develooper Front page | perl.perl5.porters | Postings from April 2016

[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896

Thread Previous
From:
Father Chrysostomos via RT
Date:
April 22, 2016 13:37
Subject:
[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896
Message ID:
rt-4.0.18-2188-1461332254-79.127956-15-0@perl.org
On Fri Apr 22 01:38:07 2016, smylers@stripey.com wrote:
> Brian Carpenter writes:
> 
> > While fuzzing Perl v5.24.0-RC1-2-gde1d2c7 with American Fuzzy Lop, I
> > discovered that perl -e '$0=$.^=*.=$0=0' causes a null pointer
> > dereference and crash. This crash affects Perl v5.14.2 as well.
> 
> Smaller case that still yields the crash, without special variables:
> 
>   perl -e '$x ^= *x = 0'
> 
> Also:
>   
>   perl -e '$x |= *x = 0'
> 
> But not:
> 
>   perl -e '$x &= *x = 0'
>   Can't coerce UNKNOWN to string in bitwise and (&) at -e line 1.

That UNKNOWN is an internal fallback value that should never be seen.  I would say this last case is just as buggy.  It smells like a stack issue.


-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=127956

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About