develooper Front page | perl.perl5.porters | Postings from April 2019

[perl #133998] Assertion failure in S_ssc_and (regcomp.c:1847)

From:
Sergey Aleynikov
Date:
April 6, 2019 05:29
Subject:
[perl #133998] Assertion failure in S_ssc_and (regcomp.c:1847)
Message ID:
rt-4.0.24-23286-1554528541-1172.133998-75-0@perl.org
# New Ticket Created by  Sergey Aleynikov 
# Please include the string:  [perl #133998]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=133998 >


This is a bug report for perl from sergey.aleynikov@gmail.com,
generated with the help of perlbug 1.41 running under perl 5.29.9.


-----------------------------------------------------------------
[Please describe your issue here]

While fuzzing perl v5.29.9-63-g2496d8f3f7 built with afl and run
under libdislocator, I found the following program

0 =~ /(?l)|[^\S\pC\s]/

to cause an assertion failure

perl: regcomp.c:1847: S_ssc_and: Assertion `i % 2 != 0 || !
ANYOF_POSIXL_TEST((regnode_charclass_posixl*) and_with, i) || !
ANYOF_POSIXL_TEST((regnode_charclass_posixl*) and_with, i + 1)'
failed.

GDB stack trace is following

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7c25535 in __GI_abort () at abort.c:79
#2  0x00007ffff7c2540f in __assert_fail_base (fmt=0x7ffff7d87ee0
"%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
    assertion=0x555555a7d320 "i % 2 != 0 || !
ANYOF_POSIXL_TEST((regnode_charclass_posixl*) and_with, i) || !
ANYOF_POSIXL_TEST((regnode_charclass_posixl*) and_with, i + 1)",
file=0x555555a7ced0 "regcomp.c", line=1847, function=<optimized out>)
at assert.c:92
#3  0x00007ffff7c330f2 in __GI___assert_fail (
    assertion=0x555555a7d320 "i % 2 != 0 || !
ANYOF_POSIXL_TEST((regnode_charclass_posixl*) and_with, i) || !
ANYOF_POSIXL_TEST((regnode_charclass_posixl*) and_with, i + 1)",
file=0x555555a7ced0 "regcomp.c", line=1847, function=0x555555a9bb88
<__PRETTY_FUNCTION__.21183> "S_ssc_and") at assert.c:101
#4  0x000055555567fcd1 in S_ssc_and (pRExC_state=0x7fffffffd650,
ssc=0x7fffffffd200, and_with=0x555555b7a508) at regcomp.c:1845
#5  0x0000555555693b86 in S_study_chunk (pRExC_state=0x7fffffffd650,
scanp=0x7fffffffcec8, minlenp=0x7fffffffd3e0, deltap=0x7fffffffcee8,
    last=0x555555b7a534, data=0x7fffffffd240, stopparen=-1,
recursed_depth=0, and_withp=0x0, flags=10240, depth=1) at
regcomp.c:5841
#6  0x000055555568f171 in S_study_chunk (pRExC_state=0x7fffffffd650,
scanp=0x7fffffffd3d8, minlenp=0x7fffffffd3e0, deltap=0x7fffffffd400,
    last=0x555555b7a538, data=0x7fffffffd9c0, stopparen=-1,
recursed_depth=0, and_withp=0x0, flags=10240, depth=0) at
regcomp.c:4639
#7  0x000055555569fbc4 in Perl_re_op_compile (patternp=0x0,
pat_count=1, expr=0x555555b79158, eng=0x555555b41d20
<PL_core_reg_engine>, old_re=0x0,
    is_bare_re=0x0, orig_rx_flags=0, pm_flags=0) at regcomp.c:8176
#8  0x00005555555ba159 in Perl_pmruntime (o=0x555555b79198,
expr=0x555555b79158, repl=0x0, flags=1, floor=0) at op.c:7127
#9  0x000055555566ffc3 in Perl_yyparse (gramtype=258) at perly.y:1234
#10 0x00005555555ec726 in S_parse_body (env=0x0, xsinit=0x5555555a11f8
<xs_init>) at perl.c:2531
#11 0x00005555555ea9f8 in perl_parse (my_perl=0x555555b4c260,
xsinit=0x5555555a11f8 <xs_init>, argc=2, argv=0x7fffffffe1c8, env=0x0)
at perl.c:1822
#12 0x00005555555a113b in main (argc=2, argv=0x7fffffffe1c8,
env=0x7fffffffe1e0) at perlmain.c:126

This is a regression in blead, bisect points to

commit b2296192536090829ba6d2cb367456f4e346dcc6
Author: Karl Williamson <khw@cpan.org>
Date:   Tue Dec 25 22:56:48 2018 -0700

    Revamp qr/[...]/ optimizations

    This commit extensively changes the optimizations for ANYOF regnodes
    that represent bracketed character classes.

    The removal of the regex compilation pass now makes these feasible and
    desirable.  Compilation now tries hard to optimize an ANYOF node into
    something smaller and/or faster when feasible.

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.29.9:

Configured by dur-randir at Wed Feb 27 14:51:01 MSK 2019.

Summary of my perl5 (revision 5 version 29 subversion 9) configuration:
  Commit id: c1e47bad34ce1d9c84ed57c9b8978bcbd5a02e98
  Platform:
    osname=darwin
    osvers=13.4.0
    archname=darwin-thread-multi-2level
    uname='darwin isengard.local 13.4.0 darwin kernel version 13.4.0:
mon jan 11 18:17:34 pst 2016; root:xnu-2422.115.15~1release_x86_64
x86_64 '
    config_args='-de -Dusedevel -DDEBUGGING -Dusethreads'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=define
    usemultiplicity=define
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='cc'
    ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include -DPERL_USE_SAFE_PUTENV'
    optimize='-O3 -g'
    cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include'
    ccversion=''
    gccversion='4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc'
    ldflags =' -mmacosx-version-min=10.9 -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.0/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib
/usr/lib
    libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc
    perllibs=-lpthread -ldl -lm -lutil -lc
    libc=
    so=dylib
    useshrplib=false
    libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=bundle
    d_dlsymun=undef
    ccdlflags=' '
    cccdlflags=' '
    lddlflags=' -mmacosx-version-min=10.9 -bundle -undefined
dynamic_lookup -L/usr/local/lib -fstack-protector'


---
@INC for perl 5.29.9:
    lib
    /usr/local/lib/perl5/site_perl/5.29.9/darwin-thread-multi-2level
    /usr/local/lib/perl5/site_perl/5.29.9
    /usr/local/lib/perl5/5.29.9/darwin-thread-multi-2level
    /usr/local/lib/perl5/5.29.9

---
Environment for perl 5.29.9:
    DYLD_LIBRARY_PATH (unset)
    HOME=/Users/dur-randir
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin
    PERLBREW_HOME=/Users/dur-randir/.perlbrew
    PERLBREW_MANPATH=/Users/dur-randir/perlbrew/perls/perl-5.22.1/man
    PERLBREW_PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin
    PERLBREW_PERL=perl-5.22.1
    PERLBREW_ROOT=/Users/dur-randir/perlbrew
    PERLBREW_SHELLRC_VERSION=0.84
    PERLBREW_VERSION=0.84
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/zsh




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About