develooper Front page | perl.perl5.porters | Postings from January 2016

[perl #127426] commit "utf8.h, et.al.: Clean up some casts" causes"../t/re/pat_advanced.t .. panic: my_snprintf buffer overflow"

Thread Previous
From:
bulk88
Date:
January 29, 2016 18:41
Subject:
[perl #127426] commit "utf8.h, et.al.: Clean up some casts" causes"../t/re/pat_advanced.t .. panic: my_snprintf buffer overflow"
Message ID:
rt-4.0.18-2783-1454092841-330.127426-75-0@perl.org
# New Ticket Created by  bulk88 
# Please include the string:  [perl #127426]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=127426 >


This is a bug report for perl from bulk88@hotmail.com,
generated with the help of perlbug 1.40 running under perl 5.23.6.


-----------------------------------------------------------------
[Please describe your issue here]

Tried a DEBUGGING build, first DEBUGGING smoke in a while, with VC 2003, 
didn't try any other VCs with DEBUGGING to see if it is reproducible and 
dont really care.

bisected to 
http://perl5.git.perl.org/perl.git/commitdiff/4c8cd60559ce65964c5e42f43021ce23dc89819e

I've made 2 branches to show the last good commit and the first bad 
commit, due to the VC2003 preprocessor CC crash in 
https://rt.perl.org/Ticket/Display.html?id=126045 I had to apply the 
tonyc patches to both branches. Since I want put the the RT number in 
the branch name, I can't cant push the branches until this ticket is 
created.


--------------------------------------------
C:\perl521\src\win32>cd ..\t   & perl harness -v 
..\t\re\pat_advanced.t   & cd .
.\win32
../t/re/pat_advanced.t .. panic: my_snprintf buffer overflow at 
../t/re/pat_adva
nced.t line 492.
Dubious, test returned 255 (wstat 65280, 0xff00)
No subtests run

Test Summary Report
-------------------
../t/re/pat_advanced.t (Wstat: 65280 Tests: 0 Failed: 0)
  Non-zero exit status: 255
  Parse errors: No plan found in TAP output
Files=1, Tests=0, 33 wallclock secs ( 0.05 usr +  0.00 sys =  0.05 CPU)
Result: FAIL

C:\perl521\src\win32>
--------------------------------------------


buffer after vsnprintf fills it and fails/truncates
--------------------------------------------
    buffer    0x0012ed74 "FFFF\N{U+"    char *
    len    4    const unsigned int
    format    0x2828a304 "%02X."    const char *
--------------------------------------------
        
The argument "NATIVE_TO_LATIN1(*str)" passed to my_snprintf is 
0xffffffe7 or -25.

With this call stack _vsnprintf returns -1 eventually causing the panic 
in Perl_my_snprintf.
--------------------------------------------
    msvcr71.dll!_output(_iobuf * stream=0x0012ebb0, const char * 
format=0x2828a304, char * argptr=0x0012ec04)  Line 1070    C
     msvcr71.dll!_vsnprintf(char * string=0x0012ed70, unsigned int 
count=0x00000004, const char * format=0x2828a304, char * ap=0x0012ec04)  
Line 101 + 0x1f    C
     perl523.dll!Perl_my_snprintf(char * buffer=0x0012ed70, const 
unsigned int len=0x00000004, const char * format=0x2828a304, ...)  Line 
5226 + 0x16    C
     perl523.dll!S_scan_const(interpreter * my_perl=0x00383de4, char * 
start=0x00c61cd4)  Line 3597 + 0x1a    C
     perl523.dll!Perl_yylex(interpreter * my_perl=0x00383de4)  Line 4776 
+ 0x16    C
     perl523.dll!Perl_yyparse(interpreter * my_perl=0x00383de4, int 
gramtype=0x00000102)  Line 322 + 0x9    C
     perl523.dll!S_parse_body(interpreter * my_perl=0x00383de4, char * * 
env=0x00384d90, void (interpreter *)* xsinit=0x28268990)  Line 2312 + 
0xe    C
     perl523.dll!perl_parse(interpreter * my_perl=0x00383de4, void 
(interpreter *)* xsinit=0x28268990, int argc=0x00000002, char * * 
argv=0x00382c90, char * * env=0x00384d90)  Line 1634 + 0x11    C
     perl523.dll!RunPerl(int argc=0x00000002, char * * argv=0x00382c90, 
char * * env=0x00384d90)  Line 245 + 0x1a    C++
     perl.exe!main(int argc=0x00000002, char * * argv=0x00382c90, char * 
* env=0x00382f28)  Line 39 + 0x12    C
     perl.exe!mainCRTStartup()  Line 398 + 0xe    C
     kernel32.dll!_BaseProcessStart@4()  + 0x23    
--------------------------------------------
Curcop is in re/pat_advanced.t
--------------------------------------------
        ok("Fran\N{LATIN SMALL LETTER C}ais" =~ /Fran.ais/ &&
            $& eq "Francais", $message);
        ok("Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais" =~ /Fran.ais/ &&
            $& eq "Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais", $message);
        ok("Fran\N{LATIN SMALL LETTER C}ais" =~ /Fran\Xais/ &&
            $& eq "Francais", $message);
        ok("Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais" =~ /Fran\Xais/  &&
            $& eq "Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais", $message);
        ok("Franc\N{COMBINING CEDILLA}ais" =~ /Fran\Xais/ &&
            $& eq "Franc\N{COMBINING CEDILLA}ais", $message);
        ok("Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais" =~
           /Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais/  && 
<<<<<<<<<<<<<<HERE
            $& eq "Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais", $message);
        ok("Franc\N{COMBINING CEDILLA}ais" =~ /Franc\N{COMBINING 
CEDILLA}ais/ &&
            $& eq "Franc\N{COMBINING CEDILLA}ais", $message);

