Front page | perl.perl5.porters |
Postings from September 2016
Re: [perl #129267] Possible string overrun with invalid len in gv.c
Thread Previous
|
Thread Next
From:
demerphq
Date:
September 13, 2016 18:26
Subject:
Re: [perl #129267] Possible string overrun with invalid len in gv.c
Message ID:
CANgJU+UMuCz6qqWF=re8K2ufPmQA08zEcc1S2F-=v4dAAytXDg@mail.gmail.com
On 13 Sep 2016 14:19, "Todd Rinaldo" <perlbug-followup@perl.org> wrote:
>
> # New Ticket Created by "Todd Rinaldo"
> # Please include the string: [perl #129267]
> # in the subject line of all future correspondence about this issue.
> # <URL: https://rt.perl.org/Ticket/Display.html?id=129267 >
>
>
> This is a bug report for perl from toddr@cpan.org,
> generated with the help of perlbug 1.40 running under perl 5.22.1.
>
>
> -----------------------------------------------------------------
> [Please describe your issue here]
>
>
> We ran across this issue during B::C development. It turns out that if
> the wrong len (too short OR too long) is passed into
> Perl_gv_fetchmethod_pvn_flags, then you end up with a seg fault when
> it eventually hits memory it doesn't own. I am not saying there is any
> known problem in Perl, but IMO this should still be cleaned up.
I agree. It looks wrong in several ways.
> for (nend = name; *nend || nend != (origname + len); nend++) {
> if (*nend == '\'') {
> nsplit = nend;
> name = nend + 1;
> }
> else if (*nend == ':' && *(nend + 1) == ':') {
> nsplit = nend++;
> name = nend + 1;
> }
> }
>
> I did not search for other examples. I thought it might be best to
> open a discussion before proceeding on any work.
Not sure what there is to discuss really. Wrong is wrong. ☺️
Yves
> [Please do not change anything below this line]
> -----------------------------------------------------------------
> ---
> Flags:
> category=core
> severity=low
> ---
> Site configuration information for perl 5.22.1:
>
> Configured by cPanel at Sun Aug 28 23:44:24 CDT 2016.
>
> Summary of my perl5 (revision 5 version 22 subversion 1) configuration:
>
> Platform:
> osname=linux, osvers=3.10.0-123.20.1.el7.x86_64,
archname=x86_64-linux-64int
> uname='linux rpmbuild-64-centos-7.dev.cpanel.net
> 3.10.0-123.20.1.el7.x86_64 #1 smp thu jan 29 18:05:33 utc 2015 x86_64
> x86_64 x86_64 gnulinux '
> config_args='-des -Dusedevel -Darchname=x86_64-linux-64int
> -Dcc=/usr/bin/gcc -Dcpp=/usr/bin/cpp -DDEBUGGING=none -Doptimize=-Os
> -Dusemymalloc=n -Duseshrplib -Duselargefiles=yes -Duseposix=true
> -Dhint=recommended -Duseperlio=yes -Dccflags=-DPERL_DISABLE_PMC
> -I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64
> -Dcppflags=-I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -Dldflags=-Wl,-rpath
> -Wl,/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64
> -Dprefix=/usr/local/cpanel/3rdparty/perl/522
> -Dsiteprefix=/opt/cpanel/perl5/522 -Dsitebin=/opt/cpanel/perl5/522/bin
> -Dsitelib=/opt/cpanel/perl5/522/site_lib -Dusevendorprefix=true
> -Dvendorbin=/usr/local/cpanel/3rdparty/perl/522/bin
> -Dvendorprefix=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5
> -Dvendorlib=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib
> -Dprivlib=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1
> -Dman1dir=none -Dman3dir=none
> -Dscriptdir=/usr/local/cpanel/3rdparty/perl/522/bin
> -Dscriptdirexp=/usr/local/cpanel/3rdparty/perl/522/bin
> -Dsiteman1dir=none -Dsiteman3dir=none -Dinstallman1dir=none
> -Dversiononly=no -Dinstallusrbinperl=no -Dcf_by=cPanel
> -Dmyhostname=localhost -Dperladmin=root@localhost
> -Dcf_email=support@cpanel.net
