-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assert fail in regcomp.c with no other symptoms: perl -e '/(?<=/' #15332
Comments
From @dcollinsnGreetings Porters, I have compiled bleadperl with the afl-gcc compiler using: ./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Uuselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -Dusequadmath -des And then fuzzed the resulting binary using: AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@ After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers an assert fail in debugging builds of the perl interpreter. The testcase is the 6-character file: /(?<=/ On normal builds, this exits with the expected error. On debug builds, this returns an assert fail. dcollins@nightshade64:~$ perl/miniperl -e '/(?<=/' Debugging tool output is below. A bisect was performed and points to the following diff: cfbef7d is the first bad commit regcomp.c: Fix some parsing glitches I undertook a code review of how regcomp.c parses things in light of the The audit was tedious, and may have missed some things. Several issues :040000 040000 a58a2d3154c5e346f9dfab14f7ca9897cbe06cfb 41b83ee5e555d3ddc87935c3a3b30db821741214 M pod **GDB** dcollins@nightshade64:~$ gdb --args perldebug/miniperl -e '/(?<=/' Program received signal SIGABRT, Aborted. **PERL -V** dcollins@nightshade64:~/perl$ ./perl -Ilib -V Characteristics of this binary (from libperl): |
From @demerphqOn 17 May 2016 3:04 p.m., "Dan Collins" <perlbug-followup@perl.org> wrote:
the
the
all
see
issues
This is not correct. Xs code can and in practice does create sv's with no
|
The RT System itself - Status changed from 'new' to 'open' |
From @khwilliamsonOn 05/20/2016 10:32 PM, demerphq wrote:
Hmm. I've written a bunch of code with that assumption, partly because I did add assertions to this effect in the regex code at the same time Can you give an example of how XS could do this? All I can think of is
|
From @demerphqOn 23 May 2016 16:06, "Karl Williamson" <public@khwilliamson.com> wrote:
that
Yeah, exactly. But in xs that is pretty standard. I wouldnt rely on our Yves |
From @cpansproutOn Mon May 23 14:16:31 2016, demerphq wrote:
In fact, I would like to remove that requirement (to allow substr to avoid copying the string), but someone else has pointed out that it is also common in XS to pass SvPV to system functions that expect a trailing null. -- Father Chrysostomos |
From @demerphqOn 23 May 2016 6:46 p.m., "Father Chrysostomos via RT" <
Maybe we should have a SvPV_null macro that DTRT for such cases and abandon Yves |
From @cpansproutOn Mon May 23 16:07:03 2016, demerphq wrote:
It might have to be the other way round (SvPV guarantees a null; a new variant returns the actual string), for backward-compatibility. I have opened a separate ticket for this (#128226), since it is not directly related to the topic of this ticket. -- Father Chrysostomos |
From @khwilliamsonOn 05/23/2016 03:15 PM, demerphq wrote:
I'm having trouble understanding how one would set such a thing up. At |
From @cpansproutOn Mon May 23 21:18:16 2016, public@khwilliamson.com wrote:
http://grep.cpan.me/?q=SvPVX.*+%3D[+] -- Father Chrysostomos |
From @geeknikWhile fuzzing Perl v5.25.3 (v5.25.2-65-g3866075) with American Fuzzy Lop, it was found that perl -e '/(?<!/' triggers the following assertion failure: perl: regcomp.c:10636: S_reg: Assertion `(pRExC_state->parse) < (pRExC_state->end)' failed. |
From @dcollinsnDuplicate of RT #128170, with a bisect and some discussion there. (Slightly different code - it seems both positive and negative assertions trigger this.) Merging. |
From @khwilliamsonOn 07/05/2016 09:27 PM, Brian Carpenter (via RT) wrote:
I will look into it |
From @khwilliamsonFixed by f2e32b2 |
@khwilliamson - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release today of Perl 5.26.0, this and 210 other issues have been Perl 5.26.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#128170 (status was 'resolved')
Searchable as RT128170$
The text was updated successfully, but these errors were encountered: