develooper Front page | perl.perl5.porters | Postings from February 2015

[perl #123677] 31 byte one liner crashes Perl5.21.9

Thread Previous
Father Chrysostomos via RT
February 8, 2015 01:39
[perl #123677] 31 byte one liner crashes Perl5.21.9
Message ID:
On Mon Jan 26 03:40:33 2015, wrote:
> Good morning. The fuzzing attack against Perl continues with an interesting
> (at least to me) test case.

Yes, very interesting.

> Test case:
> s)$0{0h());qx(@0);qx(@0);qx(@0)

This is a case where a syntax error causes scopes to be popped when the lexing state is LEX_KNOWNEXT, and it changes to LEX_NORMAL, somehow corrupting the pending token stack.  I suspect the fix will be to eliminate the LEX_KNOWNEXT state and check the number of items on the pending token stack instead.


Father Chrysostomos

via perlbug:  queue: perl5 status: new

Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About