develooper Front page | perl.perl5.porters | Postings from January 2015

[perl #123617] Segfault (stack overflow?) while fuzzing Perl 5.21.8

Thread Previous
From:
Father Chrysostomos via RT
Date:
January 25, 2015 06:08
Subject:
[perl #123617] Segfault (stack overflow?) while fuzzing Perl 5.21.8
Message ID:
rt-4.0.18-8651-1422166095-393.123617-15-0@perl.org
On Sat Jan 17 17:09:43 2015, hv wrote:
> A perl built with debugging gives:
> 
> % ./perl test.pl
> perl: toke.c:2430: S_sublex_done: Assertion `(PL_parser->lex_inwhat)
> == OP_SUBST || (PL_parser->lex_inwhat) == OP_TRANS' failed.
> Aborted (core dumped)
>  %
> 
> Here's a shorter testcase (which doesn't clarify much):
> 
> % cat test.pl
> "$a{m/""$b
> / m ss
> ";@c = split /x/
>  %
> 
> We seem to have a PL_lex_repl with PL_lex_inwhat == OP_MATCH, which
> clearly
> can't happen.

This is no doubt related to my two favourite japhs:

s||${s/.*/|;
/s}Just another Perl hacker,
print

"${;s/.*/Just an";
other Perl hacker,
/s} die or return;
print

I don’t remember exactly how they work.  At the time I wrote them I based them on the interesting implementation details I saw in toke.c, which had something to do with PL_sublex_info.sub_inwhat.

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=123617

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About