On Thu, 01 Aug 2019 06:35:21 -0700, nguyenmanhdung1710@gmail.com wrote: > Hi All, > I found an invalid read bug in the commit *a3c7756* on branch *blead*. > This > bug causes Perl to crash. I use gcc v5.5.0 to compile Perl on Ubuntu > 16.04 > (64 bit) as follows: > ./Configure -des -Dusedevel -Dprefix=`pwd` -Dccflags="-g" > -Dloclibpth=' > '; make Attached the POC. This looks like it's the same problem as with 134329. On a debug build the tail of the run is: 65565: END (0) minlen 0 Matching REx "((8|||%x{d5}%x{b8}%20%x{d7}%x{b8}||(G|||,%0d%0%20^Z)*(8|||cc"... against "" 0 <> <> | 0| 1:CURLYX[0]{0,INFTY}(65536) 0 <> <> | 1| 65535:CURLY{9216,3}(0) miniperl: regexec.c:8491: S_regmatch: Assertion `ST.min <= ST.max' failed. The offset there is wrong, so it's trying to interpret from the middle of a regexp op. If I test with khw-134329 I get: 162257: EXACT <n> (0) 162259: EXACT <\0G\x{ff}p\x{ff}\x{ff}\x{ff}\177> (162262) 162262: END (0) floating "%0G%x{ff}p%x{ff}%x{ff}%x{ff}%177" at 1..9223372036854775807 (checking floating) minlen 9 String shorter than min possible regex match (0 < 9) Freeing REx: "((8|||%x{d5}%x{b8}%20%x{d7}%x{b8}||(G|||,%0d%0%20^Z)*(8|||cc"... Tony --- via perlbug: queue: perl5 status: new https://rt.perl.org/Ticket/Display.html?id=134328