        my @f = (
            ["Fran\N{LATIN SMALL LETTER C}ais",                    
"Francais"],
            ["Fran\N{LATIN SMALL LETTER C WITH CEDILLA}ais",
                               "Fran\N{LATIN SMALL LETTER C WITH 
CEDILLA}ais"],
            ["Franc\N{COMBINING CEDILLA}ais", "Franc\N{COMBINING 
CEDILLA}ais"],
        );
--------------------------------------------

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=high
---
This perlbug was built using Perl 5.23.6 - Thu Jan 28 17:10:24 2016
It is being executed now by  Perl 5.23.6 - Thu Jan 28 17:24:05 2016.

Site configuration information for perl 5.23.6:

Configured by Owner at Thu Jan 28 17:24:05 2016.

Summary of my perl5 (revision 5 version 23 subversion 6) configuration:
  Commit id: 56113e3dbafc3c91bbfd0abbefab97b509053d01
  Platform:
    osname=MSWin32, osvers=5.1, archname=MSWin32-x86-multi-thread
    uname=''
    config_args='undef'
    hint=recommended, useposix=true, d_sigaction=undef
    useithreads=define, usemultiplicity=define
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cl', ccflags ='-nologo -GF -W3 -Od -MD -Zi -DDEBUGGING -DWIN32 
-D_CONSOLE -DNO_STRICT  -DPERL_TEXTMODE_SCRIPTS -DPERL_IMPLICIT_CONTEXT 
-DPERL_IMPLICIT_SYS -D_USE_32BIT_TIME_T',
    optimize='-Od -MD -Zi -DDEBUGGING',
    cppflags='-DWIN32'
    ccversion='13.10.6030', gccversion='', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234, 
doublekind=3
    d_longlong=undef, longlongsize=8, d_longdbl=define, longdblsize=8, 
longdblkind=0
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='__int64', 
lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='link', ldflags ='-nologo -nodefaultlib -debug        
 -libpath:"c:\perl\lib\CORE"         -machine:x86'
    libpth=\lib
    libs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib 
comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib 
netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib version.lib 
odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    perllibs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib 
comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib 
netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib version.lib 
odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    libc=msvcrt.lib, so=dll, useshrplib=true, libperl=perl523.lib
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_win32.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags='-dll -nologo -nodefaultlib -debug        
 -libpath:"c:\perl\lib\CORE"         -machine:x86'


---
@INC for perl 5.23.6:
    C:/perl521/src/lib
    .

---
Environment for perl 5.23.6:
    HOME (unset)
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=C:\perl521\bin;C:\Program Files\Microsoft Visual Studio .NET 
2003\Common7\IDE;C:\Program Files\Microsoft Visual Studio .NET 
2003\VC7\BIN;C:\Program Files\Microsoft Visual Studio .NET 
2003\Common7\Tools;C:\Program Files\Microsoft Visual Studio .NET 
2003\Common7\Tools\bin\prerelease;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;
    PERL_BADLANG (unset)
    SHELL (unset)


Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About