Front page | perl.perl5.porters |
Postings from September 2016
[perl #129267] Possible string overrun with invalid len in gv.c
Thread Next
From:
Todd Rinaldo
Date:
September 13, 2016 18:19
Subject:
[perl #129267] Possible string overrun with invalid len in gv.c
Message ID:
rt-4.0.24-17527-1473790745-1737.129267-75-0@perl.org
# New Ticket Created by "Todd Rinaldo"
# Please include the string: [perl #129267]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/Ticket/Display.html?id=129267 >
This is a bug report for perl from toddr@cpan.org,
generated with the help of perlbug 1.40 running under perl 5.22.1.
-----------------------------------------------------------------
[Please describe your issue here]
We ran across this issue during B::C development. It turns out that if
the wrong len (too short OR too long) is passed into
Perl_gv_fetchmethod_pvn_flags, then you end up with a seg fault when
it eventually hits memory it doesn't own. I am not saying there is any
known problem in Perl, but IMO this should still be cleaned up.
for (nend = name; *nend || nend != (origname + len); nend++) {
if (*nend == '\'') {
nsplit = nend;
name = nend + 1;
}
else if (*nend == ':' && *(nend + 1) == ':') {
nsplit = nend++;
name = nend + 1;
}
}
I did not search for other examples. I thought it might be best to
open a discussion before proceeding on any work.
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=low
---
Site configuration information for perl 5.22.1:
Configured by cPanel at Sun Aug 28 23:44:24 CDT 2016.
Summary of my perl5 (revision 5 version 22 subversion 1) configuration:
Platform:
osname=linux, osvers=3.10.0-123.20.1.el7.x86_64, archname=x86_64-linux-64int
uname='linux rpmbuild-64-centos-7.dev.cpanel.net
3.10.0-123.20.1.el7.x86_64 #1 smp thu jan 29 18:05:33 utc 2015 x86_64
x86_64 x86_64 gnulinux '
config_args='-des -Dusedevel -Darchname=x86_64-linux-64int
-Dcc=/usr/bin/gcc -Dcpp=/usr/bin/cpp -DDEBUGGING=none -Doptimize=-Os
-Dusemymalloc=n -Duseshrplib -Duselargefiles=yes -Duseposix=true
-Dhint=recommended -Duseperlio=yes -Dccflags=-DPERL_DISABLE_PMC
-I/usr/local/cpanel/3rdparty/perl/522/include
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-I/usr/local/cpanel/3rdparty/include
-L/usr/local/cpanel/3rdparty/lib64
-Dcppflags=-I/usr/local/cpanel/3rdparty/perl/522/include
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-I/usr/local/cpanel/3rdparty/include
-L/usr/local/cpanel/3rdparty/lib64 -Dldflags=-Wl,-rpath
-Wl,/usr/local/cpanel/3rdparty/perl/522/lib64
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-L/usr/local/cpanel/3rdparty/lib64
-Dprefix=/usr/local/cpanel/3rdparty/perl/522
-Dsiteprefix=/opt/cpanel/perl5/522 -Dsitebin=/opt/cpanel/perl5/522/bin
-Dsitelib=/opt/cpanel/perl5/522/site_lib -Dusevendorprefix=true
-Dvendorbin=/usr/local/cpanel/3rdparty/perl/522/bin
-Dvendorprefix=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5
-Dvendorlib=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib
-Dprivlib=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1
-Dman1dir=none -Dman3dir=none
-Dscriptdir=/usr/local/cpanel/3rdparty/perl/522/bin
-Dscriptdirexp=/usr/local/cpanel/3rdparty/perl/522/bin
-Dsiteman1dir=none -Dsiteman3dir=none -Dinstallman1dir=none
-Dversiononly=no -Dinstallusrbinperl=no -Dcf_by=cPanel
-Dmyhostname=localhost -Dperladmin=root@localhost
-Dcf_email=support@cpanel.net
-Di_dbm=/usr/local/cpanel/3rdparty/include
-Di_gdbm=/usr/local/cpanel/3rdparty/include
-Di_ndbm=/usr/local/cpanel/3rdparty/include -DDB_File=true -Ud_dosuid
-Uuserelocatableinc -Umad -Uusethreads -Uusemultiplicity -Uusesocks
