develooper Front page | perl.perl5.porters | Postings from January 2018

[perl #132552] heap-buffer-overflow (READ of size 2) inPerl_fbm_instr

From:
Tony Cook via RT
Date:
January 23, 2018 22:45
Subject:
[perl #132552] heap-buffer-overflow (READ of size 2) inPerl_fbm_instr
Message ID:
rt-4.0.24-11491-1516747494-1708.132552-15-0@perl.org
On Wed, 13 Dec 2017 08:12:00 -0800, davem wrote:
> On Fri, Dec 08, 2017 at 11:37:54AM -0800, Brian Carpenter wrote:
> > Triggered with v5.27.6-156-g5d4548b73b, compiled with clang 6.0.0-
> > trunk and
> > -fsanitize=address. This bug looks similar to 129012 and 132187.
> >
> >
> > ./perl -e '$_="0000000\x{600000}";/^000.\000000?\00000/'
> > =================================================================
> > ==29563==ERROR: AddressSanitizer: heap-buffer-overflow on address
> > 0x602000000ebe at pc 0x000000451a60 bp 0x7ffe25406c50 sp
> > 0x7ffe254063f8
> > READ of size 2 at 0x602000000ebe thread T0
> >     #0 0x451a5f in __interceptor_memchr
> > /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-
> > rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:823:3
> >     #1 0x7bd1a6 in Perl_fbm_instr /root/perl/util.c:985:42
> >     #2 0xaabce3 in Perl_re_intuit_start /root/perl/regexec.c:935:13
> 
> Fixed with v5.27.6-216-g37e6bbd.
> 
> Not exploitable; I'll move to the public queue in a few days time.

Done.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=132552



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About