develooper Front page | perl.perl5.porters | Postings from August 2019

[perl #134322] Null pointer dereference in Perl v5.31.2

Thread Previous
From:
Tony Cook via RT
Date:
August 1, 2019 23:46
Subject:
[perl #134322] Null pointer dereference in Perl v5.31.2
Message ID:
rt-4.0.24-27085-1564703168-6.134322-15-0@perl.org
On Thu, 01 Aug 2019 12:16:40 -0700, nguyenmanhdung1710@gmail.com wrote:
> On Wed, 31 Jul 2019 01:24:21 -0700, tonyc wrote:
> > On Wed, 31 Jul 2019 01:03:50 -0700, nguyenmanhdung1710@gmail.com
> > wrote:
> > > Hi All,
> > >
> > > I found a null pointer dereference bug in the latest release
> > > *v5.31.2* of
> > > Perl . This bug also existed in the commit *a3c7756* on branch
> > > *blead*.
> > > This bug causes Perl to crash. I use gcc v5.5.0 to compile Perl on
> > > Ubuntu
> > > 16.04 (64 bit) as follows:
> > >
> > > ./Configure -des -Dusedevel -Dprefix=`pwd` -Dccflags="-g"
> > > -Dloclibpth='
> > > '; make
> > >
> > > I cannot create a new ticket on https://rt.perl.org/, thus I
> > > decided
> > > to
> > > send you the bug report via email. If you think this is a valid
> > > bug,
> > > please
> > > help me to create a new ticket on this website and cc me. Thanks.
> >
> > You've just created a ticket, since you sent this to
> > perlbug@perl.org.
> >
> > > Details about the buggy version:
> > > *perl -v*
> > > This is perl 5, version 31, subversion 3 (v5.31.3 (v5.31.2-37-
> > > ga3c7756))
> > > built for x86_64-linux
> > >
> > > - PoC is a crafted file that is generated by fuzzing as *$0**=*0
> > > =*:*
> > >
> > > $ echo "\$0**=*0 =*:" > PoC
> > > $ cat PoC
> > > *$0**=*0 =*:*
> >
> > This looks like a stack not refcounted issue.
> >
> > Tony
> 
> As requested by James E Keenan, I add the binaries of Perl (commit
> 45f8e7b on the branch blead):
> - Perl:
> https://github.com/strongcourage/PoCs/blob/master/perl_45f8e7b/perl
> - Perl with ASAN:
> https://github.com/strongcourage/PoCs/blob/master/perl_45f8e7b/perl-
> asan

He was asking that the PoC code be attached, which isn't needed for this ticket, but would be useful for the others.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=134322

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About