develooper Front page | perl.perl5.porters | Postings from August 2019

[perl #134327] Invalid read of size 8 in regexec.c:7725

Thread Previous
Manh-Dung Nguyen
August 2, 2019 04:21
[perl #134327] Invalid read of size 8 in regexec.c:7725
Message ID:
# New Ticket Created by  Manh-Dung Nguyen 
# Please include the string:  [perl #134327]
# in the subject line of all future correspondence about this issue. 
# <URL: >

Hi All,
I found an invalid read bug in the commit *a3c7756* on branch *blead*. This
bug causes Perl to crash. I use gcc v5.5.0 to compile Perl on Ubuntu 16.04
(64 bit) as follows:
   ./Configure -des -Dusedevel -Dprefix=`pwd` -Dccflags="-g" -Dloclibpth='
'; make

Manh Dung

*perl -v*
This is perl 5, version 31, subversion 3 (v5.31.3 (v5.31.2-37-ga3c7756))
built for x86_64-linux

- Crafted PoC:
- Command: perl $PoC

ASAN says:
==22039==ERROR: AddressSanitizer: SEGV on unknown address 0x61200bb8b4c8
(pc 0x000000736366 bp 0x000000000000 sp 0x7fff387dc580 T0)
    #0 0x736365 in S_regmatch
    #1 0x736365 in S_regtry
    #2 0x75cb68 in Perl_regexec_flags
    #3 0x60a4f1 in Perl_pp_match
    #4 0x5fa20a in Perl_runops_standard
    #5 0x48f0b7 in S_run_body
    #6 0x48f0b7 in perl_run
    #7 0x425674 in main
    #8 0x7f35ea82c82f in __libc_start_main
    #9 0x425be8 in _start

Valgrind says:
==23196== Invalid read of size 8
==23196==    at 0x52CAB8: S_regmatch (regexec.c:7725)
==23196==    by 0x52CAB8: S_regtry (regexec.c:3987)
==23196==    by 0x539FE3: Perl_regexec_flags (regexec.c:3850)
==23196==    by 0x4C76DE: Perl_pp_match (pp_hot.c:3014)
==23196==    by 0x4C1C72: Perl_runops_standard (run.c:41)
==23196==    by 0x446595: S_run_body (perl.c:2701)
==23196==    by 0x446595: perl_run (perl.c:2624)
==23196==    by 0x421814: main (perlmain.c:127)
==23196==  Address 0x11921468 is not stack'd, malloc'd or (recently) free'd

Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About