Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault in Perl 5.8.8 regex engine #9196

Closed
p5pRT opened this issue Jan 18, 2008 · 4 comments
Closed

Segmentation fault in Perl 5.8.8 regex engine #9196

p5pRT opened this issue Jan 18, 2008 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Jan 18, 2008

Migrated from rt.perl.org#49956 (status was 'resolved')

Searchable as RT49956$

@p5pRT
Copy link
Author

p5pRT commented Jan 18, 2008

From wojtyk@eclipse.ncsc.mil

This is a bug report for perl from wojtyk@​eclipse.ncsc.mil,
generated with the help of perlbug 1.35 running under perl v5.8.8.


Possibly related to prior bug #33945 (?)​:

Deep recursion in regex engine causes segmentation fault.

Reproducible sample code​:

  perl -le'my $rx="b"."a"x99999; $rx=~/b([^b]|c.)+/;'

Snippet from backtrace​:

...
#4 0x0064536b in Perl_regclass_swash ()
  from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
#5 0x0064536b in Perl_regclass_swash ()
  from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
#6 0x0064536b in Perl_regclass_swash ()
  from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
#7 0x0064536b in Perl_regclass_swash ()
  from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
...



Flags​:
  category=core
  severity=low


This perlbug was built using Perl v5.8.8 in the Red Hat build system.
It is being executed now by Perl v5.8.8 - Mon Nov 12 21​:35​:26 EST 2007.

Site configuration information for perl v5.8.8​:

Configured by Red Hat, Inc. at Mon Nov 12 21​:35​:26 EST 2007.

Summary of my perl5 (revision 5 version 8 subversion 8) configuration​:
  Platform​:
  osname=linux, osvers=2.6.9-55.0.9.elsmp, archname=i386-linux-thread-multi
  uname='linux hs20-bc2-2.build.redhat.com 2.6.9-55.0.9.elsmp #1 smp tue sep 25 02​:16​:15 edt 2007 i686 i686 i386 gnulinux '
  config_args='-des -Doptimize=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Dversion=5.8.8 -Dmyhostname=localhost -Dperladmin=root@​localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto -Dinc_version_list=5.8.7 5.8.6 5.8.5 -Dscriptdir=/usr/bin'
  hint=recommended, useposix=true, d_sigaction=define
  usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
  useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
  use64bitint=undef use64bitall=undef uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
  optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -I/usr/include/gdbm'
  ccversion='', gccversion='4.1.2 20070626 (Red Hat 4.1.2-13)', gccosandvers=''
  intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
  ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=4, prototype=define
  Linker and Libraries​:
  ld='gcc', ldflags =' -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib
  libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
  perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
  libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so
  gnulibc_version='2.5'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib'

Locally applied patches​:
 


@​INC for perl v5.8.8​:
  /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi
  /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi
  /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi
  /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
  /usr/lib/perl5/site_perl/5.8.8
  /usr/lib/perl5/site_perl/5.8.7
  /usr/lib/perl5/site_perl/5.8.6
  /usr/lib/perl5/site_perl/5.8.5
  /usr/lib/perl5/site_perl
  /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi
  /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi
  /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi
  /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
  /usr/lib/perl5/vendor_perl/5.8.8
  /usr/lib/perl5/vendor_perl/5.8.7
  /usr/lib/perl5/vendor_perl/5.8.6
  /usr/lib/perl5/vendor_perl/5.8.5
  /usr/lib/perl5/vendor_perl
  /usr/lib/perl5/5.8.8/i386-linux-thread-multi
  /usr/lib/perl5/5.8.8
  .


Environment for perl v5.8.8​:
  HOME=/home/wojtyk
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/wojtyk/firefox​:/usr/kerberos/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/X11R6/bin​:/home/wojtyk/bin​:/sbin
  PERL_BADLANG (unset)
  SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Jan 19, 2008

From @smpeters

On Jan 18, 2008 3​:52 PM, via RT wojtyk @​ eclipse. ncsc. mil
<perlbug-followup@​perl.org> wrote​:

# New Ticket Created by wojtyk@​eclipse.ncsc.mil
# Please include the string​: [perl #49956]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=49956 >

This is a bug report for perl from wojtyk@​eclipse.ncsc.mil,
generated with the help of perlbug 1.35 running under perl v5.8.8.

-----------------------------------------------------------------

Possibly related to prior bug #33945 (?)​:

Deep recursion in regex engine causes segmentation fault.

Reproducible sample code​:

    perl \-le'my $rx="b"\."a"x99999; $rx=~/b\(\[^b\]|c\.\)\+/;'

Snippet from backtrace​:

...
#4 0x0064536b in Perl_regclass_swash ()
from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
#5 0x0064536b in Perl_regclass_swash ()
from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
#6 0x0064536b in Perl_regclass_swash ()
from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
#7 0x0064536b in Perl_regclass_swash ()
from /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so
...

This has been fixed in Perl 5.10.

Steve Peters
steve@​fisharerojo.org

@p5pRT
Copy link
Author

p5pRT commented Jan 19, 2008

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Apr 27, 2008

p5p@spam.wizbit.be - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant