Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leak in S_pmtrans #16030

Closed
p5pRT opened this issue Jun 22, 2017 · 7 comments
Closed

Memory leak in S_pmtrans #16030

p5pRT opened this issue Jun 22, 2017 · 7 comments

Comments

@p5pRT
Copy link

@p5pRT p5pRT commented Jun 22, 2017

Migrated from rt.perl.org#131628 (status was 'resolved')

Searchable as RT131628$

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jun 22, 2017

From @dur-randir

Created by @dur-randir

While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run
under libdislocator, I found the following program

eval"y//\x{e00}/" #while (1)

to leak memory. To observe the leak without ASAN, remove the '#'
symbol. ASAN info about the leaked allocation is​:

=================================================================
==47410==ERROR​: LeakSanitizer​: detected memory leaks

Direct leak of 1 byte(s) in 1 object(s) allocated from​:
  #0 0x4ea778 in malloc (/home/afl/afl-asan/perl+0x4ea778)
  #1 0x85fd9e in Perl_safesysmalloc /home/afl/afl-asan/util.c​:153​:21
  #2 0xc7b782 in Perl_bytes_to_utf8 /home/afl/afl-asan/utf8.c​:2145​:5
  #3 0x54783b in S_pmtrans /home/afl/afl-asan/op.c​:5339​:18
  #4 0x54783b in Perl_pmruntime /home/afl/afl-asan/op.c​:5740
  #5 0x706734 in Perl_yyparse /home/afl/afl-asan/perly.y​:1210​:23
  #6 0xb227bf in S_doeval_compile /home/afl/afl-asan/pp_ctl.c​:3456​:77
  #7 0xb1fa12 in Perl_pp_entereval /home/afl/afl-asan/pp_ctl.c​:4415​:9
  #8 0x85a804 in Perl_runops_debug /home/afl/afl-asan/dump.c​:2451​:23
  #9 0x5f72f5 in S_run_body /home/afl/afl-asan/perl.c​:2548​:2
  #10 0x5f72f5 in perl_run /home/afl/afl-asan/perl.c​:2471
  #11 0x5225c2 in main /home/afl/afl-asan/perlmain.c​:123​:9
  #12 0x7fb5ef9952b0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY​: AddressSanitizer​: 1 byte(s) leaked in 1 allocation(s).

Perl Info

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.27.1:

Configured by root at Sun May 28 01:44:41 MSK 2017.

Summary of my perl5 (revision 5 version 26 subversion 0) configuration:
  Derived from: 4c95ee9f298c2edfc1382d540ff89288790e78b6
  Platform:
    osname=linux
    osvers=4.9.0-3-amd64
    archname=x86_64-linux
    uname='linux dorothy 4.9.0-3-amd64 #1 smp debian 4.9.25-1
(2017-05-02) x86_64 gnulinux '
    config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast
-Doptimize=-O0 -g -ggdb3 -fno-omit-frame-pointer'
    hint=previous
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='afl-clang-fast'
    ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
    optimize='-O0 -g -ggdb3 -fno-omit-frame-pointer'
    cppflags='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include'
    ccversion=''
    gccversion='4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='afl-clang-fast'
    ldflags =' -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib
/usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu
/lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib
/usr/include/x86_64-linux-gnu /usr/lib
    libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.24.so
    so=so
    useshrplib=false
    libperl=libperl.a
    gnulibc_version='2.24'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -O0 -g -ggdb3 -fno-omit-frame-pointer
-L/usr/local/lib -fstack-protector-strong'

Locally applied patches:
    uncommitted-changes


@INC for perl 5.27.1:
    lib
    /usr/local/lib/perl5/site_perl/5.26.0/x86_64-linux
    /usr/local/lib/perl5/site_perl/5.26.0
    /usr/local/lib/perl5/5.26.0/x86_64-linux
    /usr/local/lib/perl5/5.26.0


Environment for perl 5.27.1:
    HOME=/home/afl
    LANG=en_US.UTF-8
    LANGUAGE=en_US:en
    LC_CTYPE=en_US.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
    PERLBREW_BASHRC_VERSION=0.78
    PERLBREW_HOME=/home/afl/.perlbrew
    PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.24.1-dbg/man
    PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin
    PERLBREW_PERL=perl-5.24.1-dbg
    PERLBREW_ROOT=/home/afl/perlbrew
    PERLBREW_VERSION=0.78
    PERL_BADLANG (unset)
    SHELL=/usr/bin/zsh

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jun 22, 2017

From @khwilliamson

On 06/22/2017 12​:11 PM, Sergey Aleynikov (via RT) wrote​:

# New Ticket Created by Sergey Aleynikov
# Please include the string​: [perl #131628]
# in the subject line of all future correspondence about this issue.
# <URL​: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=131628 >

This is a bug report for perl from sergey.aleynikov@​gmail.com,
generated with the help of perlbug 1.40 running under perl 5.27.1.

-----------------------------------------------------------------
[Please describe your issue here]

While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run
under libdislocator, I found the following program

eval"y//\x{e00}/" #while (1)

to leak memory. To observe the leak without ASAN, remove the '#'
symbol. ASAN info about the leaked allocation is​:

I was in the middle of revamping this code when I ran out of time in
5.26. Initially, the revamp was to avoid the use of utf8_heavy.pl.

Anyway, I'll look into this when I get back into the revamp, so it would
likely be a waste of time for someone else to look at it.

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jun 22, 2017

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Mar 20, 2018

From @khwilliamson

This is fixed in blead; It wasn't trivial for me to bisect, so I gave up
--
Karl Williamson

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Mar 20, 2018

@khwilliamson - Status changed from 'open' to 'pending release'

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jun 23, 2018

From @khwilliamson

Thank you for filing this report. You have helped make Perl better.

With the release yesterday of Perl 5.28.0, this and 185 other issues have been
resolved.

Perl 5.28.0 may be downloaded via​:
https://metacpan.org/release/XSAWYERX/perl-5.28.0

If you find that the problem persists, feel free to reopen this ticket.

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jun 23, 2018

@khwilliamson - Status changed from 'pending release' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant