Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault in S_incline at toke.c:1697 #15139

Closed
p5pRT opened this issue Jan 21, 2016 · 7 comments
Closed

Segfault in S_incline at toke.c:1697 #15139

p5pRT opened this issue Jan 21, 2016 · 7 comments
Labels

Comments

@p5pRT
Copy link
Collaborator

@p5pRT p5pRT commented Jan 21, 2016

Migrated from rt.perl.org#127334 (status was 'resolved')

Searchable as RT127334$

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Jan 21, 2016

From @geeknik

Found while fuzzing Perl v5.23.8 (v5.23.7-9-gd15ad02) with American Fuzzy Lop. This crash happens with v5.20.2 (x64 Debian) as well, but not with v5.14.2 (x64 Debian) or 5.20.2 (x64 FreeBSD) and v5.20.3 (x86 FreeBSD).

hexdump -C test00
00000000 23 6c 69 6e 65 20 30 30 30 30 30 30 30 30 30 30 |#line 0000000000|
00000010 30 30 30 30 30 30 30 |0000000|
00000017

Program received signal SIGSEGV, Segmentation fault.
S_incline (s=0x1242cf7 "") at toke.c​:1697
1697 while (!isSPACE(*t))
(gdb) bt
#0 S_incline (s=0x1242cf7 "") at toke.c​:1697
#1 0x00000000005f67ec in Perl_yylex () at toke.c​:4984
#2 0x000000000066b7f5 in Perl_yyparse (gramtype=772) at perly.c​:322
#3 0x000000000053b6a9 in S_parse_body (env=env@​entry=0x0,
  xsinit=xsinit@​entry=0x42c0b0 <xs_init>) at perl.c​:2314
#4 0x000000000054344b in perl_parse (my_perl=<optimized out>,
  xsinit=xsinit@​entry=0x42c0b0 <xs_init>, argc=<optimized out>,
  argv=<optimized out>, env=env@​entry=0x0) at perl.c​:1636
#5 0x000000000042bcd8 in main (argc=2, argv=0x7fffffffe378,
  env=0x7fffffffe390) at perlmain.c​:114
(gdb) list
1692 s++;
1693 e = t + 1;
1694 }
1695 else {
1696 t = s;
1697 while (!isSPACE(*t))
1698 t++;
1699 e = t;
1700 }
1701 while (SPACE_OR_TAB(*e) || *e == '\r' || *e == '\f')

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Jan 21, 2016

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Feb 10, 2016

From @tonycoz

On Wed Jan 20 18​:22​:43 2016, brian.carpenter@​gmail.com wrote​:

Program received signal SIGSEGV, Segmentation fault.
S_incline (s=0x1242cf7 "") at toke.c​:1697
1697 while (!isSPACE(*t))

Thanks, fixed by 1bb1a3d.

Tony

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Feb 10, 2016

The RT System itself - Status changed from 'new' to 'open'

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Feb 10, 2016

@tonycoz - Status changed from 'open' to 'pending release'

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented May 13, 2016

From @khwilliamson

Thank you for submitting this report. You have helped make Perl better.
 
With the release of Perl 5.24.0 on May 9, 2016, this and 149 other issues have been resolved.

Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented May 13, 2016

@khwilliamson - Status changed from 'pending release' to 'resolved'

@p5pRT p5pRT closed this May 13, 2016
@p5pRT p5pRT added the Severity Low label Oct 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.