develooper Front page | perl.perl5.porters | Postings from September 2016

[perl #129167] null ptr deref, segfault in Perl_pp_negate pp.c:2549

From:
Brian Carpenter
Date:
September 1, 2016 18:35
Subject:
[perl #129167] null ptr deref, segfault in Perl_pp_negate pp.c:2549
Message ID:
rt-4.0.24-2820-1472754910-1559.129167-75-0@perl.org
# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #129167]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=129167 >


v5.25.4-27-gf16e7fa

./perl -e '-splice@a,$#a=0'

==11739==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000c (pc 0x0000009c9e00 bp 0x6210000113b8 sp 0x7ffc656105c0 T0)
    #0 0x9c9dff in Perl_pp_negate /home/geeknik/perl/pp.c:2549:5
    #1 0x7f2623 in Perl_runops_debug /home/geeknik/perl/dump.c:2234:23
    #2 0x5a10c6 in S_run_body /home/geeknik/perl/perl.c:2525:2
    #3 0x5a10c6 in perl_run /home/geeknik/perl/perl.c:2448
    #4 0x4de6cd in main /home/geeknik/perl/perlmain.c:123:9
    #5 0x7fb0491e6b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c:287
    #6 0x4de33c in _start (/home/geeknik/perl/perl+0x4de33c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/geeknik/perl/pp.c:2549 Perl_pp_negate
==11739==ABORTING

Program received signal SIGSEGV, Segmentation fault.
0x000000000054d9cb in Perl_pp_negate () at pp.c:2549
2549        tryAMAGICun_MG(neg_amg, AMGf_numeric);
(gdb) bt
#0  0x000000000054d9cb in Perl_pp_negate () at pp.c:2549
#1  0x00000000004d6262 in Perl_runops_debug () at dump.c:2234
#2  0x0000000000452e97 in S_run_body (oldscope=1) at perl.c:2525
#3  perl_run (my_perl=<optimized out>) at perl.c:2448
#4  0x0000000000421835 in main (argc=3, argv=0x7fffffffe6c8, env=0x7fffffffe6e8) at perlmain.c:123

==19494== Invalid read of size 4
==19494==    at 0x54D9CB: Perl_pp_negate (pp.c:2549)
==19494==    by 0x4D6261: Perl_runops_debug (dump.c:2234)
==19494==    by 0x452E96: S_run_body (perl.c:2525)
==19494==    by 0x452E96: perl_run (perl.c:2448)
==19494==    by 0x421834: main (perlmain.c:123)
==19494==  Address 0xc is not stack'd, malloc'd or (recently) free'd
==19494==
==19494==
==19494== Process terminating with default action of signal 11 (SIGSEGV)
==19494==  Access not within mapped region at address 0xC
==19494==    at 0x54D9CB: Perl_pp_negate (pp.c:2549)
==19494==    by 0x4D6261: Perl_runops_debug (dump.c:2234)
==19494==    by 0x452E96: S_run_body (perl.c:2525)
==19494==    by 0x452E96: perl_run (perl.c:2448)
==19494==    by 0x421834: main (perlmain.c:123)
==19494==  If you believe this happened as a result of a stack
==19494==  overflow in your program's main thread (unlikely but
==19494==  possible), you can try to increase the size of the
==19494==  main thread stack using the --main-stacksize= flag.
==19494==  The main thread stack size used in this run was 8388608.
Segmentation fault




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About