develooper Front page | perl.perl5.porters | Postings from August 2019

[perl #134342] Invalid read of size 4

Thread Next
Manh-Dung Nguyen
August 7, 2019 08:38
[perl #134342] Invalid read of size 4
Message ID:
# New Ticket Created by  Manh-Dung Nguyen 
# Please include the string:  [perl #134342]
# in the subject line of all future correspondence about this issue. 
# <URL: >

Hi All,
I found an invalid read bug of size 4 in the commit *45f8e7b* on branch
*blead*. This bug causes Perl to crash. I use gcc v5.5.0 to compile Perl on
Ubuntu 16.04 (64 bit) as follows:
   ./Configure -des -Dusedevel -Dprefix=`pwd` -Dccflags="-g" -Dloclibpth='
'; make

Manh Dung

*perl -v*
This is perl 5, version 31, subversion 3 (v5.31.3 (v5.31.2-37-ga3c7756))
built for x86_64-linux

- Crafted PoC:
- Command: perl $PoC

Valgrind says:
==10475== Invalid read of size 4
==10475==    at 0x4B4EC7: Perl_mro_isa_changed_in (mro_core.c:501)
==10475==    by 0x4B5769: Perl_mro_package_moved (mro_core.c:877)
==10475==    by 0x4DD485: S_glob_assign_glob (sv.c:3936)
==10475==    by 0x4D7917: Perl_sv_setsv_flags (sv.c:4418)
==10475==    by 0x4C2328: Perl_pp_sassign (pp_hot.c:226)
==10475==    by 0x4C1C72: Perl_runops_standard (run.c:41)
==10475==    by 0x446595: S_run_body (perl.c:2701)
==10475==    by 0x446595: perl_run (perl.c:2624)
==10475==    by 0x421814: main (perlmain.c:127)
==10475==  Address 0x4 is not stack'd, malloc'd or (recently) free'd

ASAN says:
==7970==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc
0x0000005d02a7 bp 0x7ffea50397e0 sp 0x7ffea50396f0 T0)
    #0 0x5d02a6 in Perl_mro_isa_changed_in
    #1 0x5d1c43 in Perl_mro_package_moved
    #2 0x64a131 in S_glob_assign_glob
    #3 0x6375dd in Perl_sv_setsv_flags
    #4 0x5fb863 in Perl_pp_sassign
    #5 0x5fa20a in Perl_runops_standard
    #6 0x48f0b7 in S_run_body
    #7 0x48f0b7 in perl_run
    #8 0x425674 in main
    #9 0x7fcc2a3cc82f in __libc_start_main
    #10 0x425be8 in _start

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About