Front page | perl.perl5.porters |
Postings from September 2016
# New Ticket Created by Brian Carpenter
# Please include the string: [perl #129350]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/Ticket/Display.html?id=129350 >
This one crashes both Perl 5.20.2 and Perl v5.25.5-8-g3c42ae1. Found with AFL+ASAN.
od -tx1 test32
0000000 73 25 25 22 22 26 28 22 18 5c 37 30 30 22 3d 7e
0000020 2f 5c 62 5c 7a 30 2a 5c 37 30 30 2f 29 25 65
0000037
Perl v5.25.5-8-g3c42ae1:
==16060==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000c (pc 0x000000b51e90 bp 0x7ffc641c93f0 sp 0x7ffc641c9180 T0)
#0 0xb51e8f in Perl_re_intuit_start /root/perl/regexec.c:1049:9
#1 0xb439a1 in Perl_regexec_flags /root/perl/regexec.c:2988:6
#2 0x8c2ef8 in Perl_pp_match /root/perl/pp_hot.c:1836:10
#3 0x7f47d3 in Perl_runops_debug /root/perl/dump.c:2239:23
#4 0x5a11c6 in S_run_body /root/perl/perl.c:2526:2
#5 0x5a11c6 in perl_run /root/perl/perl.c:2449
#6 0x4de5fd in main /root/perl/perlmain.c:123:9
#7 0x7f88f6ef3b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c:287
#8 0x4de26c in _start (/root/perl/perl+0x4de26c)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/perl/regexec.c:1049 Perl_re_intuit_start
==16060==ABORTING
(gdb) list
1044 s = HOP3c(rx_origin, other->min_offset, strend);
1045 if (s < other_last) /* These positions already checked */
1046 s = other_last;
1047
1048 must = utf8_target ? other->utf8_substr : other->substr;
1049 assert(SvPOK(must));
1050 {
1051 char *from = s;
1052 char *to = last + SvCUR(must) - (SvTAIL(must)!=0);
1053
Perl 5.20.2:
==23698== Invalid read of size 4
==23698== at 0x4F6AF8A: Perl_re_intuit_start (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4F6C34E: Perl_regexec_flags (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4EFEC7D: Perl_pp_match (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4EFB055: Perl_runops_standard (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4E8B73D: perl_run (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x400E18: main (in /usr/bin/perl)
==23698== Address 0xc is not stack'd, malloc'd or (recently) free'd
==23698==
==23698==
==23698== Process terminating with default action of signal 11 (SIGSEGV)
==23698== Access not within mapped region at address 0xC
==23698== at 0x4F6AF8A: Perl_re_intuit_start (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4F6C34E: Perl_regexec_flags (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4EFEC7D: Perl_pp_match (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4EFB055: Perl_runops_standard (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x4E8B73D: perl_run (in /usr/lib/x86_64-linux-gnu/libperl.so.5.20.2)
==23698== by 0x400E18: main (in /usr/bin/perl)
==23698== If you believe this happened as a result of a stack
==23698== overflow in your program's main thread (unlikely but
==23698== possible), you can try to increase the size of the
==23698== main thread stack using the --main-stacksize= flag.
==23698== The main thread stack size used in this run was 8388608.
Segmentation fault
Thread Previous