Re: [perl #130621] Segfault in Perl_vwarner (util.c:2051)

Front page | perl.perl5.porters | Postings from January 2017

Re: [perl #130621] Segfault in Perl_vwarner (util.c:2051)

Thread Previous

From:

Dave Mitchell

Date:

January 23, 2017 14:09

Subject:

Re: [perl #130621] Segfault in Perl_vwarner (util.c:2051)

Message ID:

20170123140945.GB4206@iabyn.com

On Sun, Jan 22, 2017 at 01:10:42PM -0800, Sergey Aleynikov wrote:
> While fuzzing perl v5.25.8-216-gfbceb79751 built with afl and run
> under libdislocator, I found the following program
> 
> eval q!$^D = 'C';0 =~ ~v1000 / 0!
> 
> to crash on debugging builds (as assigning to $^D is a no-op on
> regular builds). This is a regression between v5.22.2 and v5.24.0,
> bisect points to

I've fixed the proximate cause with the following two commits; the deeper
eval fix I'll leave till later.

commit b1a69a65ecd83426da7ca1af26b757fe0da58007
Author:     David Mitchell <davem@iabyn.com>
AuthorDate: Mon Jan 23 13:27:07 2017 +0000
Commit:     David Mitchell <davem@iabyn.com>
CommitDate: Mon Jan 23 13:52:36 2017 +0000

    ckDEAD: PL_curcop->cop_warnings only if PL_curcop
    
    RT #130621
    
    In ckDEAD(), don't check the value of PL_curcop->cop_warnings unless
    PL_curcop is non-null.
    
    In the ticket above, the reason that PL_curcop is null is the less
    than optimal way that evals free their optree: ideally the optree should
    be attached to the eval CV and freed when the CV is; instead a separate
    SAVEFREEOP() is done. But that fix is for another time; regardless,
    ckDEAD() should have a PL_curcop != NULL guard anyway like isLEXWARN_on()
    etc already do.

commit f4c617746504f38fcb281a2b1c1da9426d8eab01
Author:     David Mitchell <davem@iabyn.com>
AuthorDate: Mon Jan 23 13:37:21 2017 +0000
Commit:     David Mitchell <davem@iabyn.com>
CommitDate: Mon Jan 23 13:52:36 2017 +0000

    mess_sv(): access only if PL_curcop is non-null
    
    RT #130621
    
    In Perl_mess_sv(), don't try to add an "at foo line NN" to the error
    message if PL_curcop is null.
    
    In the ticket above, the reason that PL_curcop is null is the less
    than optimal way that evals free their optree: ideally the optree should
    be attached to the eval CV and freed when the CV is; instead a separate
    SAVEFREEOP() is done. But that fix is for another time; regardless,
    mess_sv() should have a PL_curcop != NULL guard anyway.

-- 
This email is confidential, and now that you have read it you are legally
obliged to shoot yourself. Or shoot a lawyer, if you prefer. If you have
received this email in error, place it in its original wrapping and return
for a full refund. By opening this email, you accept that Elvis lives.

Thread Previous

[perl #130621] Segfault in Perl_vwarner (util.c:2051) by Sergey Aleynikov

Re: [perl #130621] Segfault in Perl_vwarner (util.c:2051) by Dave Mitchell

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About