> -Di_dbm=/usr/local/cpanel/3rdparty/include
> -Di_gdbm=/usr/local/cpanel/3rdparty/include
> -Di_ndbm=/usr/local/cpanel/3rdparty/include -DDB_File=true -Ud_dosuid
> -Uuserelocatableinc -Umad -Uusethreads -Uusemultiplicity -Uusesocks
> -Uuselongdouble -Aldflags=-L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64 -lgdbm
> -Dlocincpth=/usr/local/cpanel/3rdparty/perl/522/include
> /usr/local/cpanel/3rdparty/include /usr/local/include -Duse64bitint
> -Uuse64bitall -Acflags=-fPIC -DPIC -m64
> -I/usr/local/cpanel/3rdparty/perl/522/include
> /usr/local/cpanel/3rdparty/include
> -Dlibpth=/usr/local/cpanel/3rdparty/perl/522/lib64
> /usr/local/cpanel/3rdparty/lib64 /usr/local/lib64 /usr/local/lib
> /lib64 /usr/lib64 '
> hint=recommended, useposix=true, d_sigaction=define
> useithreads=undef, usemultiplicity=undef
> use64bitint=define, use64bitall=undef, uselongdouble=undef
> usemymalloc=n, bincompat5005=undef
> Compiler:
> cc='/usr/bin/gcc', ccflags ='-DPERL_DISABLE_PMC
> -I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -fwrapv -fno-strict-aliasing -pipe
> -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2',
> optimize='-Os',
> cppflags='-I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -DPERL_DISABLE_PMC
> -I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -fwrapv -fno-strict-aliasing -pipe
> -fstack-protector-strong -I/usr/local/include'
> ccversion='', gccversion='4.8.2 20140120 (Red Hat 4.8.2-16)',
> gccosandvers=''
> intsize=4, longsize=8, ptrsize=8, doublesize=8,
> byteorder=12345678, doublekind=3
> d_longlong=define, longlongsize=8, d_longdbl=define,
> longdblsize=16, longdblkind=3
> ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
> lseeksize=8
> alignbytes=8, prototype=define
> Linker and Libraries:
> ld='/usr/bin/gcc', ldflags ='-Wl,-rpath
> -Wl,/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64 -lgdbm
> -fstack-protector-strong -L/usr/local/lib'
> libpth=/usr/local/cpanel/3rdparty/perl/522/lib64
> /usr/local/cpanel/3rdparty/lib64 /usr/local/lib64 /usr/local/lib
> /lib64 /usr/lib64 /usr/local/lib /usr/lib /lib/../lib64
> /usr/lib/../lib64 /lib
> libs=-lpthread -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
-lgdbm_compat
> perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
> libc=libc-2.17.so, so=so, useshrplib=true, libperl=libperl.so
> gnulibc_version='2.17'
> Dynamic Linking:
> dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
>
-Wl,-rpath,/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1/x86_64-linux-64int/CORE'
> cccdlflags='-fPIC', lddlflags='-shared -Os
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64
> -L/usr/local/lib -fstack-protector-strong'
>
> Locally applied patches:
> cPanel patches
> cPanel INC path changes
> Remove . from @INC
>
> ---
> @INC for perl 5.22.1:
> /usr/local/cpanel
>
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/x86_64-linux-64int
> /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib
>
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1/x86_64-linux-64int
> /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1
> /opt/cpanel/perl5/522/site_lib/x86_64-linux-64int
> /opt/cpanel/perl5/522/site_lib
>
> ---
> Environment for perl 5.22.1:
> HOME=/root
> LANG=en_US.UTF-8
> LANGUAGE (unset)
> LD_LIBRARY_PATH (unset)
> LOGDIR (unset)
>
PATH=/usr/local/cpanel/3rdparty/perl/524/bin:/usr/local/cpanel/bin:/usr/local/cpanel/3rdparty/bin:/usr/local/cpanel/3rdparty/perl/524/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/cpanel/perl5/524/bin
> PERL_BADLANG (unset)
> SHELL=/bin/zsh
>
Thread Previous
|
Thread Next