New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use-of-uninitialized-value in Perl_upg_version (vutil.c:669) #16186
Comments
From @geeknikWhile building 1195d90 with -fsanitize=memory, the process fails during the afl-clang-fast [tpcg] 2.51b by <lszekeres@google.com>
SUMMARY: MemorySanitizer: use-of-uninitialized-value |
From @tonycozOn Fri, 06 Oct 2017 13:42:55 -0700, brian.carpenter@gmail.com wrote:
Could I have the Configure options and clang version you used to build this? (since you obviously can't run perl -V) Thanks, |
The RT System itself - Status changed from 'new' to 'open' |
From @geeknik./Configure -des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-O2\ Chromium clang version 6.0.0-trunk: git clone On Wed, Oct 18, 2017 at 7:51 PM, Tony Cook via RT <perlbug-followup@perl.org
|
From zefram@fysh.orgBrian Carpenter wrote:
I can't make sense of this, but I can see some other flaws in the That bit of code is concerned with expanding an NV to a version object, $_ = sprintf("%.9f", $nv); Line 669 is part of that trimming operation: while (buf[len-1] == '0' && len > 0) len--; One can immediately see a flaw, that the conditions are in the wrong But the logic of the situation is such that this trimming operation can't if ( buf[len-1] == '.' ) len--; /* eat the trailing decimal */ shows no worry about hitting the beginning of the string. And if I put in If those lines are OK, what about the preceding code that sets up buf The code that uses the fixed-size buffer goes further to avoid overrunning The code that uses an SV buffer is much safer, assuming we can rely So plenty of flaws there, but I don't see the one claimed by the bug -zefram |
From @cpansproutOn Sat, 09 Dec 2017 15:36:55 -0800, zefram@fysh.org wrote:
Whatever changes you might make, please make sure they get submitted to version.pm’s bug queue, and that they are compatible with older perl versions. (Many committers have thus far ignored the comment at the top of the file.) -- Father Chrysostomos |
Migrated from rt.perl.org#132234 (status was 'open')
Searchable as RT132234$
The text was updated successfully, but these errors were encountered: