develooper Front page | perl.perl5.porters | Postings from September 2016

[perl #129164] null ptr deref, segfault in Perl_pp_add pp_hot.c:597

From:
Brian Carpenter
Date:
September 1, 2016 18:00
Subject:
[perl #129164] null ptr deref, segfault in Perl_pp_add pp_hot.c:597
Message ID:
rt-4.0.24-1869-1472752817-519.129164-75-0@perl.org
# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #129164]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=129164 >


Perl v5.25.4-27-gf16e7fa

./perl -e '$#b=()x0;0+splice@b'

==95532==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000c (pc 0x0000008af771 bp 0x0c32000012d2 sp 0x7fff14ca0410 T0)
    #0 0x8af770 in Perl_pp_add /home/geeknik/perl/pp_hot.c:597:5
    #1 0x7f2623 in Perl_runops_debug /home/geeknik/perl/dump.c:2234:23
    #2 0x5a10c6 in S_run_body /home/geeknik/perl/perl.c:2525:2
    #3 0x5a10c6 in perl_run /home/geeknik/perl/perl.c:2448
    #4 0x4de6cd in main /home/geeknik/perl/perlmain.c:123:9
    #5 0x7f8ae49a7b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c:287
    #6 0x4de33c in _start (/home/geeknik/perl/perl+0x4de33c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/geeknik/perl/pp_hot.c:597 Perl_pp_add
==95532==ABORTING

Program received signal SIGSEGV, Segmentation fault.
0x00000000008af7df in Perl_pp_add () at pp_hot.c:597
597     tryAMAGICbin_MG(add_amg, AMGf_assign|AMGf_numeric);
(gdb) bt
#0  0x00000000008af7df in Perl_pp_add () at pp_hot.c:597
#1  0x00000000007f26a4 in Perl_runops_debug () at dump.c:2234
#2  0x00000000005a10c7 in S_run_body (oldscope=<optimized out>) at perl.c:2525
#3  perl_run (my_perl=<optimized out>) at perl.c:2448
#4  0x00000000004de6ce in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:123

==20742== Invalid read of size 4
==20742==    at 0x500FC3: Perl_pp_add (pp_hot.c:597)
==20742==    by 0x4D6261: Perl_runops_debug (dump.c:2234)
==20742==    by 0x452E96: S_run_body (perl.c:2525)
==20742==    by 0x452E96: perl_run (perl.c:2448)
==20742==    by 0x421834: main (perlmain.c:123)
==20742==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==20742==
==20742==
==20742== Process terminating with default action of signal 11 (SIGSEGV)
==20742==  Access not within mapped region at address 0xC
==20742==    at 0x500FC3: Perl_pp_add (pp_hot.c:597)
==20742==    by 0x4D6261: Perl_runops_debug (dump.c:2234)
==20742==    by 0x452E96: S_run_body (perl.c:2525)
==20742==    by 0x452E96: perl_run (perl.c:2448)
==20742==    by 0x421834: main (perlmain.c:123)
==20742==  If you believe this happened as a result of a stack
==20742==  overflow in your program's main thread (unlikely but
==20742==  possible), you can try to increase the size of the
==20742==  main thread stack using the --main-stacksize= flag.
==20742==  The main thread stack size used in this run was 8388608.
Segmentation fault




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About