develooper Front page | perl.perl5.porters | Postings from September 2016

Re: [perl #129267] Possible string overrun with invalid len in gv.c

Thread Previous | Thread Next
From:
demerphq
Date:
September 13, 2016 18:26
Subject:
Re: [perl #129267] Possible string overrun with invalid len in gv.c
Message ID:
CANgJU+UMuCz6qqWF=re8K2ufPmQA08zEcc1S2F-=v4dAAytXDg@mail.gmail.com
On 13 Sep 2016 14:19, "Todd Rinaldo" <perlbug-followup@perl.org> wrote:
>
> # New Ticket Created by  "Todd Rinaldo"
> # Please include the string:  [perl #129267]
> # in the subject line of all future correspondence about this issue.
> # <URL: https://rt.perl.org/Ticket/Display.html?id=129267 >
>
>
> This is a bug report for perl from toddr@cpan.org,
> generated with the help of perlbug 1.40 running under perl 5.22.1.
>
>
> -----------------------------------------------------------------
> [Please describe your issue here]
>
>
> We ran across this issue during B::C development. It turns out that if
> the wrong len (too short OR too long) is passed into
> Perl_gv_fetchmethod_pvn_flags, then you end up with a seg fault when
> it eventually hits memory it doesn't own. I am not saying there is any
> known problem in Perl, but IMO this should still be cleaned up.

I agree.  It looks wrong in several ways.

>   for (nend = name; *nend || nend != (origname + len); nend++) {
>     if (*nend == '\'') {
>       nsplit = nend;
>       name = nend + 1;
>     }
>     else if (*nend == ':' && *(nend + 1) == ':') {
>       nsplit = nend++;
>       name = nend + 1;
>     }
>   }
>
> I did not search for other examples. I thought it might be best to
> open a discussion before proceeding on any work.

