develooper Front page | perl.perl5.porters | Postings from August 2018

[perl #130701] Uninitialized pointer write in S_free_codeblocks(regcomp.c:6141)

From:
Tony Cook via RT
Date:
August 21, 2018 01:23
Subject:
[perl #130701] Uninitialized pointer write in S_free_codeblocks(regcomp.c:6141)
Message ID:
rt-4.0.24-16482-1534814600-142.130701-15-0@perl.org
On Fri, 03 Feb 2017 01:27:17 -0800, davem wrote:
> On Thu, Feb 02, 2017 at 07:58:44AM -0800, Sergey Aleynikov wrote:
> > # New Ticket Created by  Sergey Aleynikov 
> > # Please include the string:  [perl #130701]
> > # in the subject line of all future correspondence about this issue. 
> > # <URL: https://rt.perl.org/Ticket/Display.html?id=130701 >
> > 
> > 
> > This is a bug report for perl from sergey.aleynikov@gmail.com,
> > generated with the help of perlbug 1.40 running under perl 5.25.9.
> > 
> > 
> > -----------------------------------------------------------------
> > [Please describe your issue here]
> > 
> > While fuzzing perl v5.25.9-35-g32207c637b built with afl and run
> > under libdislocator, I found the following program
> > 
> > qr!0(?{})${return''}!
> > 
> > to use an initialized memory slot as a pointer to data. This is a
> > regression between v5.16 and v5.18, bisect points to:
> 
> This is a variant on the issue discussed in RT #130651
> 

Now public, and I'll merge it into 130651.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=130701



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About