develooper Front page | perl.perl5.porters | Postings from October 2018

[perl #133599] NULL pointer deference in Perl_sv_setpv_bufsize

Thread Previous | Thread Next
From:
James E Keenan via RT
Date:
October 20, 2018 01:07
Subject:
[perl #133599] NULL pointer deference in Perl_sv_setpv_bufsize
Message ID:
rt-4.0.24-16287-1539997630-211.133599-15-0@perl.org
On Fri, 19 Oct 2018 05:19:47 GMT, zzw20124321@gmail.com wrote:
> NULL pointer deference in Perl_sv_setpv_bufsize
> 
> ./perl -v
> 
> This is perl 5, version 29, subversion 3 (v5.29.3) built for x86_64-linux
> 
> Copyright 1987-2018, Larry Wall
> 
> Perl may be copied only under the terms of either the Artistic License or
> the
> GNU General Public License, which may be found in the Perl 5 source kit.
> 
> Complete documentation for Perl, including FAQ lists, should be found on
> this system using "man perl" or "perldoc perl".  If you have access to the
> Internet, point your browser at http://www.perl.org/, the Perl Home Page.
> 
> 
> 
> compile with -fsanitize=address
> 
> ./perl null_pointer.pl
> $* is no longer supported. Its use will be fatal in Perl 5.30 at
> null_pointer.pl line 1.
> ASAN:SIGSEGV
> =================================================================
> ==26073==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
> (pc 0x000000639f80 bp 0x000000000000 sp 0x7ffcf29b4330 T0)
>     #0 0x639f7f in Perl_sv_setpv_bufsize
> /home/fan/github/perl5-5.29.3/sv.c:4865
>     #1 0x6fa103 in Perl_do_vop /home/fan/github/perl5-5.29.3/doop.c:1039
>     #2 0x661ce6 in Perl_pp_bit_or /home/fan/github/perl5-5.29.3/pp.c:2392
>     #3 0x5e983a in Perl_runops_standard
> /home/fan/github/perl5-5.29.3/run.c:41
>     #4 0x48efa7 in S_run_body /home/fan/github/perl5-5.29.3/perl.c:2683
>     #5 0x48efa7 in perl_run /home/fan/github/perl5-5.29.3/perl.c:2611
>     #6 0x424814 in main /home/fan/github/perl5-5.29.3/perlmain.c:122
>     #7 0x7f2f2194382f in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>     #8 0x424d88 in _start (/home/fan/github/perl5-5.29.3/perl+0x424d88)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV /home/fan/github/perl5-5.29.3/sv.c:4865
> Perl_sv_setpv_bufsize
> ==26073==ABORTING
> 
> cat null_pointer.pl
> $* ^= *: = ** = *^= *: = ** = *^= *: = ** = *:
> 
> 
> 
> 
> 
> 
> 
> or we cat test this
> 
> ../perl -e '$* ^= *: = ** = *^= *: = ** = *^= *: = ** = *:'
> 
> $* is no longer supported. Its use will be fatal in Perl 5.30 at -e line 1.
> ASAN:SIGSEGV
> =================================================================
> ==27827==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000
> (pc 0x000000639f80 bp 0x000000000000 sp 0x7ffc146ae8f0 T0)
>     #0 0x639f7f in Perl_sv_setpv_bufsize
> /home/fan/github/perl5-5.29.3/sv.c:4865
>     #1 0x6fa103 in Perl_do_vop /home/fan/github/perl5-5.29.3/doop.c:1039
>     #2 0x661ce6 in Perl_pp_bit_or /home/fan/github/perl5-5.29.3/pp.c:2392
>     #3 0x5e983a in Perl_runops_standard
> /home/fan/github/perl5-5.29.3/run.c:41
>     #4 0x48efa7 in S_run_body /home/fan/github/perl5-5.29.3/perl.c:2683
>     #5 0x48efa7 in perl_run /home/fan/github/perl5-5.29.3/perl.c:2611
>     #6 0x424814 in main /home/fan/github/perl5-5.29.3/perlmain.c:122
>     #7 0x7ffb6e6a382f in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>     #8 0x424d88 in _start (/home/fan/github/perl5-5.29.3/perl+0x424d88)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV /home/fan/github/perl5-5.29.3/sv.c:4865
> Perl_sv_setpv_bufsize
> ==27827==ABORTING

It so happens that just this week we introducted into blead -- our main development branch -- the commit which fatalizes use of $*.

#####
commit dcb414ac3e404a94d6b3ba0a9a06e72ae0ab368d
Author:     James E Keenan <jkeenan@cpan.org>
AuthorDate: Fri Oct 12 11:55:40 2018
Commit:     James E Keenan <jkeenan@cpan.org>
CommitDate: Wed Oct 17 07:44:45 2018

    Fatalize use of $* and $#
    
    Per: RT # 133583
#####

So now you won't get the segfault (preceded by a deprecation warning) when you run that program; you'll get an exception instead.

#####
$ bleadperl -v | head -2 | tail -1
This is perl 5, version 29, subversion 4 (v5.29.4 (v5.29.3-71-g083a0c3388)) built for x86_64-linux-thread-multi

$ bleadperl -e '$* ^= *: = ** = *^= *: = ** = *^= *: = ** = *:'
$* is no longer supported as of Perl 5.30 at -e line 1.
#####

Thank you very much.

-- 
James E Keenan (jkeenan@cpan.org)

---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=133599

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About