io-event 1.14.5 → 1.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6141a80c8923fb24a4073f61f45a2e2f8065e4f2b415108caa39229efe37d0b
-  data.tar.gz: 298a552f835530283020945d5005912263d0dc3042271fbc5eeb84d3f00b8bda
+  metadata.gz: 9fe7dd3dfb4c546053629b992abb50bbeda10d0149fc5b331c1e930379441478
+  data.tar.gz: cb1ba0e99fa681daa746d2c235beec989e2e6cb82d255dcc4ba18b0b85178544
 SHA512:
-  metadata.gz: 64566ccf2e42e38dde477984ae4c511d2c673b1869e266f49ecda467ddcccef28167a345dcca11126e05e0345ebe58b550981e1c135ca982a8ad7b56d5748418
-  data.tar.gz: c56c85168138319c4c527843484bfbbd7a3b685e72bf546aa32e6c01d6476ccc32e3f073aa1062d8699e916eba1d78de7fe263caff00db376c522c220ddc1aa1
+  metadata.gz: 8b14c4daf4e03541e971447c19497a708cb3588a23fa14cd235517bc1932e27005f6eca8a9ffb7f509900b95f75135912ad936b04e6f0bdeaad1cf6e59321853
+  data.tar.gz: 827b0313e900636ee96016f905550f2443e522d769a2d1c93b165c0c1896a279a19bb895b094028dd1dd359f8cd29702c20fd4be500f5e3c03cc96e589bef07b

data/ext/io/event/selector/epoll.c

@@ -615,6 +615,11 @@ VALUE io_read_loop(VALUE _arguments) {
 	size_t offset = arguments->offset;
 	size_t total = 0;
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		ssize_t result = read(arguments->descriptor, (char*)base+offset, maximum_size);
@@ -713,6 +718,11 @@ VALUE io_write_loop(VALUE _arguments) {
 		rb_raise(rb_eRuntimeError, "Length exceeds size of buffer!");
 	}
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		ssize_t result = write(arguments->descriptor, (char*)base+offset, maximum_size);

data/ext/io/event/selector/kqueue.c

@@ -605,6 +605,11 @@ VALUE io_read_loop(VALUE _arguments) {
 	
 	if (DEBUG_IO_READ) fprintf(stderr, "io_read_loop(fd=%d, length=%zu)\n", arguments->descriptor, length);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		if (DEBUG_IO_READ) fprintf(stderr, "read(%d, +%ld, %ld)\n", arguments->descriptor, offset, maximum_size);
@@ -713,6 +718,11 @@ VALUE io_write_loop(VALUE _arguments) {
 	
 	if (DEBUG_IO_WRITE) fprintf(stderr, "io_write_loop(fd=%d, length=%zu)\n", arguments->descriptor, length);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		if (DEBUG_IO_WRITE) fprintf(stderr, "write(%d, +%ld, %ld, length=%zu)\n", arguments->descriptor, offset, maximum_size, length);

data/ext/io/event/selector/selector.c

@@ -106,8 +106,19 @@ VALUE IO_Event_Selector_loop_resume(struct IO_Event_Selector *backend, VALUE fib
 
 VALUE IO_Event_Selector_loop_yield(struct IO_Event_Selector *backend)
 {
-	// TODO Why is this assertion failing in async?
-	// RUBY_ASSERT(backend->loop != IO_Event_Fiber_current());
+	// Under normal operation, a user fiber yields back to the event loop fiber.
+	// However, in some cases (e.g. blocking IO called from within the scheduler
+	// fiber itself), the current fiber may already be the loop fiber. In that case,
+	// transferring to ourselves would be a no-op in Ruby, but it signals a misuse:
+	// the event loop fiber should never need to yield to itself, as nothing else
+	// would be running to resume it. We return immediately rather than self-transferring.
+	if (backend->loop == IO_Event_Fiber_current()) {
+		// Uncomment to investigate the callsite that triggers this condition:
+		// rb_warning("IO_Event_Selector_loop_yield: current fiber is the loop fiber");
+		// rb_funcall(rb_mKernel, rb_intern("puts"), 1, rb_funcall(rb_cThread, rb_intern("current"), 0));
+		return Qnil;
+	}
+
 	return IO_Event_Fiber_transfer(backend->loop, 0, NULL);
 }
 

