Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

segfault in S_check_uni (toke.c:1938) #16241

Closed
p5pRT opened this issue Nov 11, 2017 · 7 comments
Closed

segfault in S_check_uni (toke.c:1938) #16241

p5pRT opened this issue Nov 11, 2017 · 7 comments

Comments

@p5pRT
Copy link

p5pRT commented Nov 11, 2017

Migrated from rt.perl.org#132433 (status was 'resolved')

Searchable as RT132433$
@p5pRT
Copy link
Author

p5pRT commented Nov 11, 2017

From @geeknik

./perl -e 'dj{lc-&1J' triggers a segfault in v5.27.5-323-g2b503742ec.

==26052==ERROR​: AddressSanitizer​: SEGV on unknown address 0x602000010000
(pc 0x7f3e54333caa bp 0x7fffccd42ab0 sp 0x7fffccd42248 T0)
==26052==The signal is caused by a READ memory access.
  #0 0x7f3e54333ca9 in memchr (/lib/x86_64-linux-gnu/libc.so.6+0x90ca9)
  #1 0x451731 in __interceptor_memchr (/root/perl/perl+0x451731)
  #2 0x6a520d in S_check_uni /root/perl/toke.c​:1938​:9
  #3 0x65a8ab in Perl_yylex /root/perl/toke.c​:5768​:7
  #4 0x6cb273 in Perl_yyparse /root/perl/perly.c​:340​:34
  #5 0x5bfd22 in S_parse_body /root/perl/perl.c​:2452​:9
  #6 0x5b7c5a in perl_parse /root/perl/perl.c​:1755​:2
  #7 0x5033e5 in main /root/perl/perlmain.c​:121​:18
  #8 0x7f3e542c33f0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
  #9 0x4360a9 in _start (/root/perl/perl+0x4360a9)

AddressSanitizer can not provide additional info.
SUMMARY​: AddressSanitizer​: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x90ca9)
in memchr
==26052==ABORTING

@p5pRT
Copy link
Author

p5pRT commented Nov 11, 2017

From @geeknik

./perl -e '-C-' also triggers this segfault, unless you put -C- in file and
run ./perl file in which case it triggers this​:

==26553==ERROR​: AddressSanitizer​: negative-size-param​: (size=-1)
  #0 0x451782 in __interceptor_memchr (/root/perl/perl+0x451782)
  #1 0x6a520d in S_check_uni /root/perl/toke.c​:1938​:9
  #2 0x65a8ab in Perl_yylex /root/perl/toke.c​:5768​:7
  #3 0x6cb273 in Perl_yyparse /root/perl/perly.c​:340​:34
  #4 0x5bfd22 in S_parse_body /root/perl/perl.c​:2452​:9
  #5 0x5b7c5a in perl_parse /root/perl/perl.c​:1755​:2
  #6 0x5033e5 in main /root/perl/perlmain.c​:121​:18
  #7 0x7febd38513f0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
  #8 0x4360a9 in _start (/root/perl/perl+0x4360a9)

0x602000000df3 is located 3 bytes inside of 10-byte region
[0x602000000df0,0x602000000dfa)
allocated by thread T0 here​:
  #0 0x4d6da3 in malloc (/root/perl/perl+0x4d6da3)
  #1 0x7f6f98 in Perl_safesysmalloc /root/perl/util.c​:153​:21
  #2 0x8efcab in Perl_sv_grow /root/perl/sv.c​:1603​:17
  #3 0x9072d9 in Perl_sv_setpvn /root/perl/sv.c​:5004​:12
  #4 0x956fae in Perl_newSVpvn /root/perl/sv.c​:9441​:5
  #5 0x60de28 in Perl_lex_start /root/perl/toke.c​:768​:20
  #6 0x5bfc32 in S_parse_body /root/perl/perl.c​:2441​:5
  #7 0x5b7c5a in perl_parse /root/perl/perl.c​:1755​:2
  #8 0x5033e5 in main /root/perl/perlmain.c​:121​:18
  #9 0x7febd38513f0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x203f0)

SUMMARY​: AddressSanitizer​: negative-size-param (/root/perl/perl+0x451782)
in __interceptor_memchr
==26553==ABORTING

@p5pRT
Copy link
Author

p5pRT commented Nov 12, 2017

From @mauke

On Sat, 11 Nov 2017 14​:04​:40 -0800, brian.carpenter@​gmail.com wrote​:

./perl -e '-C-' also triggers this segfault, unless you put -C- in file and
run ./perl file in which case it triggers this​:

==26553==ERROR​: AddressSanitizer​: negative-size-param​: (size=-1)
#0 0x451782 in __interceptor_memchr (/root/perl/perl+0x451782)
#1 0x6a520d in S_check_uni /root/perl/toke.c​:1938​:9
#2 0x65a8ab in Perl_yylex /root/perl/toke.c​:5768​:7
#3 0x6cb273 in Perl_yyparse /root/perl/perly.c​:340​:34
#4 0x5bfd22 in S_parse_body /root/perl/perl.c​:2452​:9
#5 0x5b7c5a in perl_parse /root/perl/perl.c​:1755​:2
#6 0x5033e5 in main /root/perl/perlmain.c​:121​:18
#7 0x7febd38513f0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
#8 0x4360a9 in _start (/root/perl/perl+0x4360a9)

0x602000000df3 is located 3 bytes inside of 10-byte region
[0x602000000df0,0x602000000dfa)
allocated by thread T0 here​:
#0 0x4d6da3 in malloc (/root/perl/perl+0x4d6da3)
#1 0x7f6f98 in Perl_safesysmalloc /root/perl/util.c​:153​:21
#2 0x8efcab in Perl_sv_grow /root/perl/sv.c​:1603​:17
#3 0x9072d9 in Perl_sv_setpvn /root/perl/sv.c​:5004​:12
#4 0x956fae in Perl_newSVpvn /root/perl/sv.c​:9441​:5
#5 0x60de28 in Perl_lex_start /root/perl/toke.c​:768​:20
#6 0x5bfc32 in S_parse_body /root/perl/perl.c​:2441​:5
#7 0x5b7c5a in perl_parse /root/perl/perl.c​:1755​:2
#8 0x5033e5 in main /root/perl/perlmain.c​:121​:18
#9 0x7febd38513f0 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x203f0)

SUMMARY​: AddressSanitizer​: negative-size-param (/root/perl/perl+0x451782)
in __interceptor_memchr
==26553==ABORTING

Fixed in commit 4efcdc0.

@p5pRT
Copy link
Author

p5pRT commented Nov 12, 2017

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Nov 12, 2017

@mauke - Status changed from 'open' to 'resolved'

@p5pRT p5pRT closed this as completed Nov 12, 2017
@p5pRT
Copy link
Author

p5pRT commented Nov 12, 2017

From zefram@fysh.org

l.mai@​web.de via RT wrote​:

Fixed in commit 4efcdc0.

That's not a fix. It avoids crashing, but the parser state still gets
messed up.

-zefram

@p5pRT
Copy link
Author

p5pRT commented Nov 12, 2017

From zefram@fysh.org

I wrote​:

That's not a fix.

Sorry, I misread it. I think it's fine.

-zefram

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@p5pRT