[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896

Front page | perl.perl5.porters | Postings from April 2016

[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896

Thread Next

From:

Brian Carpenter

Date:

April 22, 2016 07:35

Subject:

[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896

Message ID:

rt-4.0.18-3332-1461310490-1061.127956-75-0@perl.org

# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #127956]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=127956 >


While fuzzing Perl v5.24.0-RC1-2-gde1d2c7 with American Fuzzy Lop, I discovered that perl -e '$0=$.^=*.=$0=0' causes a null pointer dereference and crash. This crash affects Perl v5.14.2 as well.

Program received signal SIGSEGV, Segmentation fault.
Perl_sv_setpvn (sv=sv@entry=0x1201948, ptr=ptr@entry=0xed4da7 "", len=len@entry=0) at sv.c:4896
4896        dptr[len] = '\0';
(gdb) bt
#0  Perl_sv_setpvn (sv=sv@entry=0x1201948, ptr=ptr@entry=0xed4da7 "", len=len@entry=0) at sv.c:4896
#1  0x0000000000c2a6f3 in Perl_do_vop (optype=optype@entry=93, sv=sv@entry=0x1201948,
    left=left@entry=0x1201948, right=right@entry=0x1201930) at doop.c:1011
#2  0x0000000000a763a1 in Perl_pp_bit_or () at pp.c:2491
#3  0x00000000007ff5d4 in Perl_runops_debug () at dump.c:2239
#4  0x0000000000539034 in S_run_body (oldscope=1) at perl.c:2483
#5  perl_run (my_perl=<optimized out>) at perl.c:2406
#6  0x000000000042eac8 in main (argc=3, argv=0x7fffffffe658, env=0x7fffffffe678) at perlmain.c:116
(gdb) list
4891        }
4892        SvUPGRADE(sv, SVt_PV);
4893
4894        dptr = SvGROW(sv, len + 1);
4895        Move(ptr,dptr,len,char);
4896        dptr[len] = '\0';
4897        SvCUR_set(sv, len);
4898        (void)SvPOK_only_UTF8(sv);          /* validate pointer */
4899        SvTAINT(sv);
4900        if (SvTYPE(sv) == SVt_PVCV) CvAUTOLOAD_off(sv);

Thread Next

[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Brian Carpenter

Re: [perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Zefram

[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Father Chrysostomos via RT

Re: [perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Smylers

[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Father Chrysostomos via RT

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About