Front page | perl.perl5.porters |
Postings from September 2011
[perl #98294] regex engine state corruption in 5.14.1
Thread Previous
|
Thread Next
From:
Brandon Shilling
Date:
September 2, 2011 16:09
Subject:
[perl #98294] regex engine state corruption in 5.14.1
Message ID:
rt-3.6.HEAD-31297-1314963431-470.98294-75-0@perl.org
# New Ticket Created by Brandon Shilling
# Please include the string: [perl #98294]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org:443/rt3/Ticket/Display.html?id=98294 >
This is a bug report for perl from brandon.shilling@ddifrontline.com,
generated with the help of perlbug 1.39 running under perl 5.10.1.
-----------------------------------------------------------------
NOTE: This was tested on perl 5.14.1 as well (using ActivePerl-5.14.1.1401-x86_64-linux-glibc-2.3.5-294969)
and the bug is present in 5.14.1.
There is a bug whereby the a regex which should evaluate to true fails based on
a previous (unrelated) regex.
Consider the following code:
-=-=-=-=-=-=-=-
my $x = 'aaa none aaa';
my $y = '';
print "1\n" if 'yyy' =~ /$y/;
$x =~ /none/i;
print "2\n" if 'yyy' =~ /$y/;
-=-=-=-=-=-=-=-
Evaluating this code should print a 1 on one line followed by a 2 on the next line.
Unfortunetly, because we did the $x =~ /none/ and that successfully made a regex match,
the conditional '' =~ /$y/ to print 2 evaluates to false (which is incorrect). As
far as I can tell, this situation must have the following sequence:
1. Make a successful regex match (ex 'asdf something asdf' =~ /something/)
2. Match something when the emtpty regex (ex 'anything' =~ //)
Note that normal scoping rules apply thus this cascades down into a subroutine.
Consider the following code (which also illicits the bug):
my $x = 'aaa none aaa';
match_empty_and_print_number('1');
$x =~ /none/i;
match_empty_and_print_number('2');
sub match_empty_and_print_number
{
my $num = shift;
my $y = '';
print "$num\n" if 'yyy' =~ /$y/;
}
As you can see, the result of this bug is that all regexes matching empty from
this point forward no longer work.
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=medium
---
Site configuration information for perl 5.10.1:
Configured by Debian Project at Fri Apr 22 18:53:20 UTC 2011.
Summary of my perl5 (revision 5 version 10 subversion 1) configuration:
Platform:
osname=linux, osvers=2.6.24-28-server, archname=x86_64-linux-gnu-thread-multi
uname='linux allspice 2.6.24-28-server #1 smp wed aug 18 21:17:51 utc 2010 x86_64 gnulinux '
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.1 -Dsitearch=/usr/local/lib/perl/5.10.1 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.1 -Dd_dosuid -des'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2 -g',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
ccversion='', gccversion='4.4.3', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
perllibs=-ldl -lm -lpthread -lc -lcrypt
libc=/lib/libc-2.11.1.so, so=so, useshrplib=true, libperl=libperl.so.5.10.1
gnulibc_version='2.11.1'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector'
Locally applied patches:
---
@INC for perl 5.10.1:
/etc/perl
/usr/local/lib/perl/5.10.1
/usr/local/share/perl/5.10.1
/usr/lib/perl5
/usr/share/perl5
/usr/lib/perl/5.10
/usr/share/perl/5.10
/usr/local/lib/site_perl
.
---
Environment for perl 5.10.1:
HOME=/home/frznstars
LANG=en_US.utf8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
PERL_BADLANG (unset)
SHELL=/bin/bash
Brandon Shilling
Director, Vulnerability Research
Digital Defense, Inc.
9000 Tesoro Drive, Suite 100
San Antonio, Texas 78217-6132
P: 210-582-6163
F: 210-822-9216
W: http://www.ddifrontline.com
Thread Previous
|
Thread Next