Front page | perl.perl5.porters |
Postings from August 2016
On Wed Aug 24 18:13:52 2016, tonyc wrote:
> On Wed Aug 24 17:44:41 2016, dcollinsn@gmail.com wrote:
> > I tried to add tests by using fresh_perl_is() and adding the tests to
> > t/op/lex.t. I can confirm that the tests are "right" because they
> > fail
> > without the patch and succeed with the patch when run under
> > libdislocator,
> > which causes the tests to segfault. However, valgrind doesn't catch
> > any
> > issues in either case - I don't think it follows child processes. The
> > errors don't appear under eval, so that isn't an option either.
>
> My patch on the security ticket (I don't think this is a security
> issue
> but no-one responded on the security list) uses runperl() directly,
> I couldn't get it to fail with fresh_perl_is(), which uses a file
> instead
> of -e to run the script:
>
> +{
> + # RT #129021 - heap use after free
> + # caught by valgrind or with libdislocator
> + is(runperl(prog => 'do 00000', stderr => 1), "", "heap use after
> free");
> +}
>
> For valgrind to detect it you need to get runperl() to use valgrind,
> so
> you'd set:
>
> PERL_RUNPERL_DEBUG='valgrind -q'
>
> before running the test, for my testing I was doing:
>
> PERL_RUNPERL_DEBUG='valgrind -q' ./perl op/do.t
>
> I'm not sure basing the position off PL_bufptr is correct, skipspace()
> doesn't necessarily preserve it relative to the start of PL_linestr:
>
> if (PL_linestart > PL_bufptr)
> PL_bufptr = PL_linestart;
>
> but FatherC would know better.
Duh. Yes. Thank you for pointing out my thinko (not noticing this). Dan Collins is right that SvPVX(PL_linestr) is the right thing to use.
--
Father Chrysostomos
---
via perlbug: queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=129069
Thread Previous
|
Thread Next