Assert fail w/o other symptoms - regcomp.c:13901 S_handle_regex_sets with a regex that seems sort of valid #15016
I have compiled bleadperl with the afl-gcc compiler using:
./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Duselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -des
And then fuzzed the resulting binary using:
AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@
After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers an assert fail in DEBUGGING perls without any other symptoms in the normal perl interpreter. The testcase is the file:
dcollins@nightshade64:/usr/local/perl-afl$ ./bin/perl -e '0=/(?[!!(\w])/'
The output with a normal perl is the expected error:
dcollins@nightshade64:/usr/local/perl-afl$ ~/perl/perl -e '0=/(?[!!(\w])/'
Program received signal SIGABRT, Aborted.
dcollins@nightshade64:/usr/local/perl-afl$ valgrind ./bin/perl -e '0=/(?[!!(\w])/'
dcollins@nightshade64:/usr/local/perl-afl$ ./bin/perl -V
Characteristics of this binary (from libperl):
On 10/28/2015 08:59 PM, Dan Collins (via RT) wrote:
I have an easy fix about ready. I'm writing now only to say this is not
§ perl.5.22.0 -le 'qr/(?[!!(\w])/'
On 10/29/2015 01:18 PM, Karl Williamson wrote:
Actually, I had a thinko. It IS a regression in 5.22 from 5.20,
§ perl.5.20.2 -le 'qr/(?[!!(\w])/'
So it does qualify for a maintenance release. I'll submit a patch later