data/ext/io/event/selector/uring.c

@@ -710,6 +710,11 @@ VALUE IO_Event_Selector_URing_io_read(VALUE self, VALUE fiber, VALUE io, VALUE b
 	size_t total = 0;
 	off_t from = io_seekable(descriptor);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	
 	// Are we performing a non-blocking read?
@@ -775,6 +780,11 @@ VALUE IO_Event_Selector_URing_io_pread(VALUE self, VALUE fiber, VALUE io, VALUE
 	size_t total = 0;
 	off_t from = NUM2OFFT(_from);
 	
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+	
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		int result = io_read(selector, fiber, descriptor, (char*)base+offset, maximum_size, from);
@@ -892,6 +902,11 @@ VALUE IO_Event_Selector_URing_io_write(VALUE self, VALUE fiber, VALUE io, VALUE
 		rb_raise(rb_eRuntimeError, "Length exceeds size of buffer!");
 	}
 
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		int result = io_write(selector, fiber, descriptor, (char*)base+offset, maximum_size, from);
@@ -947,6 +962,11 @@ VALUE IO_Event_Selector_URing_io_pwrite(VALUE self, VALUE fiber, VALUE io, VALUE
 		rb_raise(rb_eRuntimeError, "Length exceeds size of buffer!");
 	}
 
+	// Ensure offset is within the bounds of the buffer to avoid size_t underflow and out-of-bounds pointer arithmetic on (char *)base + offset.
+	if (offset > size) {
+		return rb_fiber_scheduler_io_result(-1, EINVAL);
+	}
+
 	size_t maximum_size = size - offset;
 	while (maximum_size) {
 		int result = io_write(selector, fiber, descriptor, (char*)base+offset, maximum_size, from);

data/lib/io/event/selector/select.rb

@@ -188,6 +188,11 @@ module IO::Event
 			# @parameter length [Integer] The minimum number of bytes to read.
 			# @parameter offset [Integer] The offset into the buffer to read to.
 			def io_read(fiber, io, buffer, length, offset = 0)
+				# Ensure offset is within the bounds of the buffer to avoid ArgumentError
+				if offset > buffer.size
+					return -Errno::EINVAL::Errno
+				end
+				
 				total = 0
 				
 				Selector.nonblock(io) do
@@ -218,6 +223,11 @@ module IO::Event
 			# @parameter length [Integer] The minimum number of bytes to write.
 			# @parameter offset [Integer] The offset into the buffer to write from.
 			def io_write(fiber, io, buffer, length, offset = 0)
+				# Ensure offset is within the bounds of the buffer to avoid ArgumentError
+				if offset > buffer.size
+					return -Errno::EINVAL::Errno
+				end
+				
 				total = 0
 				
 				Selector.nonblock(io) do
@@ -278,12 +288,14 @@ module IO::Event
 					duration = 0
 				end
 				
+				closed = nil
 				readable = Array.new
 				writable = Array.new
 				priority = Array.new
 				
 				@waiting.delete_if do |io, waiter|
 					if io.closed?
+						(closed ||= Array.new) << waiter
 						true
 					else
 						waiter.each do |fiber, events|
@@ -304,6 +316,14 @@ module IO::Event
 					end
 				end
 				
+				closed&.each do |waiter|
+					waiter.each do |fiber, _|
+						fiber.raise(IOError, "closed stream") if fiber.alive?
+					rescue
+						# The fiber didn't handle the exception; it is now terminated.
+					end
+				end
+				
 				duration = 0 unless @ready.empty?
 				error = nil
 				
