=== Oj stack buffer overflow variant analysis (CVE-2026-54502) === ROOT=/data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle SOURCE_REPO=/data/pruva/project-cache/dc167dac-a6d2-43f6-837d-84c9d571596f/repo VULN_COMMIT=4587e87e23adc9a4163834dc8c9ba9d7206c6501 FIXED_COMMIT=ec368dbe936ef0104b782e4b0f67b17d6c7276f7 LATEST_COMMIT=b0677dccb6d3e3dc260d19e1f1c2c3913f378afc ruby 3.3.8 (2025-04-09 revision b200bad6cd) [x86_64-linux-gnu] Cloning into '/data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/artifacts/oj-latest'... done. Note: switching to 'bbde91a679728f94c4492ebc3683f4fa3309049f'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by switching back to a branch. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -c with the switch command. Example: git switch -c Or undo this operation with: git switch - Turn off this advice by setting config variable advice.detachedHead to false Building vulnerable at 4587e87e23adc9a4163834dc8c9ba9d7206c6501... HEAD is now at 4587e87 Fix reentrant parser (#1013) Building fixed at ec368dbe936ef0104b782e4b0f67b17d6c7276f7... HEAD is now at ec368db Fix stack limits (#1014) Building latest at b0677dccb6d3e3dc260d19e1f1c2c3913f378afc... Previous HEAD position was bbde91a Fix intern.c and fast.c (#1015) HEAD is now at b0677dc Clang formatted Running vuln_dump... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 109: 4860 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_dump outcome: segfault Running fixed_dump... fixed_dump outcome: rejected Running latest_dump... latest_dump outcome: rejected Running vuln_string_writer... vuln_string_writer outcome: unknown Running fixed_string_writer... fixed_string_writer outcome: rejected Running latest_string_writer... latest_string_writer outcome: rejected Running vuln_stream_writer... vuln_stream_writer outcome: unknown Running fixed_stream_writer... fixed_stream_writer outcome: rejected Running latest_stream_writer... latest_stream_writer outcome: rejected Running vuln_default_options... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 109: 4920 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_default_options outcome: segfault Running fixed_default_options... fixed_default_options outcome: rejected Running latest_default_options... latest_default_options outcome: rejected Running vuln_negative_indent... vuln_negative_indent outcome: ok Running fixed_negative_indent... fixed_negative_indent outcome: ok Running latest_negative_indent... latest_negative_indent outcome: ok Running vuln_bignum_indent... vuln_bignum_indent outcome: rejected Running fixed_bignum_indent... fixed_bignum_indent outcome: rejected Running latest_bignum_indent... latest_bignum_indent outcome: rejected === RESULTS === vuln_dump => segfault fixed_dump => rejected latest_dump => rejected vuln_string_writer => unknown fixed_string_writer => rejected latest_string_writer => rejected vuln_stream_writer => unknown fixed_stream_writer => rejected latest_stream_writer => rejected vuln_default_options => segfault fixed_default_options => rejected latest_default_options => rejected vuln_negative_indent => ok fixed_negative_indent => ok latest_negative_indent => ok vuln_bignum_indent => rejected fixed_bignum_indent => rejected latest_bignum_indent => rejected BYPASS_FOUND: false === Oj stack buffer overflow variant analysis (CVE-2026-54502) === ROOT=/data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle SOURCE_REPO=/data/pruva/project-cache/dc167dac-a6d2-43f6-837d-84c9d571596f/repo VULN_COMMIT=4587e87e23adc9a4163834dc8c9ba9d7206c6501 FIXED_COMMIT=ec368dbe936ef0104b782e4b0f67b17d6c7276f7 LATEST_COMMIT=b0677dccb6d3e3dc260d19e1f1c2c3913f378afc ruby 3.3.8 (2025-04-09 revision b200bad6cd) [x86_64-linux-gnu] Building vulnerable at 4587e87e23adc9a4163834dc8c9ba9d7206c6501... HEAD is now at 4587e87 Fix reentrant parser (#1013) Building fixed at ec368dbe936ef0104b782e4b0f67b17d6c7276f7... HEAD is now at ec368db Fix stack limits (#1014) Building latest at b0677dccb6d3e3dc260d19e1f1c2c3913f378afc... HEAD is now at b0677dc Clang formatted Running vuln_dump... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 5761 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_dump outcome: segfault Running fixed_dump... fixed_dump outcome: rejected Running latest_dump... latest_dump outcome: rejected Running vuln_string_writer... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 5777 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_string_writer outcome: segfault Running fixed_string_writer... fixed_string_writer outcome: rejected Running latest_string_writer... latest_string_writer outcome: rejected Running vuln_stream_writer... