[perl #129347] null pointer deref S_ft_return_false (pp_sys.c:3036)

# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #129347]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=129347 >


Found with AFL+ASAN, triggered in Perl v5.25.5-8-g3c42ae1.

./perl -e '($0)=sort{-b-d}/()()/'

ASAN:SIGSEGV
=================================================================
==24203==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x000000ae09f0 bp 0x00000023636c sp 0x7ffd31ec7a20 T0)
    #0 0xae09ef in S_ft_return_false /root/perl/pp_sys.c:3036:9
    #1 0xae09ef in Perl_pp_ftrowned /root/perl/pp_sys.c:3310
    #2 0x7f47d3 in Perl_runops_debug /root/perl/dump.c:2239:23
    #3 0xca05fa in S_sortcv /root/perl/pp_sort.c:1800:5
    #4 0xc908ce in dynprep /root/perl/pp_sort.c:197:14
    #5 0xc908ce in S_mergesortsv /root/perl/pp_sort.c:379
    #6 0xc908ce in Perl_sortsv_flags /root/perl/pp_sort.c:1464
    #7 0xc9b847 in Perl_pp_sort /root/perl/pp_sort.c:1687:6
    #8 0x7f47d3 in Perl_runops_debug /root/perl/dump.c:2239:23
    #9 0x5a11c6 in S_run_body /root/perl/perl.c:2526:2
    #10 0x5a11c6 in perl_run /root/perl/perl.c:2449
    #11 0x4de5fd in main /root/perl/perlmain.c:123:9
    #12 0x7feccecd4b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c:287
    #13 0x4de26c in _start (/root/perl/perl+0x4de26c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/perl/pp_sys.c:3036 S_ft_return_false
==24203==ABORTING

• [perl #129347] null pointer deref S_ft_return_false (pp_sys.c:3036) by Brian Carpenter
• Re: [perl #129347] null pointer deref S_ft_return_false(pp_sys.c:3036) by Lukas Mai