[perl #130648] regcomp.c:6195: voidS_pat_upgrade_to_utf8(RExC_state_t *const, char **, STRLEN *, int): Assertion`*(d - 1) == ')'' failed

On Thu, 26 Jan 2017 02:19:19 -0800, randir wrote:
> While fuzzing perl v5.25.9-35-g32207c637b built with afl and run
> under libdislocator, I found the following 16-bytes program
> 
> hexdump -C 0042
> 00000000  6d 27 5c 34 30 30 28 3f  7b 3c 3c 7d 29 0a 0a 27
> |m'\400(?{<<})..'|
> 00000010
> 
> to cause an assertion failure.

We're hitting S_pat_upgrade_to_utf8() with a code block of "(?{<<})\n\n". My initial suspicion is that that's fine, and the assumption that the last char of such a code block must be ')' is wrong, but I don't know.

There's also a similar assertion in S_compile_runtime_code() line 6670:
  assert(pat[src->end]   == ')');
.. so if this one is wrong, that probably is too.

Hugo

---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=130648

• [perl #130648] regcomp.c:6195: voidS_pat_upgrade_to_utf8(RExC_state_t *const, char **, STRLEN *, int): Assertion`*(d - 1) == ')'' failed by Hugo van der Sanden via RT
• Re: [perl #130648] regcomp.c:6195: voidS_pat_upgrade_to_utf8(RExC_state_t *const, char **, STRLEN *, int): Assertion`*(d - 1) == ')'' failed by Dave Mitchell
• [perl #130648] regcomp.c:6195: voidS_pat_upgrade_to_utf8(RExC_state_t *const, char **, STRLEN *, int): Assertion`*(d - 1) == ')'' failed by Father Chrysostomos via RT