Skip Menu |
Report information
Id: 123801
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: 5.22.0



Subject: Perl_yylex: Assertion `PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]' failed (toke.c:4550)
Download (untitled) / with headers
text/plain 2.2k
Built v5.21.9 (v5.21.8-286-g534577b) using the following command line: ./Configure -des -Dusedevel -DDEBUGGING -Dcc=afl-gcc -Doptimize=-O2\ -g && AFL_HARDEN=1 make -j6 test-prep Bug found with AFL (http://lcamtuf.coredump.cx/afl) GDB output: Program terminated with signal 6, Aborted. #0 0x00007fce68ad7165 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. gdb-peda$ bt #0 0x00007fce68ad7165 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007fce68ada3e0 in *__GI_abort () at abort.c:92 #2 0x00007fce68ad0311 in *__GI___assert_fail (assertion=0xefc430 "PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]", file=<optimized out>, line=0x11c6, function=0xf3b150 "Perl_yylex") at assert.c:81 #3 0x0000000000611aa1 in Perl_yylex () at toke.c:4550 #4 0x0000000000669685 in Perl_yyparse () #5 0x00000000005399a5 in S_parse_body () #6 0x0000000000541537 in perl_parse () #7 0x000000000042b63c in main () at perlmain.c:114 #8 0x00007fce68ac3ead in __libc_start_main (main=<optimized out>, argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffaf9e2678) at libc-start.c:244 #9 0x000000000042b955 in _start () gdb-peda$ i r rax 0x0 0x0 rbx 0x7fffaf9e3631 0x7fffaf9e3631 rcx 0xffffffffffffffff 0xffffffffffffffff rdx 0x6 0x6 rsi 0xe632 0xe632 rdi 0xe632 0xe632 rbp 0x7fce68bf1a07 0x7fce68bf1a07 rsp 0x7fffaf9e1b18 0x7fffaf9e1b18 r8 0x7fce69d26700 0x7fce69d26700 r9 0x67616c665f76733e 0x67616c665f76733e r10 0x8 0x8 r11 0x202 0x202 r12 0xefc430 0xefc430 r13 0xf3b150 0xf3b150 r14 0x7fce68bf1a07 0x7fce68bf1a07 r15 0x11c6 0x11c6 rip 0x7fce68ad7165 0x7fce68ad7165 <*__GI_raise+53> eflags 0x202 [ IF ] cs 0x33 0x33 ss 0x2b 0x2b ds 0x0 0x0 es 0x0 0x0 fs 0x0 0x0 gs 0x0 0x0 Debian 7, Kernel 3.2.65-1+deb7u1 x86_64, libc 3.2.65-1+deb7u1 x86_6, gcc 4.9.2
Subject: test143
Download test143
application/octet-stream 218b

Message body not shown because it is not plain text.

RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 150b
#123802 is related to this bug. In #123802 I used a minimized test case to produce a sigsegv, whereas the test case in this report produces a sigabrt.
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 129b
A minimized test case that triggers this assertion is attached. Hexdump: 0000000 7d73 3024 307b 7d7d 490a 7420 000000c
Subject: test00-min
Download test00-min
application/octet-stream 12b

Message body not shown because it is not plain text.

Download (untitled) / with headers
text/plain 232b
Slightly different test case points to a different line # in toke.c: geeknik@deb7fuzz:/tmp$ ~/perl/perl -e 's##[}#e' perl: toke.c:4551: Perl_yylex: Assertion `PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]' failed.
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 488b
On Tue Feb 17 17:10:30 2015, brian.carpenter@gmail.com wrote: Show quoted text
> Slightly different test case points to a different line # in toke.c: > > geeknik@deb7fuzz:/tmp$ ~/perl/perl -e 's##[}#e' > perl: toke.c:4551: Perl_yylex: Assertion > `PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]' > failed.
On non-debugging builds, that example crashes for me in bleadperl, but not 5.20.1. I have fixed it in f4460c6f7a. The case in #123802 is not fixed yet. -- Father Chrysostomos
To: perlbug-followup [...] perl.org
Subject: Re: [perl #123801] Perl_yylex: Assertion `PL_valid_types_IVX[((svtype)((_svivx)->sv_flags & 0xff)) & 0xf]' failed (toke.c:4550)
From: Brian Carpenter <brian.carpenter [...] gmail.com>
Date: Sun, 22 Feb 2015 22:25:27 -0600
Download (untitled) / with headers
text/plain 15.4k

Message body is not shown because it is too large.

Download (untitled) / with headers
text/html 18.1k

Message body is not shown because it is too large.

Download test00
application/octet-stream 149b

Message body not shown because it is not plain text.

RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 474b
On Sun Feb 22 20:26:54 2015, brian.carpenter@gmail.com wrote: Show quoted text
> I don't believe this issue to be fixed as changing the [ in the below > test > case to { causes this in blead (it gets more interesting towards the > end > and also explains the attachment):
All the examples you gave in your last message are failing similarly. Reference counting on the parser stack is getting muddled up. I believe I have fixed all these now with commit 479ae48. -- Father Chrysostomos
Download (untitled) / with headers
text/plain 200b
Thank you for submitting this ticket. The issue should now be resolved with the release today of Perl v5.22, which is available at http://www.perl.org/get.html -- Karl Williamson for the Perl 5 team


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org