Not sure what there is to discuss really.  Wrong is wrong. ☺️

Yves
> [Please do not change anything below this line]
> -----------------------------------------------------------------
> ---
> Flags:
>     category=core
>     severity=low
> ---
> Site configuration information for perl 5.22.1:
>
> Configured by cPanel at Sun Aug 28 23:44:24 CDT 2016.
>
> Summary of my perl5 (revision 5 version 22 subversion 1) configuration:
>
>   Platform:
>     osname=linux, osvers=3.10.0-123.20.1.el7.x86_64,
archname=x86_64-linux-64int
>     uname='linux rpmbuild-64-centos-7.dev.cpanel.net
> 3.10.0-123.20.1.el7.x86_64 #1 smp thu jan 29 18:05:33 utc 2015 x86_64
> x86_64 x86_64 gnulinux '
>     config_args='-des -Dusedevel -Darchname=x86_64-linux-64int
> -Dcc=/usr/bin/gcc -Dcpp=/usr/bin/cpp -DDEBUGGING=none -Doptimize=-Os
> -Dusemymalloc=n -Duseshrplib -Duselargefiles=yes -Duseposix=true
> -Dhint=recommended -Duseperlio=yes -Dccflags=-DPERL_DISABLE_PMC
> -I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64
> -Dcppflags=-I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -Dldflags=-Wl,-rpath
> -Wl,/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64
> -Dprefix=/usr/local/cpanel/3rdparty/perl/522
> -Dsiteprefix=/opt/cpanel/perl5/522 -Dsitebin=/opt/cpanel/perl5/522/bin
> -Dsitelib=/opt/cpanel/perl5/522/site_lib -Dusevendorprefix=true
> -Dvendorbin=/usr/local/cpanel/3rdparty/perl/522/bin
> -Dvendorprefix=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5
> -Dvendorlib=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib
> -Dprivlib=/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1
> -Dman1dir=none -Dman3dir=none
> -Dscriptdir=/usr/local/cpanel/3rdparty/perl/522/bin
> -Dscriptdirexp=/usr/local/cpanel/3rdparty/perl/522/bin
> -Dsiteman1dir=none -Dsiteman3dir=none -Dinstallman1dir=none
> -Dversiononly=no -Dinstallusrbinperl=no -Dcf_by=cPanel
> -Dmyhostname=localhost -Dperladmin=root@localhost
> -Dcf_email=support@cpanel.net
> -Di_dbm=/usr/local/cpanel/3rdparty/include
> -Di_gdbm=/usr/local/cpanel/3rdparty/include
> -Di_ndbm=/usr/local/cpanel/3rdparty/include -DDB_File=true -Ud_dosuid
> -Uuserelocatableinc -Umad -Uusethreads -Uusemultiplicity -Uusesocks
> -Uuselongdouble -Aldflags=-L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64 -lgdbm
> -Dlocincpth=/usr/local/cpanel/3rdparty/perl/522/include
> /usr/local/cpanel/3rdparty/include /usr/local/include  -Duse64bitint
> -Uuse64bitall -Acflags=-fPIC -DPIC -m64
> -I/usr/local/cpanel/3rdparty/perl/522/include
> /usr/local/cpanel/3rdparty/include
> -Dlibpth=/usr/local/cpanel/3rdparty/perl/522/lib64
> /usr/local/cpanel/3rdparty/lib64 /usr/local/lib64 /usr/local/lib
> /lib64 /usr/lib64 '
>     hint=recommended, useposix=true, d_sigaction=define
>     useithreads=undef, usemultiplicity=undef
>     use64bitint=define, use64bitall=undef, uselongdouble=undef
>     usemymalloc=n, bincompat5005=undef
>   Compiler:
>     cc='/usr/bin/gcc', ccflags ='-DPERL_DISABLE_PMC
> -I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -fwrapv -fno-strict-aliasing -pipe
> -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2',
>     optimize='-Os',
>     cppflags='-I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -DPERL_DISABLE_PMC
> -I/usr/local/cpanel/3rdparty/perl/522/include
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -I/usr/local/cpanel/3rdparty/include
> -L/usr/local/cpanel/3rdparty/lib64 -fwrapv -fno-strict-aliasing -pipe
> -fstack-protector-strong -I/usr/local/include'
>     ccversion='', gccversion='4.8.2 20140120 (Red Hat 4.8.2-16)',
> gccosandvers=''
>     intsize=4, longsize=8, ptrsize=8, doublesize=8,
> byteorder=12345678, doublekind=3
>     d_longlong=define, longlongsize=8, d_longdbl=define,
> longdblsize=16, longdblkind=3
>     ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
> lseeksize=8
>     alignbytes=8, prototype=define
>   Linker and Libraries:
>     ld='/usr/bin/gcc', ldflags ='-Wl,-rpath
> -Wl,/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64 -lgdbm
> -fstack-protector-strong -L/usr/local/lib'
>     libpth=/usr/local/cpanel/3rdparty/perl/522/lib64
> /usr/local/cpanel/3rdparty/lib64 /usr/local/lib64 /usr/local/lib
> /lib64 /usr/lib64 /usr/local/lib /usr/lib /lib/../lib64
> /usr/lib/../lib64 /lib
>     libs=-lpthread -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
-lgdbm_compat
>     perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
>     libc=libc-2.17.so, so=so, useshrplib=true, libperl=libperl.so
>     gnulibc_version='2.17'
>   Dynamic Linking:
>     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
>
-Wl,-rpath,/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1/x86_64-linux-64int/CORE'
>     cccdlflags='-fPIC', lddlflags='-shared -Os
> -L/usr/local/cpanel/3rdparty/perl/522/lib64
> -L/usr/local/cpanel/3rdparty/lib64 -L/usr/lib64 -L/lib64
> -L/usr/local/lib -fstack-protector-strong'
>
> Locally applied patches:
>     cPanel patches
>     cPanel INC path changes
>     Remove . from @INC
>
> ---
> @INC for perl 5.22.1:
>     /usr/local/cpanel
>
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/x86_64-linux-64int
>     /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib
>
/usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1/x86_64-linux-64int
>     /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/5.22.1
>     /opt/cpanel/perl5/522/site_lib/x86_64-linux-64int
>     /opt/cpanel/perl5/522/site_lib
>
> ---
> Environment for perl 5.22.1:
>     HOME=/root
>     LANG=en_US.UTF-8
>     LANGUAGE (unset)
>     LD_LIBRARY_PATH (unset)
>     LOGDIR (unset)
>
PATH=/usr/local/cpanel/3rdparty/perl/524/bin:/usr/local/cpanel/bin:/usr/local/cpanel/3rdparty/bin:/usr/local/cpanel/3rdparty/perl/524/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/cpanel/perl5/524/bin
>     PERL_BADLANG (unset)
>     SHELL=/bin/zsh
>

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About