-Uuselongdouble -Aldflags=-L/usr/local/cpanel/3rdparty/perl/522/lib64
-L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64 -lgdbm
-Dlocincpth=/usr/local/cpanel/3rdparty/perl/522/include
/usr/local/cpanel/3rdparty/include /usr/local/include -Duse64bitint
-Uuse64bitall -Acflags=-fPIC -DPIC -m64
-I/usr/local/cpanel/3rdparty/perl/522/include
/usr/local/cpanel/3rdparty/include
-Dlibpth=/usr/local/cpanel/3rdparty/perl/522/lib64
/usr/local/cpanel/3rdparty/lib64 /usr/local/lib64 /usr/local/lib
/lib64 /usr/lib64 '
hint=recommended, useposix=true, d_sigaction=define
useithreads=undef, usemultiplicity=undef
use64bitint=define, use64bitall=undef, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='/usr/bin/gcc', ccflags ='-DPERL_DISABLE_PMC
-I/usr/local/cpanel/3rdparty/perl/522/include
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-I/usr/local/cpanel/3rdparty/include
-L/usr/local/cpanel/3rdparty/lib64 -fwrapv -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2',
optimize='-Os',
cppflags='-I/usr/local/cpanel/3rdparty/perl/522/include
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-I/usr/local/cpanel/3rdparty/include
-L/usr/local/cpanel/3rdparty/lib64 -DPERL_DISABLE_PMC
-I/usr/local/cpanel/3rdparty/perl/522/include
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-I/usr/local/cpanel/3rdparty/include
-L/usr/local/cpanel/3rdparty/lib64 -fwrapv -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include'
ccversion='', gccversion='4.8.2 20140120 (Red Hat 4.8.2-16)',
gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8,
byteorder=12345678, doublekind=3
d_longlong=define, longlongsize=8, d_longdbl=define,
longdblsize=16, longdblkind=3
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld='/usr/bin/gcc', ldflags ='-Wl,-rpath
-Wl,/usr/local/cpanel/3rdparty/perl/522/lib64
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-L/usr/local/cpanel/3rdparty/lib64
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64 -lgdbm
-fstack-protector-strong -L/usr/local/lib'
libpth=/usr/local/cpanel/3rdparty/perl/522/lib64
/usr/local/cpanel/3rdparty/lib64 /usr/local/lib64 /usr/local/lib
/lib64 /usr/lib64 /usr/local/lib /usr/lib /lib/../lib64
/usr/lib/../lib64 /lib
libs=-lpthread -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
libc=libc-2.17.so, so=so, useshrplib=true, libperl=libperl.so
gnulibc_version='2.17'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
-Wl,-rpath,/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1/x86_64-linux-64int/CORE'
cccdlflags='-fPIC', lddlflags='-shared -Os
-L/usr/local/cpanel/3rdparty/perl/522/lib64
-L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64
-L/usr/local/lib -fstack-protector-strong'
Locally applied patches:
cPanel patches
cPanel INC path changes
Remove . from @INC
---
@INC for perl 5.22.1:
/usr/local/cpanel
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/x86_64-linux-64int
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1/x86_64-linux-64int
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1
/opt/cpanel/perl5/522/site_lib/x86_64-linux-64int
/opt/cpanel/perl5/522/site_lib
---
Environment for perl 5.22.1:
HOME=/root
LANG=en_US.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/local/cpanel/3rdparty/perl/524/bin:/usr/local/cpanel/bin:/usr/local/cpanel/3rdparty/bin:/usr/local/cpanel/3rdparty/perl/524/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/cpanel/perl5/524/bin
PERL_BADLANG (unset)
SHELL=/bin/zsh
Thread Next
-
[perl #129267] Possible string overrun with invalid len in gv.c
by Todd Rinaldo