develooper Front page | perl.perl5.porters | Postings from September 2017

[perl #132164] unsigned integer overflow in S_study_chunk(regcomp.c:5444)

From:
Brian Carpenter
Date:
September 26, 2017 06:12
Subject:
[perl #132164] unsigned integer overflow in S_study_chunk(regcomp.c:5444)
Message ID:
rt-4.0.24-17575-1506406351-199.132164-75-0@perl.org
# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #132164]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=132164 >


Triggered while fuzzing v5.27.4-28-g60dfa51

./perl -e 'm m0*0+\Rm'

regcomp.c:5444:26: runtime error: signed integer overflow:
9223372036854775807 + 1 cannot be represented in type 'long'
    #0 0xc36484 in S_study_chunk /root/perl/regcomp.c:5444:26
    #1 0xb7c063 in Perl_re_op_compile /root/perl/regcomp.c:7574:11
    #2 0x567839 in Perl_pmruntime /root/perl/op.c:5888:6
    #3 0xaf495b in Perl_yyparse /root/perl/perly.y:1210:23
    #4 0x7289f7 in S_parse_body /root/perl/perl.c:2450:9
    #5 0x714363 in perl_parse /root/perl/perl.c:1753:2
    #6 0x50af99 in main /root/perl/perlmain.c:121:18
    #7 0x7fd350558b44 in __libc_start_main
/build/glibc-6V9RKT/glibc-2.19/csu/libc-start.c:287
    #8 0x43c01b in _start (/root/perl/perl+0x43c01b)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior regcomp.c:5444:26




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About