develooper Front page | perl.perl5.porters | Postings from November 2017

Re: [perl #129158] null ptr deref, segfault in Perl_pp_split () atpp.c:5738

Thread Previous
From:
Dave Mitchell
Date:
November 28, 2017 14:35
Subject:
Re: [perl #129158] null ptr deref, segfault in Perl_pp_split () atpp.c:5738
Message ID:
20171128143511.GE28075@iabyn.com
On Sat, Oct 28, 2017 at 06:30:31AM -0700, James E Keenan via RT wrote:
> On Mon, 26 Sep 2016 11:58:56 GMT, davem wrote:
> > On Mon, Sep 12, 2016 at 03:23:07PM +0100, Dave Mitchell wrote:
> > > On Sun, Sep 11, 2016 at 10:17:39PM -0700, Father Chrysostomos via RT
> > > wrote:
> > > > On Thu Sep 01 01:49:12 2016, brian.carpenter@gmail.com wrote:
> > > > > Perl v5.25.5 (v5.25.4-25-g109ac34*), found with AFL + ASAN. A
> > > > > non-
> > > > > instrumented build of
> > > > > v5.25.4-5-g92d73bf returns the valgrind output at the end.
> > > >
> > > > I can reproduce it on dromedary, but not locally.  On dromedary I
> > > > don’t have a functional gdb, so it’s a little hard to debug.
> > > >
> > > > I tried bisecting, but got perl-5.6.0-4727-g4cddb5c, which seems
> > > > like a red herring.
> > > >
> > > > I managed to reduce it to this:
> > > >
> > > > $ cat foo
> > > > map{s///o > split 0,split /0/>0}<DATA>__END__
> > >
> > > It's only an issue on non-threaded builds. It started failing
> > > sometime
> > > between 5.16.0 and 5.18.0.
> > > I'm looking into it.
> > 
> > It turns out that this is another variant of RT #124368: on non-
> > threaded
> > builds, the s///o combines: modifying the op tree under /o to avoid
> > recompilation on subsequent iterations; and m// using the last
> > successful
> > pattern. The combination of the two makes /o end up modifying some
> > random
> > other part of the op tree.
> > 
> > I haven't fixed this yet, but while investigating what was going on, I
> > decided I would finally sort out the horrible OP_SPLIT/OP_PUSHRE mess,
> > which I have now done and am smoking as smoke-me/davem/pushre2.
> > 
> > The most significant commit from that branch is the following, which
> > I intend to merge into blead in few days time. Note this it is *not* a
> > fix
> > for this ticket.
> > 
> 
> Dave, Father C, et al.,
> 
> Could we get an update on the status of this ticket?

It appears to have been fixed by v5.27.2-138-g3cb4cde.

-- 
Nothing ventured, nothing lost.

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About