Front page | perl.perl5.porters |
Postings from April 2018
[perl #133100] SEGV using a regex with an invalid repeat range
Thread Previous
From:
Russell
Date:
April 11, 2018 17:21
Subject:
[perl #133100] SEGV using a regex with an invalid repeat range
Message ID:
rt-4.0.24-16424-1523451801-1733.133100-75-0@perl.org
# New Ticket Created by Russell, Nick
# Please include the string: [perl #133100]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/Ticket/Display.html?id=133100 >
This is a bug report for perl from Nick Rrussell,
generated with the help of perlbug 1.39 running under perl 5.26.1.
-----------------------------------------------------------------
The following command:
# echo 'b' | perl -ne 'print if /ba{11,2}/;'
when executed under perl v5.16.3 produces the error below:
Can't do {n,m} with n > m in regex; marked by <-- HERE in m/ba{11,2} <-- HERE / at -e line 1.
which is expected. However when run under perl v5.26.1 the regex is considered valid and crashes perl when the range is evaluated:
Core was generated by `perl -ne print if /ba{11,2}/;'.
Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0 0x00007efe26ddba24 in ?? () from /usr/lib/perl5/core_perl/CORE/libperl.so
#1 0x00007efe26de15f8 in Perl_regexec_flags () from /usr/lib/perl5/core_perl/CORE/libperl.so
#2 0x00007efe26d85a46 in Perl_pp_match () from /usr/lib/perl5/core_perl/CORE/libperl.so
#3 0x00007efe26d8219b in Perl_runops_standard () from /usr/lib/perl5/core_perl/CORE/libperl.so
#4 0x00007efe26d1d035 in perl_run () from /usr/lib/perl5/core_perl/CORE/libperl.so
#5 0x0000557ea61a6c42 in main ()
Note that I was using a chroot that did not have perlbug installed so I used the version available under the host OS so the ' Locally applied patches' section is bogus.
-----------------------------------------------------------------
---
Flags:
category=core
severity=high
---
This perlbug was built using Perl 5.16.3 - Wed Aug 2 17:44:15 UTC 2017
It is being executed now by Perl 5.26.1 - Tue Oct 31 13:26:34 GMT 2017.
Site configuration information for perl 5.26.1:
Configured by Alpine at Tue Oct 31 13:26:34 GMT 2017.
Summary of my perl5 (revision 5 version 26 subversion 1) configuration:
Platform:
osname=linux
osvers=4.4.45-0-grsec
archname=x86_64-linux-thread-multi
uname='linux build-3-7-x86_64 4.4.45-0-grsec #1-alpine smp thu jan 26 14:21:00 gmt 2017 x86_64 linux '
config_args='-des -Dcccdlflags=-fPIC -Dcccdlflags=-fPIC -Dccdlflags=-rdynamic -Dprefix=/usr -Dprivlib=/usr/share/perl5/core_perl -Darchlib=/usr/lib/perl5/core_perl -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5/vendor_perl -Dvendor
arch=/usr/lib/perl5/vendor_perl -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl5/site_perl -Dsitearch=/usr/local/lib/perl5/site_perl -Dlocincpth= -Doptimize=-Os -fomit-frame-pointer -Duselargefiles -Dusethreads -Duseshrplib -Dd_
semctl_semun -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dinstallman1dir=/usr/share/man/man1 -Dinstallman3dir=/usr/share/man/man3 -Dman1ext=1 -Dman3ext=3pm -Dcf_by=Alpine -Ud_csh -Dusenm'
hint=recommended
useposix=true
d_sigaction=define
useithreads=define
usemultiplicity=define
use64bitint=define
use64bitall=define
uselongdouble=undef
usemymalloc=n
default_inc_excludes_dot=define
bincompat5005=undef
Compiler:
cc='cc'
ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
optimize='-Os -fomit-frame-pointer'
cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong'
ccversion=''
gccversion='6.4.0'
gccosandvers=''
intsize=4
longsize=8
ptrsize=8
doublesize=8
byteorder=12345678
doublekind=3
d_longlong=define
longlongsize=8
d_longdbl=define
longdblsize=16
longdblkind=3
ivtype='long'
ivsize=8
nvtype='double'