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 5793 Aborted (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_stream_writer outcome: segfault Running fixed_stream_writer... fixed_stream_writer outcome: rejected Running latest_stream_writer... latest_stream_writer outcome: rejected Running vuln_default_options... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 5809 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_default_options outcome: segfault Running fixed_default_options... fixed_default_options outcome: rejected Running latest_default_options... latest_default_options outcome: rejected Running vuln_negative_indent... vuln_negative_indent outcome: ok Running fixed_negative_indent... fixed_negative_indent outcome: ok Running latest_negative_indent... latest_negative_indent outcome: ok Running vuln_bignum_indent... vuln_bignum_indent outcome: rejected Running fixed_bignum_indent... fixed_bignum_indent outcome: rejected Running latest_bignum_indent... latest_bignum_indent outcome: rejected === RESULTS === vuln_dump => segfault fixed_dump => rejected latest_dump => rejected vuln_string_writer => segfault fixed_string_writer => rejected latest_string_writer => rejected vuln_stream_writer => segfault fixed_stream_writer => rejected latest_stream_writer => rejected vuln_default_options => segfault fixed_default_options => rejected latest_default_options => rejected vuln_negative_indent => ok fixed_negative_indent => ok latest_negative_indent => ok vuln_bignum_indent => rejected fixed_bignum_indent => rejected latest_bignum_indent => rejected BYPASS_FOUND: false === Oj stack buffer overflow variant analysis (CVE-2026-54502) === ROOT=/data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle SOURCE_REPO=/data/pruva/project-cache/dc167dac-a6d2-43f6-837d-84c9d571596f/repo VULN_COMMIT=4587e87e23adc9a4163834dc8c9ba9d7206c6501 FIXED_COMMIT=ec368dbe936ef0104b782e4b0f67b17d6c7276f7 LATEST_COMMIT=b0677dccb6d3e3dc260d19e1f1c2c3913f378afc ruby 3.3.8 (2025-04-09 revision b200bad6cd) [x86_64-linux-gnu] Building vulnerable at 4587e87e23adc9a4163834dc8c9ba9d7206c6501... HEAD is now at 4587e87 Fix reentrant parser (#1013) Building fixed at ec368dbe936ef0104b782e4b0f67b17d6c7276f7... HEAD is now at ec368db Fix stack limits (#1014) Building latest at b0677dccb6d3e3dc260d19e1f1c2c3913f378afc... HEAD is now at b0677dc Clang formatted Running vuln_dump... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 6640 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_dump outcome: segfault Running fixed_dump... fixed_dump outcome: rejected Running latest_dump... latest_dump outcome: rejected Running vuln_string_writer... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 6656 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_string_writer outcome: segfault Running fixed_string_writer... fixed_string_writer outcome: rejected Running latest_string_writer... latest_string_writer outcome: rejected Running vuln_stream_writer... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 6672 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_stream_writer outcome: segfault Running fixed_stream_writer... fixed_stream_writer outcome: rejected Running latest_stream_writer... latest_stream_writer outcome: rejected Running vuln_default_options... /data/pruva/runs/d11e15df-2ae7-42be-b98d-398ba7d8e0c5/bundle/vuln_variant/reproduction_steps.sh: line 107: 6688 Segmentation fault (core dumped) ruby -I"$dir/lib" -e "$test_script" >> "$log" 2>&1 vuln_default_options outcome: segfault Running fixed_default_options... fixed_default_options outcome: rejected Running latest_default_options... latest_default_options outcome: rejected Running vuln_negative_indent... vuln_negative_indent outcome: ok Running fixed_negative_indent... fixed_negative_indent outcome: ok Running latest_negative_indent... latest_negative_indent outcome: ok Running vuln_bignum_indent... vuln_bignum_indent outcome: rejected Running fixed_bignum_indent... fixed_bignum_indent outcome: rejected Running latest_bignum_indent... latest_bignum_indent outcome: rejected === RESULTS === vuln_dump => segfault fixed_dump => rejected latest_dump => rejected vuln_string_writer => segfault fixed_string_writer => rejected latest_string_writer => rejected vuln_stream_writer => segfault fixed_stream_writer => rejected latest_stream_writer => rejected vuln_default_options => segfault fixed_default_options => rejected latest_default_options => rejected vuln_negative_indent => ok fixed_negative_indent => ok latest_negative_indent => ok vuln_bignum_indent => rejected fixed_bignum_indent => rejected latest_bignum_indent => rejected BYPASS_FOUND: false