develooper Front page | perl.perl5.porters | Postings from August 2017

[perl #131568] Null pointer in S_set_haseval

From:
Tony Cook via RT
Date:
August 23, 2017 04:45
Subject:
[perl #131568] Null pointer in S_set_haseval
Message ID:
rt-4.0.24-21641-1503463501-724.131568-15-0@perl.org
On Sat, 24 Jun 2017 07:01:54 -0700, davem wrote:
> On Wed, Jun 14, 2017 at 01:51:15PM +0200, H.Merijn Brand wrote:
> > This is perl 5, version 27, subversion 0 (v5.27.0) built for x86_64-
> > linux
> > ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically
> > linked, with debug_info, not stripped
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x000000000042589e in S_mark_padname_lvalue ()
> > (gdb) where
> > #0  0x000000000042589e in S_mark_padname_lvalue ()
> > #1  0x00000000004268c8 in S_set_haseval ()
> > #2  0x0000000000434392 in Perl_ck_eval ()
> > #3  0x000000000043225c in Perl_newUNOP ()
> > #4  0x0000000000497c92 in Perl_yyparse ()
> > #5  0x0000000000456398 in perl_parse ()
> > #6  0x00000000004251a0 in main ()
> 
> This is code containing lots of nested closures and formats, and which
> has
> a syntax error. Perl's attempts to continue parsing after the syntax
> error
> result in code being called which expects PL_compcv to be non-NULL,
> which
> it isn't in this case.
> 
> I think this is another example of why we should instead just stop
> parsing
> after an error rather than trying to harden all perl's parsing code to
> be
> robust after errors.
> 
> In any case I don't think it counts as a security issue.

Moved to the public queue.

Wasn't the the cause of some similar issues that failed sub-parses didn't restore the shift-reduce parser stack to the state before the sub-parse?

The parser would shift in new tokens, reduce based on tokens from the sub-parse and use inconsisten PL_parser state (and crash).

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131568



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About