nvsize=8
Off_t='off_t'
lseeksize=8
alignbytes=8
prototype=define
Linker and Libraries:
ld='cc'
ldflags =' -fstack-protector-strong -L/usr/local/lib'
libpth=/usr/include/fortify /usr/lib /usr/local/lib /lib/../lib /usr/lib/../lib /lib
libs=-lpthread -ldl -lm -lcrypt -lutil -lc
perllibs=-lpthread -ldl -lm -lcrypt -lutil -lc
libc=/usr/lib/libc.a
so=so
useshrplib=true
libperl=libperl.so
gnulibc_version=''
Dynamic Linking:
dlsrc=dl_dlopen.xs
dlext=so
d_dlsymun=undef
ccdlflags='-rdynamic -Wl,-rpath,/usr/lib/perl5/core_perl/CORE'
cccdlflags='-fPIC'
lddlflags='-shared -Os -fomit-frame-pointer -L/usr/local/lib -fstack-protector-strong'
Locally applied patches:
Fedora Patch1: Removes date check, Fedora/RHEL specific
Fedora Patch3: support for libdir64
Fedora Patch4: use libresolv instead of libbind
Fedora Patch5: USE_MM_LD_RUN_PATH
Fedora Patch6: Skip hostname tests, due to builders not being network capable
Fedora Patch7: Dont run one io test due to random builder failures
Fedora Patch9: Fix find2perl to translate ? glob properly (RT#113054)
Fedora Patch10: Fix broken atof (RT#109318)
Fedora Patch13: Clear $@ before \"do\" I/O error (RT#113730)
Fedora Patch14: Do not truncate syscall() return value to 32 bits (RT#113980)
Fedora Patch15: Override the Pod::Simple::parse_file (CPANRT#77530)
Fedora Patch16: Do not leak with attribute on my variable (RT#114764)
Fedora Patch17: Allow operator after numeric keyword argument (RT#105924)
Fedora Patch18: Extend stack in File::Glob::glob, (RT#114984)
Fedora Patch19: Do not crash when vivifying $|
Fedora Patch20: Fix misparsing of maketext strings (CVE-2012-6329)
Fedora Patch21: Add NAME headings to CPAN modules (CPANRT#73396)
Fedora Patch22: Fix leaking tied hashes (RT#107000) [1]
Fedora Patch23: Fix leaking tied hashes (RT#107000) [2]
Fedora Patch24: Fix leaking tied hashes (RT#107000) [3]
Fedora Patch25: Fix dead lock in PerlIO after fork from thread (RT#106212)
Fedora Patch26: Make regexp safe in a signal handler (RT#114878)
Fedora Patch27: Update h2ph(1) documentation (RT#117647)
Fedora Patch28: Update pod2html(1) documentation (RT#117623)
Fedora Patch29: Document Math::BigInt::CalcEmu requires Math::BigInt (CPAN RT#85015)
RHEL Patch30: Use stronger algorithm needed for FIPS in t/op/crypt.t (RT#121591)
RHEL Patch31: Make *DBM_File desctructors thread-safe (RT#61912)
RHEL Patch32: Use stronger algorithm needed for FIPS in t/op/taint.t (RT#123338)
RHEL Patch33: Remove CPU-speed-sensitive test in Benchmark test
RHEL Patch34: Make File::Glob work with threads again
RHEL Patch35: Fix CRLF conversion in ASCII FTP upload (CPAN RT#41642)
RHEL Patch36: Do not leak the temp utf8 copy of namepv (CPAN RT#123786)
RHEL Patch37: Fix duplicating PerlIO::encoding when spawning threads (RT#31923)
---
@INC for perl 5.26.1:
/usr/local/lib/perl5/site_perl
/usr/local/share/perl5/site_perl
/usr/lib/perl5/vendor_perl
/usr/share/perl5/vendor_perl
/usr/lib/perl5/core_perl
/usr/share/perl5/core_perl
---
Environment for perl 5.26.1:
HOME=/root
LANG=en_GB.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/sbin:/bin:/usr/sbin:/usr/bin
PERL_BADLANG (unset)
SHELL=/bin/bash
The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any review, dissemination, distribution or copying is strictly prohibited. If you have received this email message in error, please notify the sender by reply email and delete the message and any attachments.
________________________________
McAfee Security UK Limited is registered in England and Wales with its registered address at C/O Skadden, Arps, Slate, Meagher & Flom (UK) LLP, 40 Bank Street, Canary Wharf, London, United Kingdom, E14 5DS, Company No. 10472868
Thread Previous