[perl #130666] toke.c:9188: S_parse_ident: Assertion `(((const U8*)(PL_parser->bufend)) > ((const U8*) t) || (((const U8*) (PL_parser->bufend))== ((const U8*) t) && *((const U8*) t) == '\0'))' failed

# New Ticket Created by  Sergey Aleynikov 
# Please include the string:  [perl #130666]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=130666 >


This is a bug report for perl from sergey.aleynikov@gmail.com,
generated with the help of perlbug 1.40 running under perl 5.25.9.


-----------------------------------------------------------------
[Please describe your issue here]

While fuzzing perl v5.25.9-35-g32207c637b built with afl and run
under libdislocator, I found the following 24-bytes program

00000000  42 45 47 49 4e 7b 24 5e  48 3d 2d 31 7d 3b 73 00  |BEGIN{$^H=-1};s.|
00000010  24 30 5b 24 6c 5d 00 00                           |$0[$l]..|
00000018

to cause an assertion failure. This is a regression in blead, bisect points to

fac0f7a38edc4e50a7250b738699165079b852d8 is the first bad commit
commit fac0f7a38edc4e50a7250b738699165079b852d8
Author: Karl Williamson <khw@cpan.org>
Date:   Tue Dec 13 18:34:12 2016 -0700

    toke.c: Convert to use isFOO_utf8_safe() macros

GDB info about the crash location:

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00007fb973fc540a in __GI_abort () at abort.c:89
#2  0x00007fb973fbce47 in __assert_fail_base (fmt=<optimized out>,
    assertion=assertion@entry=0x7fb975e603f8 "(((const U8*)
(PL_parser->bufend)) > ((const U8*) t) || (((const U8*)
(PL_parser->bufend)) == ((const U8*) t) && *((const U8*) t) ==
'\\0'))", file=file@entry=0x7fb975e5f0eb "toke.c",
line=line@entry=9188,
    function=function@entry=0x7fb975e72428 <__PRETTY_FUNCTION__.19035>
"S_parse_ident") at assert.c:92
#3  0x00007fb973fbcef2 in __GI___assert_fail (
    assertion=assertion@entry=0x7fb975e603f8 "(((const U8*)
(PL_parser->bufend)) > ((const U8*) t) || (((const U8*)
(PL_parser->bufend)) == ((const U8*) t) && *((const U8*) t) ==
'\\0'))", file=file@entry=0x7fb975e5f0eb "toke.c",
line=line@entry=9188,
    function=function@entry=0x7fb975e72428 <__PRETTY_FUNCTION__.19035>
"S_parse_ident") at assert.c:101
#4  0x00007fb975494457 in S_parse_ident (check_dollar=<optimized out>,
is_utf8=<optimized out>, allow_package=<optimized out>, e=<optimized
out>,
    d=<optimized out>, s=<optimized out>) at toke.c:9188
#5  S_scan_ident (s=<optimized out>, s@entry=0x7fb977185b23 "$l]",
dest=dest@entry=0x7ffdc81c17e0 "", destlen=destlen@entry=1024,
ck_uni=ck_uni@entry=0)
    at toke.c:9285
#6  0x00007fb975497583 in S_intuit_more (s=0x7fb977185b23 "$l]") at toke.c:4171
#7  0x00007fb97551b728 in Perl_yylex () at toke.c:6590
#8  0x00007fb9754c5d9d in Perl_yylex () at toke.c:4920
#9  0x00007fb9754dde55 in Perl_yylex () at toke.c:5016
#10 0x00007fb97555a389 in Perl_yyparse (gramtype=gramtype@entry=258)
at perly.c:340
#11 0x00007fb975413131 in S_parse_body (env=env@entry=0x0,
xsinit=xsinit@entry=0x7fb975308990 <xs_init>) at perl.c:2376
#12 0x00007fb975419deb in perl_parse (my_perl=<optimized out>,
xsinit=0x7fb975308990 <xs_init>, argc=<optimized out>, argv=<optimized
out>, env=0x0)
    at perl.c:1691
#13 0x00007fb97530856e in main (argc=<optimized out>, argv=<optimized
out>, env=<optimized out>) at perlmain.c:121

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.25.9:

Configured by root at Sat Jan 14 02:25:05 MSK 2017.

Summary of my perl5 (revision 5 version 25 subversion 9) configuration:
  Commit id: cbe2fc5001aa59cdc73e04cc35e097a2ecfbeec0
  Platform:
    osname=linux
    osvers=3.16.0-4-amd64
    archname=x86_64-linux
    uname='linux dorothy 3.16.0-4-amd64 #1 smp debian 3.16.36-1+deb8u2
(2016-10-19) x86_64 gnulinux '
    config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast
-Doptimize=-O0 -g -ggdb3'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    bincompat5005=undef
  Compiler:
    cc='afl-clang-fast'
    ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
    optimize='-O0 -g -ggdb3'
    cppflags='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include'
    ccversion=''
    gccversion='4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='afl-clang-fast'
    ldflags =' -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib
/usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu
/lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
    libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.24.so
    so=so
    useshrplib=false
    libperl=libperl.a
    gnulibc_version='2.24'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -O0 -g -ggdb3 -L/usr/local/lib -fstack-protector-strong'


---
@INC for perl 5.25.9:
    lib
    /usr/local/lib/perl5/site_perl/5.25.9/x86_64-linux
    /usr/local/lib/perl5/site_perl/5.25.9
    /usr/local/lib/perl5/5.25.9/x86_64-linux
    /usr/local/lib/perl5/5.25.9

---
Environment for perl 5.25.9:
    HOME=/home/afl
    LANG=en_US.UTF-8
    LANGUAGE=en_US:en
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
    PERLBREW_BASHRC_VERSION=0.78
    PERLBREW_HOME=/home/afl/.perlbrew
    PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.22.1/man
    PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.22.1/bin
    PERLBREW_PERL=perl-5.22.1
    PERLBREW_ROOT=/home/afl/perlbrew
    PERLBREW_VERSION=0.78
    PERL_BADLANG (unset)
    SHELL=/usr/bin/zsh

• [perl #130666] toke.c:9188: S_parse_ident: Assertion `(((const U8*)(PL_parser->bufend)) > ((const U8*) t) || (((const U8*) (PL_parser->bufend))== ((const U8*) t) && *((const U8*) t) == '\0'))' failed by Karl Williamson via RT
• Re: [perl #130666] toke.c:9188: S_parse_ident: Assertion `(((constU8*) (PL_parser->bufend)) > ((const U8*) t) || (((const U8*)(PL_parser->bufend)) == ((const U8*) t) && *((const U8*) t) == '\0'))' failed by Dave Mitchell
• Re: [perl #130666] toke.c:9188: S_parse_ident: Assertion `(((constU8*) (PL_parser->bufend)) > ((const U8*) t) || (((const U8*)(PL_parser->bufend)) == ((const U8*) t) && *((const U8*) t) == '\0'))' failed by Karl Williamson
• [perl #130666] toke.c:9188: S_parse_ident: Assertion `(((const U8*)(PL_parser->bufend)) > ((const U8*) t) || (((const U8*) (PL_parser->bufend))== ((const U8*) t) && *((const U8*) t) == '\0'))' failed by Sergey Aleynikov via RT
• [perl #130666] toke.c:9188: S_parse_ident: Assertion `(((const U8*)(PL_parser->bufend)) > ((const U8*) t) || (((const U8*) (PL_parser->bufend))== ((const U8*) t) && *((const U8*) t) == '\0'))' failed by Sergey Aleynikov