Front page | perl.perl5.porters |
Postings from August 2013
On Wed Aug 28 14:09:51 2013, andrewn@locus.net wrote:
>
> This is a bug report for perl from andrewn@locus.net,
> generated with the help of perlbug 1.39 running under perl 5.19.4.
>
>
> -----------------------------------------------------------------
> [Please describe your issue here]
>
> $ ./perl -e '/\7777777777/'
> Segmentation fault
>
> This is caused by a negative backreference in the compiled regex when
> the
> following code returns a negative number:
>
> regcomp.c:10690: num = atoi(RExC_parse);
>
> This bug was discovered in our production system running perl-5.8.8-
> 40.el5_9
> (CentOS5), confirmed on a developer's ActivePerl 5.16.2 (Windows7),
> and
> debugged/reported on the current git.
>
> The following patch does not properly correct the parsing of large
> integers,
> but it should at least die cleanly instead of segfaulting:
>
> diff --git a/regcomp.c b/regcomp.c
> index 5a1e234..3854569 100644
> --- a/regcomp.c
> +++ b/regcomp.c
> @@ -10688,6 +10688,9 @@ tryagain:
> goto parse_named_seq;
> } }
> num = atoi(RExC_parse);
> + if(num < 0) {
> + vFAIL("Integer wrapped?");
> + }
> if (isg && num == 0) {
> if (*RExC_parse == '0') {
> vFAIL("Reference to invalid group 0");
>
>
Confirmed in blead.
#####
$ ./perl -Ilib -v | head -2 | tail -1
This is perl 5, version 19, subversion 4 (v5.19.4
(v5.19.3-148-g5b90322)) built for x86_64-linux
$ ./perl -e '/\7777777777/'
Segmentation fault
#####
At the very least, we would need to add a regression test before
applying this patch.
Thank you very much.
Jim Keenan
---
via perlbug: queue: perl5 status: new
https://rt.perl.org:443/rt3/Ticket/Display.html?id=119505
Thread Previous