develooper Front page | perl.perl5.porters | Postings from September 2016

[perl #129166] null ptr deref, segfault in Perl_pp_subtractpp.c:1894

Thread Previous
From:
Brian Carpenter
Date:
September 1, 2016 18:21
Subject:
[perl #129166] null ptr deref, segfault in Perl_pp_subtractpp.c:1894
Message ID:
rt-4.0.24-1869-1472754043-614.129166-75-0@perl.org
# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #129166]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=129166 >


Perl v5.25.4-27-gf16e7fa

./perl -e '@0=()-splice@a,$#a=0or@0'

==35420==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000c (pc 0x0000009bcd41 bp 0x0c32000012d2 sp 0x7ffe63e7dbd0 T0)
    #0 0x9bcd40 in Perl_pp_subtract /home/geeknik/perl/pp.c:1894:5
    #1 0x7f2623 in Perl_runops_debug /home/geeknik/perl/dump.c:2234:23
    #2 0x5a10c6 in S_run_body /home/geeknik/perl/perl.c:2525:2
    #3 0x5a10c6 in perl_run /home/geeknik/perl/perl.c:2448
    #4 0x4de6cd in main /home/geeknik/perl/perlmain.c:123:9
    #5 0x7f501b7f1b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c:287
    #6 0x4de33c in _start (/home/geeknik/perl/perl+0x4de33c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/geeknik/perl/pp.c:1894 Perl_pp_subtract
==35420==ABORTING

Program received signal SIGSEGV, Segmentation fault.
0x00000000009bcdc1 in Perl_pp_subtract () at pp.c:1894
1894        tryAMAGICbin_MG(subtr_amg, AMGf_assign|AMGf_numeric);
(gdb) bt
#0  0x00000000009bcdc1 in Perl_pp_subtract () at pp.c:1894
#1  0x00000000007f26a4 in Perl_runops_debug () at dump.c:2234
#2  0x00000000005a10c7 in S_run_body (oldscope=<optimized out>) at perl.c:2525
#3  perl_run (my_perl=<optimized out>) at perl.c:2448
#4  0x00000000004de6ce in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:123


==17125== Invalid read of size 4
==17125==    at 0x54A013: Perl_pp_subtract (pp.c:1894)
==17125==    by 0x4D6261: Perl_runops_debug (dump.c:2234)
==17125==    by 0x452E96: S_run_body (perl.c:2525)
==17125==    by 0x452E96: perl_run (perl.c:2448)
==17125==    by 0x421834: main (perlmain.c:123)
==17125==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==17125==
==17125==
==17125== Process terminating with default action of signal 11 (SIGSEGV)
==17125==  Access not within mapped region at address 0xC
==17125==    at 0x54A013: Perl_pp_subtract (pp.c:1894)
==17125==    by 0x4D6261: Perl_runops_debug (dump.c:2234)
==17125==    by 0x452E96: S_run_body (perl.c:2525)
==17125==    by 0x452E96: perl_run (perl.c:2448)
==17125==    by 0x421834: main (perlmain.c:123)
==17125==  If you believe this happened as a result of a stack
==17125==  overflow in your program's main thread (unlikely but
==17125==  possible), you can try to increase the size of the
==17125==  main thread stack using the --main-stacksize= flag.
==17125==  The main thread stack size used in this run was 8388608.
Segmentation fault


Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About