develooper Front page | perl.perl5.porters | Postings from August 2017

[perl #131793] heap-buffer-overflow in Perl_sv_vcatpvfn_flags

From:
Tony Cook via RT
Date:
August 17, 2017 01:13
Subject:
[perl #131793] heap-buffer-overflow in Perl_sv_vcatpvfn_flags
Message ID:
rt-4.0.24-31834-1502932376-1844.131793-15-0@perl.org
On Wed, 16 Aug 2017 17:58:23 -0700, tonyc wrote:
> On Tue, 15 Aug 2017 19:44:10 -0700, quangnh89@gmail.com wrote:
> > The attached script triggers a heap-buffer-overflow Perl_sv_vcatpvfn
> > (sv.c:13353:17). This was found with ASAN.
> > 
> > =================================================================
> > ==1380==ERROR: AddressSanitizer: heap-buffer-overflow on address
> > 0x602000000fa8 at pc 0x0000004c6337 bp 0x7ffc3713f3f0 sp
> > 0x7ffc3713eba0
> > READ of size 10 at 0x602000000fa8 thread T0
> >     #0 0x4c6336 in __asan_memcpy
> > /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-
> > rt/lib/asan/asan_interceptors.cc:453:3
> >     #1 0xd46667 in Perl_sv_vcatpvfn_flags
> > /root/fuzz/perl5/perl-new/sv.c:13353:17
> 
> This is a duplicate of #131793 and is fixed by my patch there.

Which I've now applied to blead as 36000cd1c47863d8412b285701db7232dd450239.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131793



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About