Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crash in unpack #8515

Closed
p5pRT opened this issue Jul 7, 2006 · 6 comments
Closed

crash in unpack #8515

p5pRT opened this issue Jul 7, 2006 · 6 comments

Comments

@p5pRT
Copy link

p5pRT commented Jul 7, 2006

Migrated from rt.perl.org#39747 (status was 'resolved')

Searchable as RT39747$

@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2006

From @mauke

Created by @mauke

Hello,

$ perl -e 'unpack "(Z*)*", "a"'
$ perl -e 'unpack "(Z*)*", "aa"'
Segmentation fault
$

It looks like unpack crashes if there's more than one non-null character in
the source string.

Perl Info

Flags:
    category=core
    severity=medium

Site configuration information for perl v5.8.8:

Configured by mauke at Wed Mar 22 20:53:12 CET 2006.

Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
  Platform:
    osname=linux, osvers=2.6.15-gentoo-r1, archname=i686-linux-64int-ld
    uname='linux nora 2.6.15-gentoo-r1 #9 preempt sun feb 5 02:47:05 cet 2006 i686 amd athlon(tm) 64 processor 3200+ authenticamd gnulinux '
    config_args=''
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=define use64bitall=undef uselongdouble=define
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-fno-strict-aliasing -pipe -Wdeclaration-after-statement -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -fomit-frame-pointer -march=athlon-xp -mtune=athlon64',
    cppflags='-fno-strict-aliasing -pipe -Wdeclaration-after-statement'
    ccversion='', gccversion='3.4.5 (Gentoo 3.4.5, ssp-3.4.5-1.0, pie-8.7.9)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long long', ivsize=8, nvtype='long double', nvsize=12, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.3.5.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.3.5'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    SAFEARGV0 - disable magic open in <ARGV>
    METHQUAL0 - allow qualified method calls without a valid object
    UNWARN0 - disable stupid warnings for print and qw


@INC for perl v5.8.8:
    /home/mauke/usr/local/lib/perl5/5.8.8/i686-linux-64int-ld
    /home/mauke/usr/local/lib/perl5/5.8.8
    /home/mauke/usr/local/lib/perl5/site_perl/5.8.8/i686-linux-64int-ld
    /home/mauke/usr/local/lib/perl5/site_perl/5.8.8
    /home/mauke/usr/local/lib/perl5/site_perl
    .


Environment for perl v5.8.8:
    HOME=/home/mauke
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LC_ALL=en_US.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/mauke/usr/local/bin:/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i386-pc-linux-gnu/gcc-bin/3.4.6:/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin:/usr/kde/3.5/bin:/usr/qt/3/bin:/usr/kde/3.4/bin:/usr/NX/bin:/usr/games/bin:/opt/vmware/player/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2006

@demerphq - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2006

From @demerphq

On 7/7/06, via RT l. mai @​ web. de <perlbug-followup@​perl.org> wrote​:

# New Ticket Created by l.mai@​web.de
# Please include the string​: [perl #39747]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=39747 >

This is a bug report for perl from l.mai@​web.de,
generated with the help of perlbug 1.35 running under perl v5.8.8.

-----------------------------------------------------------------
[Please enter your report here]

Hello,

$ perl -e 'unpack "(Z*)*", "a"'
$ perl -e 'unpack "(Z*)*", "aa"'
Segmentation fault
$

It looks like unpack crashes if there's more than one non-null character in
the source string.

Blead is a little better about this, instead of segfaulting it bails
with a panic​:

D​:\dev\perl\ver\28498_\win32>perl -e "unpack '(Z*)*', 'aa'
panic​: sv_setpvn called with negative strlen at -e line 1.

And while this isnt ideal behaviour, there is the minor point that the
Z unpack template is for _null_terminated_strings_. That isnt a null
terminated string. Therefore the behaviour in this situation is IMO
undefined.

It seems to me that you really want (A*)* there, and not (Z*)*, and
that in unpack Z should probably be treated as A is if the string
contains no nulls.

I havent closed the bug because it seems to me that this is probably
fixable assuming a policy decision by the pumpking (Rafael).

Cheers,
yves

--
perl -Mre=debug -e "/just|another|perl|hacker/"

@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2006

From @demerphq

This matter has been resolved in bleadperl.

cheers,
yves

@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2006

@demerphq - Status changed from 'open' to 'resolved'

@p5pRT p5pRT closed this as completed Jul 7, 2006
@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2006

From @demerphq

On 7/7/06, demerphq <demerphq@​gmail.com> wrote​:

On 7/7/06, via RT l. mai @​ web. de <perlbug-followup@​perl.org> wrote​:

# New Ticket Created by l.mai@​web.de
# Please include the string​: [perl #39747]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=39747 >

This is a bug report for perl from l.mai@​web.de,
generated with the help of perlbug 1.35 running under perl v5.8.8.

-----------------------------------------------------------------
[Please enter your report here]

Hello,

$ perl -e 'unpack "(Z*)*", "a"'
$ perl -e 'unpack "(Z*)*", "aa"'
Segmentation fault
$

It looks like unpack crashes if there's more than one non-null character in
the source string.

Blead is a little better about this, instead of segfaulting it bails
with a panic​:

D​:\dev\perl\ver\28498_\win32>perl -e "unpack '(Z*)*', 'aa'
panic​: sv_setpvn called with negative strlen at -e line 1.

Doh, this is what perl 5.8.6 does.

This matter has already been resolved in blead.

D​:\dev\perl\ver\28498_\win32>..\perl -e "print join '-',unpack '(Z*)*', qq(aa)"
aa

Cheers,
Yves

--
perl -Mre=debug -e "/just|another|perl|hacker/"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant