develooper Front page | perl.perl5.porters | Postings from July 2018

[perl #133365] perl 5.28.0 core: Negative array index read in utf8.cand regexec.c

Thread Next
From:
Marc-Philip
Date:
July 13, 2018 03:30
Subject:
[perl #133365] perl 5.28.0 core: Negative array index read in utf8.cand regexec.c
Message ID:
rt-4.0.24-14767-1531403132-1058.133365-75-0@perl.org
# New Ticket Created by  Marc-Philip 
# Please include the string:  [perl #133365]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=133365 >


To: perlbug@perl.org
Subject: Negative array index read in utf8.c and regexec.c
Message-Id: <5.28.0_81188_1531401517@WDFM33972517A>
From: marc-philip.werner@sap.com
Reply-To: marc-philip.werner@sap.com


This is a bug report for perl from marc-philip.werner@sap.com,
generated with the help of perlbug 1.41 running under perl 5.28.0.


-----------------------------------------------------------------
Hi,
this is about perl 5.28.0. We found this with a coverity scan. Maybe it's paranoid, but I'd still like to let you know. The code looks different in blead, but it looks as if the problem is still there.

In utf8.c, line 3672 Perl__invlist_search is called. It can return -1. This return value is used as an array index in the next line.
In regexec.c, line 10387, Perl__invlist_search is also called and the return value is used as array index without any check if it's negative.

I'm attaching a patchfile. It's at least good to show what I'm aiming at.

T&R
Marc-Philip

-----------------------------------------------------------------
---
Flags:
    category=core
    severity=high
---
Site configuration information for perl 5.28.0:

Configured by sap at Thu Jul 12 12:53:40 CEST 2018.

Summary of my perl5 (revision 5 version 28 subversion 0) configuration:
   
  Platform:
    osname=darwin
    osvers=17.6.0
    archname=darwin-thread-multi-2level
    uname='darwin wdfm33972517a 17.6.0 darwin kernel version 17.6.0: tue may 8 15:22:16 pdt 2018; root:xnu-4570.61.1~1release_x86_64 x86_64 '
    config_args='-der -Dmyhostname=buildhost -Dmydomain=.com -Dcf_by=sap -Dprivlib=.../../lib -Dsitelib=.../../lib -Darchlib=.../../lib -Dsitearch=.../../lib -Dnoextensions=GDBM_File NDBM_File ODBM_File SDBM_File -Ddynamic_ext=MIME/Base64 Socket IO Time/HiRes Cwd Encode Data/Dumper Compress/Raw/Zlib Digest/SHA -Dusethreads -Duseshrplib -Duserelocatableinc -Dprefix=/Users/d026948/SAPDevelop/hmexternals/perl/gen/out/perl-5.28.0-sap1-SNAPSHOT-darwinintel64-release-c -Duse64bitall -Accflags=-B$SDKROOT/usr/include/gcc -Accflags=-B$SDKROOT/usr/lib/gcc -Accflags=-isystem$SDKROOT/usr/include -Accflags=-F$SDKROOT/System/Library/Frameworks -Aldflags=-Wl,-syslibroot,$SDKROOT -Accdlflags=-B$SDKROOT/usr/include/gcc -Accdlflags=-B$SDKROOT/usr/lib/gcc -Accdlflags=-isystem$SDKROOT/usr/include -Accdlflags=-F$SDKROOT/System/Library/Frameworks -Alddlflags=-Wl,-syslibroot,$SDKROOT'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=define
    usemultiplicity=define
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='cc'
    ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.13 -arch x86_64 -B/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/gcc -B/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib/gcc -isystem/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include -F/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks -fno-strict-aliasing -pipe -fstack-protector-strong -DPERL_USE_SAFE_PUTENV'
    optimize='-O3'
    cppflags='-arch x86_64 -fno-common -DPERL_DARWIN -mmacosx-version-min=10.13 -arch x86_64 -B/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/gcc -B/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib/gcc -isystem/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include -F/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks -fno-strict-aliasing -pipe -fstack-protector-strong'
    ccversion=''
    gccversion='4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.1)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc -arch x86_64'
    ldflags =' -mmacosx-version-min=10.13 -arch x86_64 -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk -fstack-protector-strong'
    libpth=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/9.1.0/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib /usr/lib
    libs=-lpthread -ldbm -ldl -lm -lutil -lc
    perllibs=-lpthread -ldl -lm -lutil -lc
    libc=
    so=dylib
    useshrplib=true
    libperl=libperl.dylib
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=bundle
    d_dlsymun=undef
    ccdlflags=' -B/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/gcc -B/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib/gcc -isystem/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include -F/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks'
    cccdlflags=' '
    lddlflags=' -mmacosx-version-min=10.13 -bundle -undefined dynamic_lookup -Wl,-syslibroot,/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk -fstack-protector-strong'


---
@INC for perl 5.28.0:
    /Users/d026948/SAPDevelop/hmexternals/perl/gen/out/perl-5.28.0-sap1-SNAPSHOT-darwinintel64-release-c/lib
    /Users/d026948/SAPDevelop/hmexternals/perl/gen/out/perl-5.28.0-sap1-SNAPSHOT-darwinintel64-release-c/lib

---
Environment for perl 5.28.0:
    DYLD_LIBRARY_PATH=/Users/d026948/SAPDevelop/hmexternals/perl/gen/out/perl-5.28.0-sap1-SNAPSHOT-darwinintel64-release-c/lib/CORE
    HOME=/Users/d026948
    LANG=en_GB.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/Users/d026948/Library/Python/2.7/bin:/Users/d026948/SAPDevelop/hmexternals/perl/gen/out/perl-5.28.0-sap1-SNAPSHOT-darwinintel64-release-c/bin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin:/opt/X11/bin
    PERL_BADLANG (unset)
    SHELL=/bin/csh


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About