develooper Front page | perl.perl5.porters | Postings from February 2018

Re: [perl #132593] PERL-5.26.1 heap_buffer_overflow READ of size 8

Thread Previous
From:
Sawyer X
Date:
February 8, 2018 10:57
Subject:
Re: [perl #132593] PERL-5.26.1 heap_buffer_overflow READ of size 8
Message ID:
d503482b-3cc2-77d2-af16-bd1bc2212e97@gmail.com


On 02/07/2018 05:17 AM, Tony Cook via RT wrote:
> On Mon, 18 Dec 2017 03:34:03 -0800, davem wrote:
>> On Sun, Dec 17, 2017 at 02:17:02AM -0800, SRAUMS JN wrote:
>>> #0 0x2519067 in Perl_pp_backtick
>>> /home/asan_perl/Documents/perl-5.26.1/pp_sys.c:299
>>> #1 0x1b1bc2e in Perl_runops_standard
>>> /home/asan_perl/Documents/perl-5.26.1/run.c:41
>>> #2 0x9218a5 in S_run_body
>>> /home/asan_perl/Documents/perl-5.26.1/perl.c:2519
>>> #3 0x9218a5 in perl_run
>>> /home/asan_perl/Documents/perl-5.26.1/perl.c:2447
>>> #4 0x46b6a7 in main /home/asan_perl/Documents/perl-
>>> 5.26.1/perlmain.c:123
>>> #5 0x7ffff615e82f in __libc_start_main
>>> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>>> #6 0x46c888 in _start
>>> (/home/asan_perl/Documents/perl-5.26.1/perl+0x46c888)
>>>
>>> 0x619000009678 is located 8 bytes to the left of 1024-byte region
>>> [0x619000009680,0x619000009a80)
>>> allocated by thread T0 here:
>>>     #0 0x7ffff6f02602 in malloc
>>> (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
>>>     #1 0x167dd81 in Perl_safesysmalloc
>>> /home/asan_perl/Documents/perl-5.26.1/util.c:153
>>>     #2 0x1adf2d0 in Perl_av_extend_guts
>>> /home/asan_perl/Documents/perl-5.26.1/av.c:186
>>>     #3 0x2272eb6 in Perl_new_stackinfo
>>> /home/asan_perl/Documents/perl-5.26.1/scope.c:74
>>>     #4 0x8ab011 in Perl_init_stacks
>>> /home/asan_perl/Documents/perl-5.26.1/perl.c:4137
>>>     #5 0x8af2e0 in perl_construct
>>> /home/asan_perl/Documents/perl-5.26.1/perl.c:274
>>>     #6 0x46b033 in main /home/asan_perl/Documents/perl-
>>> 5.26.1/perlmain.c:117
>>>     #7 0x7ffff615e82f in __libc_start_main
>>> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>> A bisect shows this is fixed in blead by this
>>
>> commit 397baf232086e0a9ad6f881a9614d3dbaea853fc
>> Author:     Zefram <zefram@fysh.org>
>> AuthorDate: Tue Dec 12 06:24:01 2017 +0000
>> Commit:     Zefram <zefram@fysh.org>
>> CommitDate: Tue Dec 12 06:24:01 2017 +0000
>>
>> properly check readpipe()'s argument list
>>
>> readpipe() wasn't applying context to its argument list, resulting in
>> readpipe()'s context leaking in, and broken stack discipline when a
>> list
>> expression was used.  Fixes [perl #4574].
> It also depends on feeding code to the interpreter.
>
> Since it's fixed I'm closing it.
>
> I've also added it to the 5.24 and 5.26 votes files.

Voted in favor of both.

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About