develooper Front page | perl.perl5.porters | Postings from August 2016

Re: [perl #129069] Fuzzer-detected use-after-free in Perl_yylex

Thread Previous | Thread Next
Dan Collins
August 25, 2016 00:44
Re: [perl #129069] Fuzzer-detected use-after-free in Perl_yylex
Message ID:
I tried to add tests by using fresh_perl_is() and adding the tests to
t/op/lex.t. I can confirm that the tests are "right" because they fail
without the patch and succeed with the patch when run under libdislocator,
which causes the tests to segfault. However, valgrind doesn't catch any
issues in either case - I don't think it follows child processes. The
errors don't appear under eval, so that isn't an option either.

Come to think of it, running the testsuite under libdislocator as well as
valgrind would probably be a good idea.

On Wed, Aug 24, 2016 at 6:22 PM, Brian Carpenter via RT <> wrote:

> On Wed, Aug 24, 2016 at 5:17 PM, Father Chrysostomos via RT <
>> wrote:
> > RT Error
> > No permission to view ticket
> >
> > Which ticket did you mean?
> >
> >
> #129021 is a bug that I reported to the security list on 20 August 2016.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About