develooper Front page | perl.perl5.porters | Postings from April 2019

[perl #134059] panic: regcomp.c: 13346: negative offset:-68719492257

From:
Sergey Aleynikov via RT
Date:
April 26, 2019 17:01
Subject:
[perl #134059] panic: regcomp.c: 13346: negative offset:-68719492257
Message ID:
rt-4.0.24-23896-1556298074-1830.134059-15-0@perl.org
I was finally able to bisect this to

d62e749e81cccfc8041202ebef35e45449134bf8 is the first bad commit
commit d62e749e81cccfc8041202ebef35e45449134bf8
Author: Karl Williamson <khw@cpan.org>
Date:   Sun Oct 14 12:01:07 2018 -0600

    regcomp.c: Add ability to not warn during substitute parse

    Under certain conditions, regcomp.c will pretend something other than
    the input pattern is to be parsed.  There is a mechanism to seamlessly
    show the original code when that substitute expression contains the
    original as a subset.  But there are cases where the entire substitute
    is constructed by regcomp.c, and has none of the original pattern in
    it.  Since it is our construction, it should be legal, devoid of
    warnings, but if somehow something happened to generate a warning, it
    could lead to seg faults, etc.

    This commit adds and uses a mechanism to turn off warnings while parsing
    these constructs.  Should a warning attempt to be output, instead of a
    seg fault, a panic error message giving debugging details is output.

The stand-alone reproducer also turned out to be much more elaborate:

eval q!m'000000000000000000[0\N{U+00.0}0'!; warn $@; 1 if $@ =~ /panic/;

GDB stacktrace to the panic() point is:

#1  0x00007ffff7c25535 in __GI_abort () at abort.c:79
#2  0x0000555555712bf2 in Perl_vcroak (pat=0x555555a83c60 "panic: %s: %d: negative offset: %ld trying to output message for  pattern %.*s",
    args=0x7fffffffb860) at util.c:1701
#3  0x0000555555712f02 in Perl_croak (pat=0x555555a83c60 "panic: %s: %d: negative offset: %ld trying to output message for  pattern %.*s") at util.c:1750
#4  0x00005555556c3618 in S_regatom (pRExC_state=0x7fffffffd440, flagp=0x7fffffffbc04, depth=9) at regcomp.c:13346
#5  0x00005555556bcb3a in S_regpiece (pRExC_state=0x7fffffffd440, flagp=0x7fffffffbd20, depth=8) at regcomp.c:12457
#6  0x00005555556bc43a in S_regbranch (pRExC_state=0x7fffffffd440, flagp=0x7fffffffbdc8, first=0, depth=7) at regcomp.c:12377
#7  0x00005555556ba180 in S_reg (pRExC_state=0x7fffffffd440, paren=58, flagp=0x7fffffffc350, depth=6) at regcomp.c:12132
#8  0x00005555556e1d87 in S_regclass (pRExC_state=0x7fffffffd440, flagp=0x7fffffffcb04, depth=5, stop_at_1=false, allow_mutiple_chars=true,
    silence_non_portable=false, strict=false, optimizable=true, ret_invlist=0x0) at regcomp.c:17870
#9  0x00005555556c31a9 in S_regatom (pRExC_state=0x7fffffffd440, flagp=0x7fffffffcb04, depth=4) at regcomp.c:13332
#10 0x00005555556bcb3a in S_regpiece (pRExC_state=0x7fffffffd440, flagp=0x7fffffffcc20, depth=3) at regcomp.c:12457
#11 0x00005555556bc43a in S_regbranch (pRExC_state=0x7fffffffd440, flagp=0x7fffffffccc8, first=1, depth=2) at regcomp.c:12377
#12 0x00005555556b9c5c in S_reg (pRExC_state=0x7fffffffd440, paren=0, flagp=0x7fffffffd178, depth=1) at regcomp.c:12088
#13 0x000055555569d2f2 in Perl_re_op_compile (patternp=0x0, pat_count=1, expr=0x555555b7e2c8, eng=0x555555b46d20 <PL_core_reg_engine>, old_re=0x0,
    is_bare_re=0x0, orig_rx_flags=0, pm_flags=0) at regcomp.c:7705
#14 0x00005555555ba19a in Perl_pmruntime (o=0x555555b7e308, expr=0x555555b7e2c8, repl=0x0, flags=1, floor=0) at op.c:7130
#15 0x0000555555670244 in Perl_yyparse (gramtype=258) at perly.y:1234
#16 0x0000555555839ec6 in S_doeval_compile (gimme=1 '\001', outside=0x555555b538f0, seq=4294967246, hh=0x0) at pp_ctl.c:3502
#17 0x0000555555841c61 in Perl_pp_entereval () at pp_ctl.c:4478
#18 0x000055555570c635 in Perl_runops_debug () at dump.c:2537
#19 0x00005555555ed63d in S_run_body (oldscope=1) at perl.c:2716
#20 0x00005555555ecbbb in perl_run (my_perl=0x555555b51260) at perl.c:2639
#21 0x00005555555a1181 in main (argc=2, argv=0x7fffffffe1e8, env=0x7fffffffe200) at perlmain.c:134

---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=134059



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About