Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pack underflow #14525

Closed
p5pRT opened this issue Feb 18, 2015 · 5 comments
Closed

pack underflow #14525

p5pRT opened this issue Feb 18, 2015 · 5 comments

Comments

@p5pRT
Copy link

p5pRT commented Feb 18, 2015

Migrated from rt.perl.org#123874 (status was 'resolved')

Searchable as RT123874$

@p5pRT
Copy link
Author

p5pRT commented Feb 18, 2015

From @hvds

AFL (<http​://lcamtuf.coredump.cx/afl/>) finds this​:

% ./miniperl -e 'pack "pi/x"'
Segmentation fault (core dumped)
%

This occurs because the NEXTFROM macro leaves items == -1, and we then end up trying to Zero(cur, len, char) with len == -1. The code fix is below, will push once I've added a test.

Hugo

--- a/pp_pack.c
+++ b/pp_pack.c
@​@​ -2094,7 +2094,7 @​@​ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist )
  char *cur = start + SvCUR(cat);
  bool needs_swap;

-#define NEXTFROM (lengthcode ? lengthcode : items-- > 0 ? *beglist++ : &PL_sv_no)
+#define NEXTFROM (lengthcode ? lengthcode : items > 0 ? (--items, *beglist++) : &PL_sv_no)
#define PEEKFROM (lengthcode ? lengthcode : items > 0 ? *beglist : &PL_sv_no)

  switch (howlen) {

@p5pRT
Copy link
Author

p5pRT commented Feb 18, 2015

From @hvds

Now fixed by fc1bb3f​:

  [perl #123874] fix argument underflow for pack()
 
  NEXTFROM() modified the item count while testing it, so the next use
  saw the count (of -1) as non-zero and ended up trying to write ~1 bytes.

@p5pRT
Copy link
Author

p5pRT commented Feb 18, 2015

@hvds - Status changed from 'new' to 'pending release'

@p5pRT
Copy link
Author

p5pRT commented Jun 2, 2015

From @khwilliamson

Thank you for submitting this ticket.

The issue should now be resolved with the release today of Perl v5.22, which is available at http​://www.perl.org/get.html
--
Karl Williamson for the Perl 5 team

@p5pRT
Copy link
Author

p5pRT commented Jun 2, 2015

@khwilliamson - Status changed from 'pending release' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant