develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #128997] heap-use-after-free Perl_do_print (doio.c:1400)

From:
Tony Cook via RT
Date:
October 31, 2016 04:22
Subject:
[perl #128997] heap-use-after-free Perl_do_print (doio.c:1400)
Message ID:
rt-4.0.24-30745-1477887757-710.128997-15-0@perl.org
On Mon Oct 17 21:47:48 2016, tonyc wrote:
> On Mon Oct 17 17:04:40 2016, tonyc wrote:
> > > When you minimize the orig55 testcase with afl-tmin, you get
> > > test55, which
> > > triggers a heap-buffer-overflow in Perl_sv_setpvn (sv.c:4899).
> > >
> > > ==10948==ERROR: AddressSanitizer: heap-buffer-overflow on address
> > > 0x60400000a4f8 at pc 0x0000004a9ff2 bp 0x7ffc3e2ad430 sp
> > > 0x7ffc3e2acbf0
> > > READ of size 13 at 0x60400000a4f8 thread T0
> > >     #0 0x4a9ff1 in __asan_memmove (/root/perl/perl+0x4a9ff1)
> > >     #1 0x909695 in Perl_sv_setpvn /root/perl/sv.c:4899:5
> > >     #2 0x951c07 in Perl_newSVpvn_flags /root/perl/sv.c:9154:5
> > >     #3 0x66407b in Perl_yylex /root/perl/toke.c:4899:31
> > >     #4 0x6ac9d5 in Perl_yyparse /root/perl/perly.c:334:19
> > >     #5 0x59c4a1 in S_parse_body /root/perl/perl.c:2372:9
> > >     #6 0x59283c in perl_parse /root/perl/perl.c:1688:2
> > >     #7 0x4de835 in main /root/perl/perlmain.c:121:18
> > >     #8 0x7f4f249eeb44 in __libc_start_main
> >
> > But not this.
> 
> Should be fixed by the attached.

Applied as 856bb39c27416e4cb179e60a2b67ab0810baf7c3.

Since both issues are fixed, closing this ticket.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=128997



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About