develooper Front page | perl.perl5.porters | Postings from February 2015

[perl #123677] 31 byte one liner crashes Perl5.21.9

Thread Previous
From:
Father Chrysostomos via RT
Date:
February 8, 2015 01:39
Subject:
[perl #123677] 31 byte one liner crashes Perl5.21.9
Message ID:
rt-4.0.18-19477-1423359559-864.123677-15-0@perl.org
On Mon Jan 26 03:40:33 2015, brian.carpenter@gmail.com wrote:
> Good morning. The fuzzing attack against Perl continues with an interesting
> (at least to me) test case.

Yes, very interesting.

> Test case:
> s)$0{0h());qx(@0);qx(@0);qx(@0)

This is a case where a syntax error causes scopes to be popped when the lexing state is LEX_KNOWNEXT, and it changes to LEX_NORMAL, somehow corrupting the pending token stack.  I suspect the fix will be to eliminate the LEX_KNOWNEXT state and check the number of items on the pending token stack instead.

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=123677

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About