develooper Front page | perl.perl5.porters | Postings from August 2017

[perl #131836] heap-buffer-overflow in Perl_yylex

From:
Tony Cook via RT
Date:
August 28, 2017 06:34
Subject:
[perl #131836] heap-buffer-overflow in Perl_yylex
Message ID:
rt-4.0.24-26279-1503902060-1528.131836-15-0@perl.org
On Sun, 06 Aug 2017 18:30:40 -0700, tonyc wrote:
> On Fri, 04 Aug 2017 02:37:31 -0700, gy741.kim@gmail.com wrote:
> > Hi.
> >
> > I found a heap-buffer-overflow bug in perl.
> >
> > Please confirm.
> 
> This is a use-after-free, not a buffer overflow.
> 
> Since it requires feeding code to the interpreter it isn't a security
> issue, so I've made it public.
> 
> > =================================================================
> > ==22689==ERROR: AddressSanitizer: heap-use-after-free on address
> > 0xb5101102
> > at pc 0x082b8557 bp 0xbfefdf68 sp 0xbfefdf5c
> > READ of size 1 at 0xb5101102 thread T0
> >     #0 0x82b8556 in Perl_yylex /root/karas/perl5-blead/toke.c:5137:13
> >     #1 0x835df10 in Perl_yyparse /root/karas/perl5-
> > blead/perly.c:340:34
> >     #2 0x8232350 in S_parse_body /root/karas/perl5-
> > blead/perl.c:2401:9
> >     #3 0x82285e3 in perl_parse /root/karas/perl5-blead/perl.c:1719:2
> >     #4 0x81494a6 in main /root/karas/perl5-blead/perlmain.c:121:18
> >     #5 0xb7547636 in __libc_start_main
> > /build/glibc-KM3i_a/glibc-2.23/csu/../csu/libc-start.c:291
> >     #6 0x8075847 in _start (/root/karas/perl5-blead/perl+0x8075847)
> 
> The attached fixes it for me.

Applied as 3b8804a4c2320ae4e7e713c5836d340eb210b6cd.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131836



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About