@@ -328,7 +348,26 @@ module IO::Event
 				end
 				
 				if error
-					# Requeue the error into the pending exception queue:
+					# `IO.select` can raise both IOError and Errno::EBADF when one of the given IOs is closed. In that case, we enumerate all waiting IOs to find the closed one(s) and raise on their waiters. Then, we return 0 so the event loop retries cleanly.
+					if error.is_a?(IOError) || error.is_a?(Errno::EBADF)
+						closed = []
+						@waiting.delete_if do |io, waiter|
+							if io.closed?
+								waiter.each{|fiber, _| closed << fiber if fiber.alive?}
+								true
+							end
+						end
+						
+						closed.each do |fiber|
+							fiber.raise(IOError, "closed stream")
+						rescue
+							# The fiber didn't handle the exception; it is now terminated.
+						end
+						
+						return 0
+					end
+					
+					# For all other errors (e.g. thread interrupts), re-queue on the scheduler thread:
 					Thread.current.raise(error)
 					return 0
 				end
@@ -336,15 +375,17 @@ module IO::Event
 				ready = Hash.new(0).compare_by_identity
 				
 				readable&.each do |io|
-					ready[io] |= IO::READABLE
+					# Skip any IO that was closed/reused after IO.select returned - its fd number
+					# may now belong to a different file, so resuming the waiter would be wrong:
+					ready[io] |= IO::READABLE unless io.closed?
 				end
 				
 				writable&.each do |io|
-					ready[io] |= IO::WRITABLE
+					ready[io] |= IO::WRITABLE unless io.closed?
 				end
 				
 				priority&.each do |io|
-					ready[io] |= IO::PRIORITY
+					ready[io] |= IO::PRIORITY unless io.closed?
 				end
 				
 				ready.each do |io, events|

data/lib/io/event/version.rb

@@ -7,6 +7,6 @@
 class IO
 	# @namespace
 	module Event
-		VERSION = "1.14.5"
+		VERSION = "1.15.0"
 	end
 end

data/readme.md

@@ -18,6 +18,10 @@ Please see the [project documentation](https://socketry.github.io/io-event/) for
 
 Please see the [project releases](https://socketry.github.io/io-event/releases/index) for all releases.
 
+### v1.15.0
+
+  - Add bounds checks, in the unlikely event of a user providing an invalid offset that exceeds the buffer size. This prevents potential memory corruption and ensures safe operation when using buffered IO methods.
+
 ### v1.14.4
 
   - Allow `epoll_pwait2` to be disabled via `--disable-epoll_pwait2`.
@@ -55,10 +59,6 @@ Please see the [project releases](https://socketry.github.io/io-event/releases/i
 
   - Improved `IO::Event::Profiler` for detecting stalls.
 
-### v1.8.0
-
-  - Detecting fibers that are stalling the event loop.
-
 ## Contributing
 
 We welcome contributions to this project.

data/releases.md

@@ -1,5 +1,9 @@
 # Releases
 
+## v1.15.0
+
+  - Add bounds checks, in the unlikely event of a user providing an invalid offset that exceeds the buffer size. This prevents potential memory corruption and ensures safe operation when using buffered IO methods.
+
 ## v1.14.4
 
   - Allow `epoll_pwait2` to be disabled via `--disable-epoll_pwait2`.

data.tar.gz.sig

@@ -1,2 +1,2 @@
-����7��$�Y�2+4�5�|��������a�8��
��:�{,�!���.��1+�+ #`r1jH=!>>{D�p�C�gZs�_�J�J(�*�-�s_v+
-�e
��)�E`�uAA���hf5�#����K5�pu�1&����?Kg�|�|�P$2�d����&pl�R��66\��8�硍~������-+S�kW���?�bMf�P��>����3|��=�)�=�e罉�����l����r���;f�`i++)iҊ��F���M��V��Z�^�7P{}��<&��s4�b��sxt)d�D�U���'9�T}b���w(G�L
+!�_�!Մ_M�C���qg�y��[2����|.�_	6����@�e�ѲC\tK]~z���(��U��tx�Iz@��,ﰛt��/7A&���5�Ų��Z��,��i�q�����>�
IŝC��!��uap?Z�Z�fx4z�j,ԿmX%����7I�-N~|*պV��͎��E#P�}�����*Y��'(��ōK�E��ɫen>�S^�b���QȶNw�M�<lDZm������[��+e�����]��C���kl�} �PR�$�_�j�;cC�����$�yt�嫭�&����՚��i-̎4IӔc�h)T�	[�d��e�N\�:���Kއ�E3�W�v(پD?�&�1��%�_��y���U�7�
+ptn�nn

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: io-event
 version: !ruby/object:Gem::Version
-  version: 1.14.5
+  version: 1.15.0
 platform: ruby
 authors:
 - Samuel Williams