develooper Front page | perl.perl5.porters | Postings from January 2017

[perl #129377] heap-buffer-overflow in S_regmatch (regexec.c:5439)

From:
Hugo van der Sanden via RT
Date:
January 25, 2017 10:16
Subject:
[perl #129377] heap-buffer-overflow in S_regmatch (regexec.c:5439)
Message ID:
rt-4.0.24-3668-1485339406-1340.129377-15-0@perl.org
On Tue, 24 Jan 2017 19:45:35 -0800, tonyc wrote:
> On Fri, 14 Oct 2016 18:21:08 -0700, brian.carpenter@gmail.com wrote:
> > I have a smaller test case for this issue:
> >
> > perl -e '$q0=q/00|0()0|0()\1/;0=~$q0'
> 
> Your original test case produced a stack overflow (deep recursion) for
> me before or after Hugo's 129377 patch in
> 2dfc11ec3af312f4fa3eb244077c79dbb5fc2d85.
> 
> This test case is fixed by Hugo's patch.
> 
> On Mon, 17 Oct 2016 04:02:43 -0700, hv wrote:
> > On Fri Oct 14 18:21:08 2016, brian.carpenter@gmail.com wrote:
> > > I have a smaller test case for this issue:
> > >
> > > perl -e '$q0=q/00|0()0|0()\1/;0=~$q0'
> >
> > This is rather another case of #129377, and is fixed by my proposed
> > patch there.
> 
> So merging this into 129377.

I'm not sure merging was the right thing to do - the "another case of #129377" applies only to Brian's followup claim to have a smaller test case, not to the original report.

That's fine though, I can create a clearer new ticket based on the first half of my original analysis - I think we already have ample references to the second (stackbusting) issue there.

Hugo

---
via perlbug:  queue: perl5 status: pending release
https://rt.perl.org/Ticket/Display.html?id=129377



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About