develooper Front page | perl.perl5.porters | Postings from August 2013

[perl #119481] SvVALID does not check SVpad_OUR

Thread Previous
From:
rurban @ cpanel . net
Date:
August 27, 2013 15:27
Subject:
[perl #119481] SvVALID does not check SVpad_OUR
Message ID:
rt-3.6.HEAD-1873-1377617250-1998.119481-75-0@perl.org
# New Ticket Created by  rurban@cpanel.net 
# Please include the string:  [perl #119481]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org:443/rt3/Ticket/Display.html?id=119481 >



This is a bug report for perl from rurban@cpanel.net,
generated with the help of perlbug 1.39 running under perl 5.19.4.


-----------------------------------------------------------------
It was safe to use B::PV->PVBM on strings, even when it was only a PV
without attached Boyer-Moore table, because B::PV->PVBM had a SvVALID check
on the sv.
But now the SVpad_NAME shares the same bit with SVpbm_VALID,
and SvPAD_OUR = SVpad_NAME|SVpad_OUR and more.

The SvVALID check misses to check for OUR and STATE and TYPED
pads.

#define SvPAD_TYPED_on(sv)	(SvFLAGS(sv) |= SVpad_NAME|SVpad_TYPED)
#define SvPAD_OUR_on(sv)	(SvFLAGS(sv) |= SVpad_NAME|SVpad_OUR)
#define SvPAD_STATE_on(sv)	(SvFLAGS(sv) |= SVpad_NAME|SVpad_STATE)

but
#define SvVALID(sv)		(SvFLAGS(sv) & SVpbm_VALID)

See https://code.google.com/p/perl-compiler/issues/detail?id=131
which caused a heap use-after-free error when accessing a non-existing
BM table on a OUR string.

-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.19.4:

Configured by rurban at Mon Aug 26 09:51:00 CDT 2013.

Summary of my perl5 (revision 5 version 19 subversion 4) configuration:
  Commit id: 3d05c417eba682336a5e9cb3f82b17c0154225c7
  Platform:
    osname=linux, osvers=3.9-1-amd64, archname=x86_64-linux-debug@3d05c417
    uname='linux reini 3.9-1-amd64 #1 smp debian 3.9.8-1 x86_64 gnulinux '
    config_args='-de -Dusedevel -Uversiononly -Dinstallman1dir=none -Dinstallman3dir=none -Dinstallsiteman1dir=none -Dinstallsiteman3dir=none -DEBUGGING -Doptimize=-g3 -Uuseithreads -Accflags=''-msse4.2'' -Accflags=''-march=corei7'' -Dcf_email=''rurban@cpanel.net'' -Dperladmin=''rurban@cpanel.net'''
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-msse4.2 -march=corei7 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-g3',
    cppflags='-msse4.2 -march=corei7 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.7.3', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib
    libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.17'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -g3 -L/usr/local/lib -fstack-protector'


---
@INC for perl 5.19.4:
    /usr/local/lib/perl5/site_perl/5.19.4/x86_64-linux-debug@3d05c417
    /usr/local/lib/perl5/site_perl/5.19.4
    /usr/local/lib/perl5/5.19.4/x86_64-linux-debug@3d05c417
    /usr/local/lib/perl5/5.19.4
    /usr/local/lib/perl5/site_perl/5.19.3
    /usr/local/lib/perl5/site_perl/5.19.2
    /usr/local/lib/perl5/site_perl/5.18.1
    /usr/local/lib/perl5/site_perl/5.18.0
    /usr/local/lib/perl5/site_perl/5.17.11
    /usr/local/lib/perl5/site_perl/5.17.10
    /usr/local/lib/perl5/site_perl/5.17.8
    /usr/local/lib/perl5/site_perl/5.17.7
    /usr/local/lib/perl5/site_perl/5.17.6
    /usr/local/lib/perl5/site_perl/5.17.5
    /usr/local/lib/perl5/site_perl/5.17.4
    /usr/local/lib/perl5/site_perl/5.17.3
    /usr/local/lib/perl5/site_perl/5.17.2
    /usr/local/lib/perl5/site_perl/5.17.1
    /usr/local/lib/perl5/site_perl/5.17.0
    /usr/local/lib/perl5/site_perl/5.17
    /usr/local/lib/perl5/site_perl/5.16.3
    /usr/local/lib/perl5/site_perl/5.16.2
    /usr/local/lib/perl5/site_perl/5.16.1
    /usr/local/lib/perl5/site_perl/5.16.0
    /usr/local/lib/perl5/site_perl/5.15.9
    /usr/local/lib/perl5/site_perl/5.15.8
    /usr/local/lib/perl5/site_perl/5.15.7
    /usr/local/lib/perl5/site_perl/5.15.6
    /usr/local/lib/perl5/site_perl/5.15.5
    /usr/local/lib/perl5/site_perl/5.15.4
    /usr/local/lib/perl5/site_perl/5.14.4
    /usr/local/lib/perl5/site_perl/5.14.3
    /usr/local/lib/perl5/site_perl/5.14.2
    /usr/local/lib/perl5/site_perl/5.14.1
    /usr/local/lib/perl5/site_perl/5.12.5
    /usr/local/lib/perl5/site_perl/5.12.4
    /usr/local/lib/perl5/site_perl/5.10.1
    /usr/local/lib/perl5/site_perl/5.8.9
    /usr/local/lib/perl5/site_perl/5.8.8
    /usr/local/lib/perl5/site_perl/5.8.7
    /usr/local/lib/perl5/site_perl/5.8.6
    /usr/local/lib/perl5/site_perl/5.8.5
    /usr/local/lib/perl5/site_perl/5.8.4
    /usr/local/lib/perl5/site_perl/5.8.3
    /usr/local/lib/perl5/site_perl/5.8.2
    /usr/local/lib/perl5/site_perl/5.8.1
    /usr/local/lib/perl5/site_perl/5.6.2
    /usr/local/lib/perl5/site_perl
    .

---
Environment for perl 5.19.4:
    HOME=/home/rurban
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/rurban/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
    PERL_BADLANG (unset)
    SHELL=/bin/bash


Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About