Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

null ptr deref, segfault Perl_sv_vcatpvfn_flags (sv.c:12398) #15563

Closed
p5pRT opened this issue Aug 27, 2016 · 8 comments
Labels

Comments

@p5pRT
Copy link
Collaborator

@p5pRT p5pRT commented Aug 27, 2016

Migrated from rt.perl.org#129106 (status was 'resolved')

Searchable as RT129106$

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Aug 27, 2016

From @geeknik

Fuzzing Perl v5.25.4-20-gc2f7c0b* with AFL, ASAN and libdislocator.

1713 lines of Debug output later...
http​://pastebin.com/JiMN4fZP

==19229==ERROR​: AddressSanitizer​: SEGV on unknown address 0x000000000038 (pc 0x00000097c6ee bp 0x7fffba9d9130 sp 0x7fffba9d8b80 T0)
  #0 0x97c6ed in Perl_sv_vcatpvfn_flags /root/perl/sv.c​:12398​:21
  #1 0x967dc8 in Perl_sv_vsetpvfn /root/perl/sv.c​:10815​:5
  #2 0x967dc8 in Perl_vnewSVpvf /root/perl/sv.c​:9429
  #3 0xc23d60 in PerlIO_vprintf /root/perl/perlio.c​:4977​:10
  #4 0x7d4cd9 in Perl_dump_vindent /root/perl/dump.c​:520​:5
  #5 0x7d4cd9 in Perl_dump_indent /root/perl/dump.c​:511
  #6 0x7e0887 in Perl_do_sv_dump /root/perl/dump.c​:1580​:2
  #7 0x7f12a2 in Perl_sv_dump /root/perl/dump.c​:2193​:2
  #8 0x9478b4 in Perl_sv_clear /root/perl/sv.c​:6639​:4
  #9 0x94c452 in Perl_sv_free2 /root/perl/sv.c​:6956​:9
  #10 0x4e38b7 in S_SvREFCNT_dec /root/perl/./inline.h​:189​:6
  #11 0x4e38b7 in Perl_op_clear /root/perl/op.c​:973
  #12 0x4e2195 in Perl_op_free /root/perl/op.c​:854​:9
  #13 0x4e1de5 in Perl_op_free /root/perl/op.c​:837​:21
  #14 0xa23a72 in Perl_leave_scope /root/perl/scope.c​:1109​:6
  #15 0xa56865 in S_pop_eval_context_maybe_croak /root/perl/pp_ctl.c​:1605​:5
  #16 0xa55f26 in Perl_die_unwind /root/perl/pp_ctl.c​:1733​:13
  #17 0x7ffa2f in Perl_vcroak /root/perl/util.c​:1791​:5
  #18 0x7ff91c in Perl_die /root/perl/util.c​:1722​:5
  #19 0x9b7459 in Perl_pp_divide /root/perl/pp.c​:1555​:17
  #20 0x7f1c63 in Perl_runops_debug /root/perl/dump.c​:2234​:23
  #21 0x5a10a6 in S_run_body /root/perl/perl.c​:2525​:2
  #22 0x5a10a6 in perl_run /root/perl/perl.c​:2448
  #23 0x4de6cd in main /root/perl/perlmain.c​:123​:9
  #24 0x7f74425e5b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c​:287
  #25 0x4de33c in _start (/root/perl/perl+0x4de33c)

AddressSanitizer can not provide additional info.
SUMMARY​: AddressSanitizer​: SEGV /root/perl/sv.c​:12398 Perl_sv_vcatpvfn_flags
==19229==ABORTING

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Aug 27, 2016

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Aug 27, 2016

From @cpansprout

Shorter​:

$ ./miniperl -DC -e'eval "l/A"'

--

Father Chrysostomos

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Aug 27, 2016

The RT System itself - Status changed from 'new' to 'open'

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Sep 7, 2016

From @cpansprout

On Sat Aug 27 15​:33​:20 2016, sprout wrote​:

Shorter​:

$ ./miniperl -DC -e'eval "l/A"'

This is now fixed in 6b42170.

--

Father Chrysostomos

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Sep 7, 2016

@cpansprout - Status changed from 'open' to 'pending release'

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented May 30, 2017

From @khwilliamson

Thank you for filing this report. You have helped make Perl better.

With the release today of Perl 5.26.0, this and 210 other issues have been
resolved.

Perl 5.26.0 may be downloaded via​:
https://metacpan.org/release/XSAWYERX/perl-5.26.0

If you find that the problem persists, feel free to reopen this ticket.

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented May 30, 2017

@khwilliamson - Status changed from 'pending release' to 'resolved'

@p5pRT p5pRT closed this May 30, 2017
@p5pRT p5pRT added the Severity Low label Oct 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.