[perl #130318] segfault in Perl_mg_magical (mg.c:144)

Front page | perl.perl5.porters | Postings from December 2016

[perl #130318] segfault in Perl_mg_magical (mg.c:144)

Thread Next

From:

Brian Carpenter

Date:

December 11, 2016 21:40

Subject:

[perl #130318] segfault in Perl_mg_magical (mg.c:144)

Message ID:

rt-4.0.24-26787-1481492431-1047.130318-75-0@perl.org

# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #130318]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=130318 >


Triggered with Perl v5.25.7-98-gdf13534 while fuzzing with AFL.

od -tx1 test332
0000000 6d 61 70 25 5e 48 20 3d 0c 44 2e 2e 00 20 46 54
0000020 2c 25 5f 3d 44 2e 2e 46 54 2c 25 5f 3d 44 2e 2e
0000040 00 20 2b 54 2c 6d 61 70 20 5c 2d 41 74 76 2c 2d
0000060 4f 5e 4d 2c 6d 61 70 20 5c 2d 41 1a 53 42 55 c0
0000100 63 4d 4f 73 59 74 8a 2c 2d 4f 04 22 2c 90 21 00
0000120 00 00 6e 21 0a
0000125

ASAN:SIGSEGV
=================================================================
==32602==ERROR: AddressSanitizer: SEGV on unknown address 0x00205fff8001
(pc 0x0000008233b8 bp 0x0c42000037e4 sp 0x7ffc5bfd7060 T0)
    #0 0x8233b7 in Perl_mg_magical /root/perl/mg.c:144:6
    #1 0x9476f8 in Perl_sv_magicext /root/perl/sv.c:5767:5
    #2 0x8fbf03 in Perl_sv_magic /root/perl/sv.c:5856:10
    #3 0x827b18 in Perl_mg_copy /root/perl/mg.c:471:3
    #4 0x87b54d in Perl_hv_common /root/perl/hv.c:542:7
    #5 0x8c030a in Perl_pp_aassign /root/perl/pp_hot.c:1646:25
    #6 0x7f81fb in Perl_runops_debug /root/perl/dump.c:2260:23
    #7 0x5a0ab3 in S_run_body /root/perl/perl.c:2526:2
    #8 0x5a0ab3 in perl_run /root/perl/perl.c:2449
    #9 0x4de6dd in main /root/perl/perlmain.c:123:9
    #10 0x7f3dbd687b44 in __libc_start_main
/build/glibc-daoqzt/glibc-2.19/csu/libc-start.c:287
    #11 0x4de34c in _start (/root/perl/perl+0x4de34c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/perl/mg.c:144 Perl_mg_magical
==32602==ABORTING

Perl 5.20.2 fails with many lines of this:
Attempt to free unreferenced scalar: SV 0xe1f088, Perl interpreter:
0xe1c010 at test332 line 1.

Thread Next

[perl #130318] segfault in Perl_mg_magical (mg.c:144) by Brian Carpenter

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Leon Timmermans

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Sawyer X

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Sawyer X

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by demerphq

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Zefram

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by demerphq

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Leon Timmermans

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by demerphq

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell

Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Leon Timmermans

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About