Front page | perl.perl5.porters |
Postings from February 2019
On Fri, 20 Jan 2017 06:43:12 -0800, hv wrote:
> On Wed, 18 Jan 2017 17:08:36 -0800, randir wrote:
> > While fuzzing perl v5.25.8-216-gfbceb79751 built with afl and run
> > under libdislocator, I found the following program
> >
> > qr!@{s{0})(?{!
> >
> > to cause an assertion failure, even when run under -c for a syntax
> > check. This is a regression between v5.16.3 and v5.18.0, bisect
> > points
> > to
> >
> > 491453ba443e114f751f325a4734b3d07b897606 is the first bad commit
> > commit 491453ba443e114f751f325a4734b3d07b897606
> > Author: David Mitchell <davem@iabyn.com>
> > Date: Wed Apr 17 17:51:16 2013 +0100
> >
> > Handle /@a/ array expansion within regex engine
> [snip]
> > #3 0x00007f2d6ecf0ef2 in __GI___assert_fail
> > (assertion=0x7f2d703af467
> > "PL_scopestack_ix == 1", file=0x7f2d703af370 "perl.c", line=571,
> > function=0x7f2d703b1a08 <__PRETTY_FUNCTION__.14855>
> > "perl_destruct") at assert.c:101
> > #4 0x00007f2d7006fff7 in perl_destruct (my_perl=0x7f2d721f4010) at
> > perl.c:571
> > #5 0x00007f2d7002fdc7 in main (argc=2, argv=0x7ffcc6177818,
> > env=0x7ffcc6177830) at perlmain.c:134
> > (gdb) f 4
> > #4 0x00007f2d7006fff7 in perl_destruct (my_perl=0x7f2d721f4010) at
> > perl.c:571
> > 571 assert(PL_scopestack_ix == 1);
> > (gdb) p PL_scopestack_ix
> > $1 = 2
>
> The scopestack imbalance here occurs because we call sublex_start()
> but never a corresponding sublex_done(). I don't currently have a clue
> what's intended to ensure we will reach sublex_done, but I'll try to
> make some more progress if nobody else jumps in.
>
> The only part of 491453ba44 that gets hit by ./miniperl -ce
> 'qr!@{s{0})(?{!' is the toke.c chunk causing PL_lex_dojoin to become
> FALSE instead of TRUE.
The closing ) is confusing the parser.
Patch which *might* fix it (passes all tests in a DEBUGGING build) attached.
Tony
---
via perlbug: queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=130585
Thread Previous