develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #129903] regexec.c stack overflow

Thread Next
Father Chrysostomos via RT
October 18, 2016 01:17
[perl #129903] regexec.c stack overflow
Message ID:
On Mon Oct 17 10:26:19 2016, wrote:
> I'm not convinced that this is an actual bug,

I think it is.

> but #p5p was silent when I
> asked about it. Affects Perl back to 5.20.2 including v5.25.6
> (v5.25.5-114-g87af8d5). Valgrind fails pretty quickly but gdb just goes on
> forever.
> perl -e '/(?{m}(0)},s\/\/\/})//0'

That is nonsensical code.
$ perl5.18.3 -e '/(?{m}(0)},s\/\/\/})//0'
Segmentation fault: 11
$ perl5.14.4 -e '/(?{m}(0)},s\/\/\/})//0'
Sequence (?{...}) not terminated or not {}-balanced in regex; marked by <-- HERE in m/(?{ <-- HERE m}(0)},s///})/ at -e line 1.

I do not have 5.16 handy.  The output from 5.14 is what I would expect.

> ==6615==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc78f88ca8
> (pc 0x0000004c0d4c bp 0x7ffc78f89500 sp 0x7ffc78f88cb0 T0)
>     #0 0x4c0d4b in calloc (/root/perl/perl+0x4c0d4b)
>     #1 0x7f9301 in Perl_safesyscalloc /root/perl/util.c:442:18
>     #2 0xb45aed in Perl_regexec_flags /root/perl/regexec.c:3128:9
>     #3 0x8cf9c5 in Perl_pp_subst /root/perl/pp_hot.c:2981:10
>     #4 0x7f4483 in Perl_runops_debug /root/perl/dump.c:2246:23
>     #5 0xb984b6 in S_regmatch /root/perl/regexec.c:6888:3
>     #6 0xb7337c in S_regtry /root/perl/regexec.c:3622:14

It should not even be getting that far.  It should fail at compile time.


Father Chrysostomos

via perlbug:  queue: perl5 status: new

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About