-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault in Perl_pv_escape with assert fail, do qr/NUL/ #15337
Comments
From @dcollinsnGreetings Porters, I have compiled bleadperl with the afl-gcc compiler using: ./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Uuselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -Dusequadmath -des And then fuzzed the resulting binary using: AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@ After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers an segfault in the perl interpreter. The testcase is the file below. On normal builds, this segfaults. On debug builds, this returns an assert fail. dcollins@nightshade64:~$ cat f3i0 Debugging tool output is below. A git bisect was performed and reported the following: 41188aa is the first bad commit [perl #117265] correctly handle overloaded strings :100644 100644 d79bf44da7adb960f017908188b6b2563799066d 3988c788738312cc9dcc15e948114261e0a0ddac M doio.c **GDB** dcollins@nightshade64:~$ gdb --args ./perl/perl ./f3i0 Program received signal SIGSEGV, Segmentation fault. **VALGRIND** dcollins@nightshade64:~$ valgrind ./perl/perl ./f3i0 **PERL -V** dcollins@nightshade64:~$ perl/perl -V Characteristics of this binary (from libperl): |
From @cpansproutOn Wed May 18 15:26:10 2016, dcollinsn@gmail.com wrote:
Some of the code added by v5.19.3-130-gc8028aa to pp_ctl.c:pp_require (now in S_require_file) uses SvPVX(sv) and SvCUR(sv) without making sure that the SV is a PV. I believe that is the culprit. In fact, the code in question could just use the name and len variables it already has, from stringifying the sv a few lines earlier. (I may be wrong here. I have not even run this through gdb or done a bisect. I simply looked at the code.) -- Father Chrysostomos |
The RT System itself - Status changed from 'new' to 'open' |
From @cpansproutOn Wed May 18 16:58:27 2016, sprout wrote:
This is fixed in 08f800f and has a perldelta entry in f8591e0. I think these should be candidates for backporting to maint-5.24 and maint-5.22 (and maint-5.20 if we are still doing that). Thank you for the report. -- Father Chrysostomos |
@cpansprout - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release today of Perl 5.26.0, this and 210 other issues have been Perl 5.26.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#128182 (status was 'resolved')
Searchable as RT128182$
The text was updated successfully, but these errors were encountered: