develooper Front page | perl.perl5.porters | Postings from April 2019

Re: [perl #133990] Crashes caused by \N{} + codeblock in regex

Thread Previous
From:
Karl Williamson
Date:
April 6, 2019 04:16
Subject:
Re: [perl #133990] Crashes caused by \N{} + codeblock in regex
Message ID:
30237591-3e8d-dd49-e203-cce86583e071@khwilliamson.com
On 4/5/19 11:11 AM, Sergey Aleynikov (via RT) wrote:
> # New Ticket Created by  Sergey Aleynikov
> # Please include the string:  [perl #133990]
> # in the subject line of all future correspondence about this issue.
> # <URL: https://rt.perl.org/Ticket/Display.html?id=133990 >
> 
> 
> This is a bug report for perl from sergey.aleynikov@gmail.com,
> generated with the help of perlbug 1.41 running under perl 5.29.9.
> 
> 
> -----------------------------------------------------------------
> [Please describe your issue here]
> 
> While fuzzing perl v5.29.9-63-g2496d8f3f7 built with afl and run
> under libdislocator, I found the following programs
> 
> qr/(?{})\N{}/;while(my($0)=0){}
> qr/(?{})\N{}/;while(my($0)){}
> qr/(?{})\N{}/;

I looked at the final one in detail.  What is happening here is that the 
\N{} is an error, and it sets a flag to indicate to not try to compile 
the pattern, but parsing continues to try to find other errors.  At some 
point later, op.c line 827 sees that flag and returns 'o' without 
proceeding.  Later an assertion fails in op_free().  My guess is that 
it's something that op_free is counting on that got skipped when line 
827 returned from its function early.

But I'm hoping someone more familiar with this area of the core will 
look at it.

> 
> to cause different assertion failures and/or straight out crashes.
> This happens since \N{} fatalization by
> 
> commit be332ba06074217fe64db4a8ba1152985b21428a
> Author: Karl Williamson <khw@cpan.org>
> Date:   Thu Mar 2 11:31:36 2017 -0700
> 
>      Fatalize \N{}
> 
>      This has been deprecated, scheduled to be fatal now.
> 
> [Please do not change anything below this line]
> -----------------------------------------------------------------
> ---
> Flags:
>      category=core
>      severity=low
> ---
> Site configuration information for perl 5.29.9:
> 
> Configured by dur-randir at Wed Feb 27 14:51:01 MSK 2019.
> 
> Summary of my perl5 (revision 5 version 29 subversion 9) configuration:
>    Commit id: c1e47bad34ce1d9c84ed57c9b8978bcbd5a02e98
>    Platform:
>      osname=darwin
>      osvers=13.4.0
>      archname=darwin-thread-multi-2level
>      uname='darwin isengard.local 13.4.0 darwin kernel version 13.4.0:
> mon jan 11 18:17:34 pst 2016; root:xnu-2422.115.15~1release_x86_64
> x86_64 '
>      config_args='-de -Dusedevel -DDEBUGGING -Dusethreads'
>      hint=recommended
>      useposix=true
>      d_sigaction=define
>      useithreads=define
>      usemultiplicity=define
>      use64bitint=define
>      use64bitall=define
>      uselongdouble=undef
>      usemymalloc=n
>      default_inc_excludes_dot=define
>      bincompat5005=undef
>    Compiler:
>      cc='cc'
>      ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
> -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
> -I/usr/local/include -DPERL_USE_SAFE_PUTENV'
>      optimize='-O3 -g'
>      cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
> -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
> -I/usr/local/include'
>      ccversion=''
>      gccversion='4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)'
>      gccosandvers=''
>      intsize=4
>      longsize=8
>      ptrsize=8
>      doublesize=8
>      byteorder=12345678
>      doublekind=3
>      d_longlong=define
>      longlongsize=8
>      d_longdbl=define
>      longdblsize=16
>      longdblkind=3
>      ivtype='long'
>      ivsize=8
>      nvtype='double'
>      nvsize=8
>      Off_t='off_t'
>      lseeksize=8
>      alignbytes=8
>      prototype=define
>    Linker and Libraries:
>      ld='cc'
>      ldflags =' -mmacosx-version-min=10.9 -fstack-protector -L/usr/local/lib'
>      libpth=/usr/local/lib
> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.0/lib
> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib
> /usr/lib
>      libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc
>      perllibs=-lpthread -ldl -lm -lutil -lc
>      libc=
>      so=dylib
>      useshrplib=false
>      libperl=libperl.a
>      gnulibc_version=''
>    Dynamic Linking:
>      dlsrc=dl_dlopen.xs
>      dlext=bundle
>      d_dlsymun=undef
>      ccdlflags=' '
>      cccdlflags=' '
>      lddlflags=' -mmacosx-version-min=10.9 -bundle -undefined
> dynamic_lookup -L/usr/local/lib -fstack-protector'
> 
> 
> ---
> @INC for perl 5.29.9:
>      lib
>      /usr/local/lib/perl5/site_perl/5.29.9/darwin-thread-multi-2level
>      /usr/local/lib/perl5/site_perl/5.29.9
>      /usr/local/lib/perl5/5.29.9/darwin-thread-multi-2level
>      /usr/local/lib/perl5/5.29.9
> 
> ---
> Environment for perl 5.29.9:
>      DYLD_LIBRARY_PATH (unset)
>      HOME=/Users/dur-randir
>      LANG=en_US.UTF-8
>      LANGUAGE (unset)
>      LD_LIBRARY_PATH (unset)
>      LOGDIR (unset)
>      PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin
>      PERLBREW_HOME=/Users/dur-randir/.perlbrew
>      PERLBREW_MANPATH=/Users/dur-randir/perlbrew/perls/perl-5.22.1/man
>      PERLBREW_PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin
>      PERLBREW_PERL=perl-5.22.1
>      PERLBREW_ROOT=/Users/dur-randir/perlbrew
>      PERLBREW_SHELLRC_VERSION=0.84
>      PERLBREW_VERSION=0.84
>      PERL_BADLANG (unset)
>      SHELL=/usr/local/bin/zsh
> 
> 

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About