develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #128997] heap-use-after-free Perl_do_print (doio.c:1400)

From:
Tony Cook via RT
Date:
October 18, 2016 04:47
Subject:
[perl #128997] heap-use-after-free Perl_do_print (doio.c:1400)
Message ID:
rt-4.0.24-26803-1476766068-1728.128997-15-0@perl.org
On Mon Oct 17 17:04:40 2016, tonyc wrote:
> > When you minimize the orig55 testcase with afl-tmin, you get test55, which
> > triggers a heap-buffer-overflow in Perl_sv_setpvn (sv.c:4899).
> > 
> > ==10948==ERROR: AddressSanitizer: heap-buffer-overflow on address
> > 0x60400000a4f8 at pc 0x0000004a9ff2 bp 0x7ffc3e2ad430 sp 0x7ffc3e2acbf0
> > READ of size 13 at 0x60400000a4f8 thread T0
> >     #0 0x4a9ff1 in __asan_memmove (/root/perl/perl+0x4a9ff1)
> >     #1 0x909695 in Perl_sv_setpvn /root/perl/sv.c:4899:5
> >     #2 0x951c07 in Perl_newSVpvn_flags /root/perl/sv.c:9154:5
> >     #3 0x66407b in Perl_yylex /root/perl/toke.c:4899:31
> >     #4 0x6ac9d5 in Perl_yyparse /root/perl/perly.c:334:19
> >     #5 0x59c4a1 in S_parse_body /root/perl/perl.c:2372:9
> >     #6 0x59283c in perl_parse /root/perl/perl.c:1688:2
> >     #7 0x4de835 in main /root/perl/perlmain.c:121:18
> >     #8 0x7f4f249eeb44 in __libc_start_main
> 
> But not this.

Should be fixed by the attached.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=128997



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About