develooper Front page | perl.perl5.porters | Postings from January 2017

Re: [perl #130635] [PATCH] Stack overflow in Storable retrieve_hook

Thread Next
From:
John Lightsey
Date:
January 26, 2017 23:19
Subject:
Re: [perl #130635] [PATCH] Stack overflow in Storable retrieve_hook
Message ID:
1485472752.4744.4.camel@nixnuts.net
On Thu, 2017-01-26 at 13:48 -0800, James E Keenan via RT wrote:
> As previously reported, I configure with:
> 
> "-des -Dusedevel -Duseithreads -Doptimize='-O2 -pipe -fstack-protector -fno-
> strict-aliasing' -DDEBUGGING"
> 
> ... because that gets us very close to the way that the FreeBSD port of perl
> is configured.
> 

Excellent, thanks.

The problem turned out to be that the AFL generated payload was hitting two
other memory allocation errors before it even entered retrieve_hook(). That
combination of flags on FreeBSD seems to crash whenever Storable tries to
allocate too much memory.

I adjusted the test data to use more realistic sizes when it enters
retrieve_hash() and retrieve_flag_hash() so that it's only focusing on the stack
overflow in retrieve_hook().

I also cleaned up the test output formatting a bit.

An updated patch is attached.
Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About