Front page | perl.perl5.porters |
Postings from February 2015
# New Ticket Created by Hugo van der Sanden
# Please include the string: [perl #123852]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/Ticket/Display.html?id=123852 >
AFL (<http://lcamtuf.coredump.cx/afl/>) finds this:
% ./miniperl -ce 'qr{()(?1)}n'
Reference to nonexistent group in regex; marked by <-- HERE in m/()(?1) <-- HERE / at -e line 1.
Segmentation fault (core dumped)
%
This turned out to be malloc-chain corruption, caused by this line in S_reg at regcomp.c:10539:
RExC_close_parens[parno-1]= ender;
.. with parno == 0.
I think the below is probably the ideal fix, and will push that in a day or so.
Hugo
--- a/regcomp.c
+++ b/regcomp.c
@@ -10450,6 +10450,8 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I32 paren, I32 *f
Set_Node_Offset(ret, RExC_parse); /* MJD */
is_open = 1;
} else {
+ /* with RXf_PMf_NOCAPTURE treat (...) as (?:...) */
+ paren = ':';
ret = NULL;
}
}
Thread Previous