Segfault/assert fail with regex_sets warning #15045
I have compiled bleadperl with the afl-gcc compiler using:
./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Duselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -des
And then fuzzed the resulting binary using:
AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@
After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers an assert fail in DEBUGGING perls and a segmentation fault in other perls. The testcase is the file:
dcollins@nightshade64:~$ perldebug/perl -e '00./(?[+()+])/'
Program received signal SIGSEGV, Segmentation fault.
==46142== Memcheck, a memory error detector
Summary of my perl5 (revision 5 version 23 subversion 5) configuration:
Characteristics of this binary (from libperl):
Thanks for finding this, now fixed by 2985caa
This and similar bugs you've found are due to my adding asserts to code where my limited imagination did not think the situation could come up, but wanted to be sure of that, and not to blindly forge ahead getting a wrong answer. You have found a bunch where it was a syntax error that I my imagination didn't realize, and one (I think it was only one) where it was legitimate syntax that I overlooked. Now there are just a couple of these asserts left.