develooper Front page | perl.perl5.porters | Postings from August 2016

[perl #129027] null pointer deref Perl_mess_sv (util.c:1508)

Thread Previous
From:
Brian Carpenter
Date:
August 21, 2016 04:54
Subject:
[perl #129027] null pointer deref Perl_mess_sv (util.c:1508)
Message ID:
rt-4.0.24-26348-1471755230-435.129027-75-0@perl.org
# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #129027]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=129027 >


The following script triggers a null pointer deref (Perl_mess_sv (util.c:1508)) in Perl v5.25.4 (v5.25.3-305-g8c6b0c7). May only affect -DDEBUGGING builds because removing the `D` flag stifles the crash.

#!perl -D200000
${qq$\x5F$}=q 0f0and s 0.0qq e&$&e0ee

free op at 61900000db00, recorded in slab 61500000fa80 at (eval 1) line 1.
ASAN:SIGSEGV
=================================================================
==6436==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000021 (pc 0x0000007fdc8f bp 0x7ffeef401250 sp 0x7ffeef4011a0 T0)
    #0 0x7fdc8e in Perl_mess_sv /root/perl/util.c:1508:6
    #1 0x7fd28b in Perl_vmess /root/perl/util.c:1561:12
    #2 0x7fd28b in Perl_mess /root/perl/util.c:1391
    #3 0x4e0415 in Perl_Slab_Free /root/perl/op.c:442:5
    #4 0x4e215d in Perl_op_free /root/perl/op.c:855:9
    #5 0x4e1da5 in Perl_op_free /root/perl/op.c:837:21
    #6 0xa23982 in Perl_leave_scope /root/perl/scope.c:1109:6
    #7 0xa56785 in S_pop_eval_context_maybe_croak /root/perl/pp_ctl.c:1605:5
    #8 0xa55e46 in Perl_die_unwind /root/perl/pp_ctl.c:1733:13
    #9 0x7ff91f in Perl_vcroak /root/perl/util.c:1791:5
    #10 0x7ff80c in Perl_die /root/perl/util.c:1722:5
    #11 0x8dc64f in Perl_pp_entersub /root/perl/pp_hot.c:3826:13
    #12 0x7f1b53 in Perl_runops_debug /root/perl/dump.c:2234:23
    #13 0x5a0ff6 in S_run_body /root/perl/perl.c:2524:2
    #14 0x5a0ff6 in perl_run /root/perl/perl.c:2447
    #15 0x4de68d in main /root/perl/perlmain.c:123:9
    #16 0x7f0c50ba2b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c:287
    #17 0x4de2fc in _start (/root/perl/perl+0x4de2fc)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/perl/util.c:1508 Perl_mess_sv
==6436==ABORTING


Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About