develooper Front page | perl.perl5.porters | Postings from June 2019

Re: [perl #134182] Fix test failure in POSIX/t/mb.t with semi-brokenlocales

Thread Previous | Thread Next
From:
Niko Tyni
Date:
June 17, 2019 07:19
Subject:
Re: [perl #134182] Fix test failure in POSIX/t/mb.t with semi-brokenlocales
Message ID:
20190617064704.GA20707@estella.local.invalid
On Fri, Jun 14, 2019 at 06:21:16PM +0100, Dominic Hargreaves wrote:
> On Sat, Jun 08, 2019 at 02:43:16PM -0700, James E Keenan via RT wrote:

> > Unfortunately I have to call your attention to 2 smoke-test failures in ext/POSIX/t/mb.t which were recorded *after* I applied your patch.

> > In each case the failures in mb.t occurred when blead was configured as follows:
> > 
> > [stdio] -Dcc=clang -Accflags="-Werror=declaration-after-statement -g -fno-omit-frame-pointer -fsanitize=address  -fno-common -fsanitize-blacklist=`pwd`/asan_ignore" -Aldflags="-fsanitize=address"
> > 
> > With and without -DDEBUGGING.
> 
> Very curious, this looks like the original bug that the test was 
> written for. Niko, do you understand what's happening here?

It's a different thing that just happened to get triggered here; this
is with non-threaded builds for starters.

I can reproduce it on 5.30.0. It seems to be related to version strings
and LC_NUMERIC.  I reduced it to this:

$ LC_NUMERIC=C.UTF-8 ./perl -l -Ilib -e 'require 5.006;'
=================================================================
==21403==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000190 at pc 0x0000004813aa bp 0x7fff4f62ea90 sp 0x7fff4f62e230
READ of size 2 at 0x602000000190 thread T0
    #0 0x4813a9 in __interceptor_setlocale (/tmp/perl-5.30.0/perl+0x4813a9)
    #1 0x6d7feb in Perl_upg_version /tmp/perl-5.30.0/./vutil.c:717:17
    #2 0x6d73bf in Perl_new_version /tmp/perl-5.30.0/./vutil.c:551:12
    #3 0x8019a4 in S_require_version /tmp/perl-5.30.0/pp_ctl.c:3719:10
    #4 0x8019a4 in Perl_pp_require /tmp/perl-5.30.0/pp_ctl.c:4345
    #5 0x725bf9 in Perl_runops_standard /tmp/perl-5.30.0/run.c:41:26
    #6 0x588f71 in S_run_body /tmp/perl-5.30.0/perl.c
    #7 0x588381 in perl_run /tmp/perl-5.30.0/perl.c:2639:2
    #8 0x516e1c in main /tmp/perl-5.30.0/perlmain.c:127:9
    #9 0x7f073082a09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #10 0x43fc49 in _start (/tmp/perl-5.30.0/perl+0x43fc49)

0x602000000190 is located 0 bytes inside of 8-byte region [0x602000000190,0x602000000198)
freed by thread T0 here:
    #0 0x4e7712 in __interceptor_free (/tmp/perl-5.30.0/perl+0x4e7712)
    #1 0x7f0730833963 in setlocale (/lib/x86_64-linux-gnu/libc.so.6+0x2d963)

previously allocated by thread T0 here:
    #0 0x4e7a93 in malloc (/tmp/perl-5.30.0/perl+0x4e7a93)
    #1 0x7f073088ddb9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x87db9)

SUMMARY: AddressSanitizer: heap-use-after-free (/tmp/perl-5.30.0/perl+0x4813a9) in __interceptor_setlocale
Shadow bytes around the buggy address:
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff8000: fa fa 01 fa fa fa 00 02 fa fa 00 02 fa fa 00 02
  0x0c047fff8010: fa fa 00 02 fa fa 00 02 fa fa 00 02 fa fa 06 fa
  0x0c047fff8020: fa fa 00 02 fa fa fd fa fa fa fd fa fa fa 00 fa
=>0x0c047fff8030: fa fa[fd]fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8040: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8050: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x0c047fff8060: fa fa fd fa fa fa 02 fa fa fa 00 fa fa fa 02 fa
  0x0c047fff8070: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa 00 06
  0x0c047fff8080: fa fa 00 03 fa fa 00 03 fa fa 00 fa fa fa 00 04
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==21403==ABORTING

-- 
Niko Tyni   ntyni@debian.org

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About