develooper Front page | perl.perl5.porters | Postings from June 2019

Re: [perl #134182] Fix test failure in POSIX/t/mb.t with semi-brokenlocales

Thread Previous | Thread Next
From:
Niko Tyni
Date:
June 17, 2019 11:49
Subject:
Re: [perl #134182] Fix test failure in POSIX/t/mb.t with semi-brokenlocales
Message ID:
20190617114943.GA9976@estella.local.invalid
On Mon, Jun 17, 2019 at 09:47:04AM +0300, Niko Tyni wrote:

> I can reproduce it on 5.30.0. It seems to be related to version strings
> and LC_NUMERIC.  I reduced it to this:
> 
> $ LC_NUMERIC=C.UTF-8 ./perl -l -Ilib -e 'require 5.006;'

And further to this. It's not clear to me if this is a problem with asan
or the code.

$ cat t.c; clang -g -fsanitize=address t.c; ./a.out
#include <locale.h>
int main(void) {
    char *l;
    setlocale(LC_NUMERIC, "C.UTF-8");
    l = setlocale(LC_NUMERIC, NULL);
    setlocale(LC_NUMERIC, "C");
    setlocale(LC_NUMERIC, l);
}
=================================================================
==17625==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000070 at pc 0x00000045ea3a bp 0x7ffce1e85f70 sp 0x7ffce1e85710
READ of size 2 at 0x602000000070 thread T0
    #0 0x45ea39 in __interceptor_setlocale (/home/ntyni/a.out+0x45ea39)
    #1 0x4f4327 in main /home/ntyni/t.c:7:5
    #2 0x7fd77885209a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
    #3 0x41d2d9 in _start (/home/ntyni/a.out+0x41d2d9)

0x602000000070 is located 0 bytes inside of 8-byte region [0x602000000070,0x602000000078)
freed by thread T0 here:
    #0 0x4c4da2 in __interceptor_free (/home/ntyni/a.out+0x4c4da2)
    #1 0x7fd77885b963 in setlocale (/lib/x86_64-linux-gnu/libc.so.6+0x2d963)

previously allocated by thread T0 here:
    #0 0x4c5123 in malloc (/home/ntyni/a.out+0x4c5123)
    #1 0x7fd7788b5db9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x87db9)

SUMMARY: AddressSanitizer: heap-use-after-free (/home/ntyni/a.out+0x45ea39) in __interceptor_setlocale
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa fd fa fa fa fd fa fa fa 00 fa fa fa[fd]fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==17625==ABORTING

-- 
Niko

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About