develooper Front page | perl.perl5.porters | Postings from February 2015

Re: [perl #123677] 31 byte one liner crashes Perl5.21.9

Thread Previous | Thread Next
From:
wolfsage
Date:
February 9, 2015 17:45
Subject:
Re: [perl #123677] 31 byte one liner crashes Perl5.21.9
Message ID:
CAJ0K8bhcw6MvYs0q9PwJ8FC+7f5Rkz=LWL-7269hJubW8rJOCA@mail.gmail.com
On Mon, Feb 9, 2015 at 12:34 PM, Father Chrysostomos via RT
<perlbug-followup@perl.org> wrote:
> Well, it is certainly interesting.  The first one stops abruptly at the buffer overflow.  Presumably it crashed because of the bug that 05d7009fff fixed.  The second one shows definitely buggy output.
>
> When the overflow happens, nextval overflows into nexttype and nexttype overflows into nexttoke.  Since nexttoke is an offset into the nexttype and nextval arrays, it is possible to read ahead into save_curcop, which is a memory address.  That would explain why the bug is intermittent.
>
> I suspect this bug is *old* and predates -DT output.
>

Yeah. Thanks for the explanations. I'm done digging I think :)

-- Matthew Horsfall (alh)

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About