develooper Front page | perl.perl5.porters | Postings from January 2017

[perl #130635] [PATCH] Stack overflow in Storable retrieve_hook

Thread Previous | Thread Next
From:
James E Keenan via RT
Date:
January 25, 2017 04:04
Subject:
[perl #130635] [PATCH] Stack overflow in Storable retrieve_hook
Message ID:
rt-4.0.24-21154-1485317055-1426.130635-15-0@perl.org
On Wed, 25 Jan 2017 02:05:45 GMT, jkeenan wrote:
> On Tue, 24 Jan 2017 19:22:28 GMT, john@nixnuts.net wrote:
> > This is a bug report for perl from john@nixnuts.net,
> > generated with the help of perlbug 1.40 running under perl 5.25.9.
> >
> >
> > -----------------------------------------------------------------
> > AFL detected a stack overflow in Storable's retrieve_hook() function.
> >
> > The problem essentially is that a hook's classname length is read
> > into
> > a signed integer, compared to the size of a stack buffer, then used
> > to
> > read the classname. The size comparison treats the length as signed,
> > while the read treats the length as unsigned.
> >
> 
> Available for smoke-testing in this branch:
> 
> smoke-me/jkeenan/130635-storable
> 
> I corrected one spelling error in a test description and incremented
> the VERSION number.

This revision failed on FreeBSD-11.  See:  http://perl5.test-smoke.org/report/53470

When I ran the test file individually, it hung at 'ok 24', then printed these error messages:

#####
swap_pager: out of swap space
swap_pager_getswapspace(16): failed
swap_pager_getswapspace(16): failed
swap_pager_getswapspace(16): failed
#####

kernel: pid 18627 (perl), uid 1001, was killed: out of swap space

So something is clearly amiss with this patch.

Thank you very much.

-- 
James E Keenan (jkeenan@cpan.org)

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=130635

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About