null ptr deref -> Perl_parse_unicode_opts () at util.c:4425 #14562
Comments
From @geeknikBuilt v5.21.10 (v5.21.9-73-gd98e5cd) with the following command line: ./Configure -des -Dusedevel -DDEBUGGING -Dcc=afl-gcc -Doptimize=-O2\ -g && AFL_HARDEN=1 make -j12 test-prep Bug found with AFL (http://lcamtuf.coredump.cx/afl) Valgrind: GDB: Program received signal SIGSEGV, Segmentation fault. Hexdump of 11-byte test case: Debian 7, Kernel 3.2.65-1+deb7u1 x86_64, GCC 4.9.2, libc 2.13-38+deb7u7 |
From @geeknik |
From @hvdsThis is another failure to check for errors after grok_atou; a fix has already been prepared in the branch smoke-me/hv-grok (see http://perl5.git.perl.org/perl.git/commitdiff/85dba01391#patch22). Checking this case against that branch, it doesn't crash; but I'm also not sure it's doing the right thing, it probably needs an 'else croak' case on the 'if grokatoUV'. Hugo |
|
The RT System itself - Status changed from 'new' to 'open' |
From @hvdsThe work for [perl #123814] is now merged, which improves this from a crash to silently doing nothing; it needs further improvement to give an appropriate error instead, but that may not make the cut for 5.22 (since it will require adding a new error). Hugo |
From @tonycozOn Mon Mar 09 15:35:07 2015, hv wrote:
Something like the attached? Tony |
From @tonycoz0001-perl-123991-report-an-error-if-we-can-t-parse-the-nu.patchFrom b10ad801e7e7f28cb98536697ac01c26690a72f5 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Thu, 26 Nov 2015 11:18:52 +1100
Subject: [perl #123991] report an error if we can't parse the number after -C
---
pod/perldiag.pod | 5 +++++
t/run/switchC.t | 8 +++++++-
util.c | 3 +++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/pod/perldiag.pod b/pod/perldiag.pod
index 5111410..15eb9d1 100644
--- a/pod/perldiag.pod
+++ b/pod/perldiag.pod
@@ -2639,6 +2639,11 @@ provides a list context to its subscript, which can do weird things
if you're expecting only one subscript. When called in list context,
it also returns the key in addition to the value.
+=item Invalid number '%s' for -C option.
+
+(F) You supplied number to the -C option that either has extra leading
+zeroes or overflows perl's unsigned integer representation.
+
=item %s() is deprecated on :utf8 handles
(W deprecated) The sysread(), recv(), syswrite() and send() operators
diff --git a/t/run/switchC.t b/t/run/switchC.t
index 4f63c3b..6583010 100644
--- a/t/run/switchC.t
+++ b/t/run/switchC.t
@@ -11,7 +11,7 @@ BEGIN {
skip_all_if_miniperl('-C and $ENV{PERL_UNICODE} are disabled on miniperl');
}
-plan(tests => 14);
+plan(tests => 15);
my $r;
@@ -111,3 +111,9 @@ SKIP: {
like( $r, qr/^Too late for "-CS" option at -e line 1\.$/s,
'#!perl -C but not command line' );
}
+
+$r = runperl ( switches => [ '-C00' ],
+ prog => '1',
+ stderr => 1, );
+like($r, qr/^Invalid number '00' for -C option\.$/s,
+ "perl -C00 [perl #123991]");
diff --git a/util.c b/util.c
index aeec4c0..17b62dd 100644
--- a/util.c
+++ b/util.c
@@ -4538,6 +4538,9 @@ Perl_parse_unicode_opts(pTHX_ const char **popt)
Perl_croak(aTHX_ "Unknown Unicode option letter '%c'", *p);
}
}
+ else {
+ Perl_croak(aTHX_ "Invalid number '%s' for -C option.\n", p);
+ }
}
else {
for (; *p; p++) {
--
2.1.4
|
From @hvdsOn Wed Nov 25 16:19:53 2015, tonyc wrote:
That looks credible; I'll try to refresh my memory and look in more depth over the weekend (but feel free to poke me if I don't appear to have got to it). Hugo |
From @hvds"Tony Cook via RT" <perlbug-followup@perl.org> wrote: Yes, that looks good to me. Hugo |
From @tonycozOn Wed Nov 25 16:19:53 2015, tonyc wrote:
Applied as 817e3e2. Tony |
|
@tonycoz - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for submitting this report. You have helped make Perl better. Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0 |
|
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#123991 (status was 'resolved')
Searchable as RT123991$
The text was updated successfully, but these errors were encountered: