Front page | perl.perl5.porters |
Postings from June 2019
On Fri, Jun 14, 2019 at 06:21:16PM +0100, Dominic Hargreaves wrote:
> On Sat, Jun 08, 2019 at 02:43:16PM -0700, James E Keenan via RT wrote:
> > Unfortunately I have to call your attention to 2 smoke-test failures in ext/POSIX/t/mb.t which were recorded *after* I applied your patch.
> > In each case the failures in mb.t occurred when blead was configured as follows:
> >
> > [stdio] -Dcc=clang -Accflags="-Werror=declaration-after-statement -g -fno-omit-frame-pointer -fsanitize=address -fno-common -fsanitize-blacklist=`pwd`/asan_ignore" -Aldflags="-fsanitize=address"
> >
> > With and without -DDEBUGGING.
>
> Very curious, this looks like the original bug that the test was
> written for. Niko, do you understand what's happening here?
It's a different thing that just happened to get triggered here; this
is with non-threaded builds for starters.
I can reproduce it on 5.30.0. It seems to be related to version strings
and LC_NUMERIC. I reduced it to this:
$ LC_NUMERIC=C.UTF-8 ./perl -l -Ilib -e 'require 5.006;'
=================================================================
==21403==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000190 at pc 0x0000004813aa bp 0x7fff4f62ea90 sp 0x7fff4f62e230
READ of size 2 at 0x602000000190 thread T0
#0 0x4813a9 in __interceptor_setlocale (/tmp/perl-5.30.0/perl+0x4813a9)
#1 0x6d7feb in Perl_upg_version /tmp/perl-5.30.0/./vutil.c:717:17
#2 0x6d73bf in Perl_new_version /tmp/perl-5.30.0/./vutil.c:551:12
#3 0x8019a4 in S_require_version /tmp/perl-5.30.0/pp_ctl.c:3719:10
#4 0x8019a4 in Perl_pp_require /tmp/perl-5.30.0/pp_ctl.c:4345
#5 0x725bf9 in Perl_runops_standard /tmp/perl-5.30.0/run.c:41:26
#6 0x588f71 in S_run_body /tmp/perl-5.30.0/perl.c
#7 0x588381 in perl_run /tmp/perl-5.30.0/perl.c:2639:2
#8 0x516e1c in main /tmp/perl-5.30.0/perlmain.c:127:9
#9 0x7f073082a09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
#10 0x43fc49 in _start (/tmp/perl-5.30.0/perl+0x43fc49)
0x602000000190 is located 0 bytes inside of 8-byte region [0x602000000190,0x602000000198)
freed by thread T0 here:
#0 0x4e7712 in __interceptor_free (/tmp/perl-5.30.0/perl+0x4e7712)
#1 0x7f0730833963 in setlocale (/lib/x86_64-linux-gnu/libc.so.6+0x2d963)
previously allocated by thread T0 here:
#0 0x4e7a93 in malloc (/tmp/perl-5.30.0/perl+0x4e7a93)
#1 0x7f073088ddb9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x87db9)
SUMMARY: AddressSanitizer: heap-use-after-free (/tmp/perl-5.30.0/perl+0x4813a9) in __interceptor_setlocale
Shadow bytes around the buggy address:
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 01 fa fa fa 00 02 fa fa 00 02 fa fa 00 02
0x0c047fff8010: fa fa 00 02 fa fa 00 02 fa fa 00 02 fa fa 06 fa
0x0c047fff8020: fa fa 00 02 fa fa fd fa fa fa fd fa fa fa 00 fa
=>0x0c047fff8030: fa fa[fd]fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8040: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8050: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff8060: fa fa fd fa fa fa 02 fa fa fa 00 fa fa fa 02 fa
0x0c047fff8070: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa 00 06
0x0c047fff8080: fa fa 00 03 fa fa 00 03 fa fa 00 fa fa fa 00 04
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==21403==ABORTING
--
Niko Tyni ntyni@debian.org
Thread Previous
|
Thread Next