develooper Front page | perl.perl5.porters | Postings from September 2011

[perl #98294] regex engine state corruption in 5.14.1

Thread Previous | Thread Next
Brandon Shilling
September 2, 2011 16:09
[perl #98294] regex engine state corruption in 5.14.1
Message ID:
# New Ticket Created by  Brandon Shilling 
# Please include the string:  [perl #98294]
# in the subject line of all future correspondence about this issue. 
# <URL: >

This is a bug report for perl from,
generated with the help of perlbug 1.39 running under perl 5.10.1.


NOTE: This was tested on perl 5.14.1 as well (using ActivePerl-
and the bug is present in 5.14.1.

There is a bug whereby the a regex which should evaluate to true fails based on 
a previous (unrelated) regex.

Consider the following code:


my $x = 'aaa none aaa';
my $y = '';
print "1\n" if 'yyy' =~ /$y/;
$x =~ /none/i;
print "2\n" if 'yyy' =~ /$y/;


Evaluating this code should print a 1 on one line followed by a 2 on the next line.  
Unfortunetly, because we did the $x =~ /none/ and that successfully made a regex match,
the conditional '' =~ /$y/ to print 2 evaluates to false (which is incorrect).  As 
far as I can tell, this situation must have the following sequence:

1. Make a successful regex match (ex 'asdf something asdf' =~ /something/)
2. Match something when the emtpty regex (ex 'anything' =~ //)

Note that normal scoping rules apply thus this cascades down into a subroutine.  
Consider the following code (which also illicits the bug):

my $x = 'aaa none aaa';
$x =~ /none/i;

sub match_empty_and_print_number 
    my $num = shift;
    my $y = '';
    print "$num\n" if 'yyy' =~ /$y/;

As you can see, the result of this bug is that all regexes matching empty from 
this point forward no longer work.  

[Please do not change anything below this line]
Site configuration information for perl 5.10.1:

Configured by Debian Project at Fri Apr 22 18:53:20 UTC 2011.

Summary of my perl5 (revision 5 version 10 subversion 1) configuration:
    osname=linux, osvers=2.6.24-28-server, archname=x86_64-linux-gnu-thread-multi
    uname='linux allspice 2.6.24-28-server #1 smp wed aug 18 21:17:51 utc 2010 x86_64 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.1 -Dsitearch=/usr/local/lib/perl/5.10.1 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.4.3', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/, so=so, useshrplib=true,
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector'

Locally applied patches:

@INC for perl 5.10.1:

Environment for perl 5.10.1:
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)

Brandon Shilling
Director, Vulnerability Research
Digital Defense, Inc.

9000 Tesoro Drive, Suite 100
San Antonio, Texas 78217-6132
P:  210-582-6163
F:  210-822-9216

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About