-
Notifications
You must be signed in to change notification settings - Fork 558
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
perl.c:528: perl_destruct: Assertion `PL_scopestack_ix == 1' failed #15814
Comments
From @dur-randirCreated by @dur-randirWhile fuzzing perl v5.25.8-216-gfbceb79751 built with afl and run qr!@{s{0})(?{! to cause an assertion failure, even when run under -c for a syntax 491453b is the first bad commit Handle /@a/ array expansion within regex engine Previously /a@{b}c/ would be parsed as regcomp('a', join($", @b), 'c') This means that the array was flattened and its contents stringified before Change it so that it is parsed as regcomp('a', @b, 'c') (but where the array isn't flattened, but rather just the AV itself is This means that the regex engine itself can process any qr// objects It also fixes a regression from 5.16.x, which meant that you suddenly GDB info about the crash location: (gdb) bt Perl Info
|
From @hvdsOn Wed, 18 Jan 2017 17:08:36 -0800, randir wrote:
The scopestack imbalance here occurs because we call sublex_start() but never a corresponding sublex_done(). I don't currently have a clue what's intended to ensure we will reach sublex_done, but I'll try to make some more progress if nobody else jumps in. The only part of 491453b that gets hit by ./miniperl -ce 'qr!@{s{0})(?{!' is the toke.c chunk causing PL_lex_dojoin to become FALSE instead of TRUE. Hugo |
The RT System itself - Status changed from 'new' to 'open' |
From @tonycozOn Fri, 20 Jan 2017 06:43:12 -0800, hv wrote:
The closing ) is confusing the parser. Patch which *might* fix it (passes all tests in a DEBUGGING build) attached. Tony |
From @hvdsOn Mon, 11 Feb 2019 21:32:43 -0800, tonyc wrote:
It looks credible to me, and a good solution. What are your concerns about it? I know very little about the grammar, but I'm curious why "FUNC SUBLEXSTART optexpr SUBLEXEND" is in 'term' rather than next to "FUNC '(' optexpr ')'" in 'listop' - I'm assuming the cases hitting the former with the patch would previously have hit the latter. Is it possible to construct an additional croak/toke test for the \U case, or does the means of construction imply it cannot trigger failure the same way? Hugo |
From @tonycozOn Tue, 12 Feb 2019 01:40:32 -0800, hv wrote:
Mostly I was confused by the parser doing this: $ ./perl -Ilib -MO=Deparse -e 'qq/@{s{0}}/' while I expected the s{0} to be treated as the beginning of a s///.
This is from the history of the patch. Originally I had an extra production called sublexexpr that I'd added to term, since first rule I converted to use the new tokens was the '(' expr ')' case for term. But that rule isn't used - subparses always generate something like the FUNC() call (where FUNC might be op_stringify for "..."), and I ended up adding the FUNC rule to sublexexpr too. Testing found that the {expr} sublex token rule wasn't being used so I removed it, and finally added the remaining rule to term. Which is probably the wrong place.
I think it can, though I couldn't reproduce it with an unpatched blead. I've attached an updated patch that moves the rule, and some attempts at making qq() reproduce the problem, though I couldn't make them crash. Tony |
From @tonycozOn Tue, 12 Feb 2019 15:03:01 -0800, tonyc wrote:
Applied as 69afcc2. Tony |
@tonycoz - Status changed from 'open' to 'pending release' |
Migrated from rt.perl.org#130585 (status was 'pending release')
Searchable as RT130585$
The text was updated successfully, but these errors were encountered: