)[0x2aaaaade6d29]
/usr/lib64/ruby/1.8/x86_64-linux/syck.so(syck_parser_load+0xed)[0x2aaaaade22ad]
/usr/lib64/libruby.so.1.8[0x322503492e] 
 
On my Mac I use rbenv and had 1.9.3-p0 installed, which spits out a "date:" value in the metadata YAML that causes older version of ruby's YAML parser to crash on Linux systems with hardened glibc builds (more details found here). 

Switching rbenv to use ruby 1.8.7 fixes the issue to produce a date field with saner value that older ruby version (such as those on CentOS/RHEL 5) can cope with.