Skip Menu |
Report information
Id: 125805
Status: resolved
Priority: 0/
Queue: perl5

Owner: khw <khw [at] cpan.org>
Requestors: dcollinsn [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: 5.22.1



Subject: Perl segfaults with a regex_sets error message
Download (untitled) / with headers
text/plain 9.4k
The search on this bug tracker doesn't seem to search issue descriptions, but in any event I can't figure out how to tell if this is a duplicate or not. Searches for the test case, regex_sets, segfault, and the first bad revision id didn't reveal any obvious duplicates. Test case is the 12-byte file: 00./(?[()])/ dcollins@nagios:/usr/local/perl-afl/out/allcrash$ ../../bin/perl -w f2i000041 The regex_sets feature is experimental in regex; marked by <-- HERE in m/(?[ <-- HERE ()])/ at f2i000041 line 1. Segmentation fault Git bisect revealed: 6798c95dd27b33efd71f394c18649af7bbaf42b7 is the first bad commit commit 6798c95dd27b33efd71f394c18649af7bbaf42b7 Author: Karl Williamson <khw@cpan.org> Date: Wed Feb 25 23:19:39 2015 -0700 Change /(?[...]) to have normal operator precedence This experimental feature now has the intersection operator ("&") higher precedence than the other binary operators. :100644 100644 ce36c6c64ad7f52f32f18c3af5faea7782e77f8f a909f7d5bc6cacd8ecd0e292d17587460c2dabf5 M embed.fnc :100644 100644 acbd1ea23a511c4a9573674d10dc6e8577bac513 4d9ca18439ad72b5d955b46ab4fc1ae60fbdab9e M embed.h :040000 040000 abe9c29891251f534ae7654827701484c00e5d5a 56738de91977828568e55a1fa42af9d52602a07c M pod :100644 100644 4bc200dae6b4e45492c0aa6dd8724e44175e1180 f45a4a36173bc16a1e8c9491298708ef75e252a7 M proto.h :100644 100644 d736a0131ac2c50c3753ddd332b3fc524ebe7514 51065d58f2df92a3a2e1ccd520280f4c9e62c952 M regcomp.c :040000 040000 90b8d23d6c4c6de5357d08f14baf1f1e201274c1 487395998bc1558eb521b752f277bac3bdb8e770 M t bisect run success dcollins@nagios:/usr/local/perl-afl/out/allcrash$ ../../bin/perl -V Summary of my perl5 (revision 5 version 23 subversion 2) configuration: Derived from: 9728ed0a4dcaca9d7fddf6ce9c5736ed3aacd487 Platform: osname=linux, osvers=2.6.32-5-686, archname=i686-linux-64int-ld uname='linux nagios 2.6.32-5-686 #1 smp tue may 13 16:33:32 utc 2014 i686 gnulinux ' config_args='' hint=recommended, useposix=true, d_sigaction=define useithreads=undef, usemultiplicity=undef use64bitint=define, use64bitall=undef, uselongdouble=define usemymalloc=n, bincompat5005=undef Compiler: cc='afl-gcc', ccflags ='-fwrapv -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-g', cppflags='-fwrapv -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion='', gccversion='4.4.5', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678, doublekind=3 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12, longdblkind=3 ivtype='long long', ivsize=8, nvtype='long double', nvsize=12, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='afl-gcc', ldflags =' -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/gcc/i486-linux-gnu/4.4.5/include-fixed /usr/lib /lib/../lib /usr/lib/../lib /lib /usr/lib/i486-linux-gnu /usr/lib64 libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=libc-2.11.3.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.11.3' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -g -L/usr/local/lib -fstack-protector' Characteristics of this binary (from libperl): Compile-time options: HAS_TIMES PERLIO_LAYERS PERL_COPY_ON_WRITE PERL_DONT_CREATE_GVSV PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_MALLOC_WRAP PERL_PRESERVE_IVUV USE_64_BIT_INT USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_LONG_DOUBLE USE_PERLIO USE_PERL_ATOF Locally applied patches: uncommitted-changes Built under linux Compiled at Aug 11 2015 16:38:21 @INC: /usr/local/perl-afl/lib/site_perl/5.23.2/i686-linux-64int-ld /usr/local/perl-afl/lib/site_perl/5.23.2 /usr/local/perl-afl/lib/5.23.2/i686-linux-64int-ld /usr/local/perl-afl/lib/5.23.2 . (gdb) run Starting program: /usr/local/perl-afl/bin/perl f2i000041 [Thread debugging using libthread_db enabled] The regex_sets feature is experimental in regex; marked by <-- HERE in m/(?[ <-- HERE ()])/ at f2i000041 line 1. Program received signal SIGSEGV, Segmentation fault. 0x0827543e in S_invlist_iterinit (pRExC_state=0xbffff024, return_invlist=<value optimized out>, flagp=<value optimized out>, depth=5, oregcomp_parse=0x8743a39 "?