develooper Front page | perl.perl5.porters | Postings from April 2019

[perl #134045] Assertion failure in S_maybe_multideref (op.c:14912)

From:
Tony Cook via RT
Date:
April 24, 2019 01:07
Subject:
[perl #134045] Assertion failure in S_maybe_multideref (op.c:14912)
Message ID:
rt-4.0.24-16008-1556068016-132.134045-15-0@perl.org
On Thu, 18 Apr 2019 09:51:12 -0700, randir wrote:
> While fuzzing perl v5.29.9-63-g2496d8f3f7 built with afl and run
> under libdislocator, I found the following program
> 
> 0for%{scalar local$0[0]}
> 
> to cause an assertion failure
> 
> perl: op.c:14912: void S_maybe_multideref(OP *, OP *, UV, U8):
> Assertion `n && n->op_type == OP_LEAVE' failed.
> 
> GDB stack trace is following
> 
> #0  __GI_raise (sig=sig@entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007ffff7c25535 in __GI_abort () at abort.c:79
> #2  0x00007ffff7c2540f in __assert_fail_base (fmt=0x7ffff7d87ee0
> "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
>     assertion=0x55555592a9c3 "n && n->op_type == OP_LEAVE",
> file=0x5555559247ae "op.c", line=14892, function=<optimized out>) at
> assert.c:92
> #3  0x00007ffff7c330f2 in __GI___assert_fail (assertion=0x55555592a9c3
> "n && n->op_type == OP_LEAVE", file=0x5555559247ae "op.c", line=14892,
>     function=0x55555592ccc0 <__PRETTY_FUNCTION__.22939>
> "S_maybe_multideref") at assert.c:101
> #4  0x00005555555deedc in S_maybe_multideref (start=0x555555b79648,
> orig_o=0x555555b795c8, orig_action=6, hints=0 '\000') at op.c:14892
> #5  0x00005555555e0146 in Perl_rpeep (o=0x555555b79648) at op.c:15545
> #6  0x00005555555e37da in Perl_peep (o=0x555555b7b358) at op.c:16627
> #7  0x00005555555ac110 in S_process_optree (cv=0x0,
> optree=0x555555b7b390, start=0x555555b7b358) at op.c:3459
> #8  0x00005555555b3f02 in Perl_newPROG (o=0x555555b7b390) at op.c:5413
> #9  0x000055555566c1b0 in Perl_yyparse (gramtype=258) at perly.y:125
> #10 0x00005555555ec726 in S_parse_body (env=0x0, xsinit=0x5555555a11f8
> <xs_init>) at perl.c:2531
> #11 0x00005555555ea9f8 in perl_parse (my_perl=0x555555b4e260,
> xsinit=0x5555555a11f8 <xs_init>, argc=3, argv=0x7fffffffe1b8, env=0x0)
> at perl.c:1822
> #12 0x00005555555a113b in main (argc=3, argv=0x7fffffffe1b8,
> env=0x7fffffffe1d8) at perlmain.c:126
> 
> This is a regression between 5.20 and 5.22, bisect points to
> 
> commit fedf30e1c349130b23648c022f5f3cb4ad7928f3
> Author: David Mitchell <davem@iabyn.com>
> Date:   Fri Oct 24 16:26:38 2014 +0100
> 
> Add OP_MULTIDEREF
> 
> This op is an optimisation for any series of one or more array or hash
> lookups and dereferences, where the key/index is a simple constant or
> package/lexical variable. If the first-level lookup is of a simple
> array/hash variable or scalar ref, then that is included in the op
> too.

I think the check here should be bypassing the OP_SCALAR as it does OP_LIST.

Per the attached.

Tony

---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=134045



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About