[()])") at regcomp.c:9122 9122 *get_invlist_iter_addr(invlist) = 0; (gdb) bt #0 0x0827543e in S_invlist_iterinit (pRExC_state=0xbffff024, return_invlist=<value optimized out>, flagp=<value optimized out>, depth=5, oregcomp_parse=0x8743a39 "?[()])") at regcomp.c:9122 #1 S_handle_regex_sets (pRExC_state=0xbffff024, return_invlist=<value optimized out>, flagp=<value optimized out>, depth=5, oregcomp_parse=0x8743a39 "?[()])") at regcomp.c:13943 #2 0x0825702d in S_reg (pRExC_state=0xbffff024, paren=<value optimized out>, flagp=<value optimized out>, depth=5) at regcomp.c:10427 #3 0x08278abe in S_regatom (pRExC_state=0xbffff024, flagp=<value optimized out>, depth=<value optimized out>) at regcomp.c:11733 #4 S_regpiece (pRExC_state=0xbffff024, flagp=<value optimized out>, depth=<value optimized out>) at regcomp.c:10808 #5 0x0828636d in S_regbranch (pRExC_state=0xbffff024, flagp=0xbfffee18, first=<value optimized out>, depth=2) at regcomp.c:10733 #6 0x0824fb4b in S_reg (pRExC_state=0xbffff024, paren=<value optimized out>, flagp=<value optimized out>, depth=1) at regcomp.c:10483 #7 0x0828a000 in Perl_re_op_compile (patternp=0x0, pat_count=0, expr=0x8743914, eng=0x870a420, old_re=0x0, is_bare_re=0x0, orig_rx_flags=0, pm_flags=0) at regcomp.c:6881 #8 0x080d50a8 in Perl_pmruntime (o=0x8743934, expr=0x8743914, repl=0x0, isreg=true, floor=0) at op.c:5579 #9 0x081ce568 in Perl_yyparse (gramtype=258) at perly.y:1038 #10 0x0810f4af in S_parse_body (env=<value optimized out>, xsinit=<value optimized out>) at perl.c:2296 #11 0x081128c9 in perl_parse (my_perl=0x8729008, xsinit=0x8065dc0 <xs_init>, argc=2, argv=0xbffff4e4, env=0x0) at perl.c:1626 #12 0x08065b85 in main (argc=2, argv=0xbffff4e4, env=0xbffff4f0) at perlmain.c:114 (gdb) l 9117 PERL_STATIC_INLINE void 9118 S_invlist_iterinit(SV* invlist) /* Initialize iterator for invlist */ 9119 { 9120 PERL_ARGS_ASSERT_INVLIST_ITERINIT; 9121 9122 *get_invlist_iter_addr(invlist) = 0; 9123 } 9124 9125 PERL_STATIC_INLINE void 9126 S_invlist_iterfinish(SV* invlist) (gdb) ==1344== Memcheck, a memory error detector ==1344== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==1344== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==1344== Command: ../../bin/perl f2i000041 ==1344== The regex_sets feature is experimental in regex; marked by <-- HERE in m/(?[ <-- HERE ()])/ at f2i000041 line 1. ==1344== Invalid write of size 4 ==1344== at 0x827543E: S_handle_regex_sets (regcomp.c:9122) ==1344== by 0x825702C: S_reg (regcomp.c:10427) ==1344== by 0x8278ABD: S_regpiece (regcomp.c:11733) ==1344== by 0x828636C: S_regbranch (regcomp.c:10733) ==1344== by 0x824FB4A: S_reg (regcomp.c:10483) ==1344== by 0x8289FFF: Perl_re_op_compile (regcomp.c:6881) ==1344== by 0x80D50A7: Perl_pmruntime (op.c:5579) ==1344== by 0x81CE567: Perl_yyparse (perly.y:1038) ==1344== by 0x810F4AE: S_parse_body (perl.c:2296) ==1344== by 0x81128C8: perl_parse (perl.c:1626) ==1344== by 0x8065B84: main (perlmain.c:114) ==1344== Address 0x18 is not stack'd, malloc'd or (recently) free'd ==1344== ==1344== ==1344== Process terminating with default action of signal 11 (SIGSEGV) ==1344== Access not within mapped region at address 0x18 ==1344== at 0x827543E: S_handle_regex_sets (regcomp.c:9122) ==1344== by 0x825702C: S_reg (regcomp.c:10427) ==1344== by 0x8278ABD: S_regpiece (regcomp.c:11733) ==1344== by 0x828636C: S_regbranch (regcomp.c:10733) ==1344== by 0x824FB4A: S_reg (regcomp.c:10483) ==1344== by 0x8289FFF: Perl_re_op_compile (regcomp.c:6881) ==1344== by 0x80D50A7: Perl_pmruntime (op.c:5579) ==1344== by 0x81CE567: Perl_yyparse (perly.y:1038) ==1344== by 0x810F4AE: S_parse_body (perl.c:2296) ==1344== by 0x81128C8: perl_parse (perl.c:1626) ==1344== by 0x8065B84: main (perlmain.c:114) ==1344== If you believe this happened as a result of a stack ==1344== overflow in your program's main thread (unlikely but ==1344== possible), you can try to increase the size of the ==1344== main thread stack using the --main-stacksize= flag. ==1344== The main thread stack size used in this run was 8388608. ==1344== ==1344== HEAP SUMMARY: ==1344== in use at exit: 115,550 bytes in 667 blocks ==1344== total heap usage: 754 allocs, 87 frees, 120,444 bytes allocated ==1344== ==1344== LEAK SUMMARY: ==1344== definitely lost: 168 bytes in 1 blocks ==1344== indirectly lost: 2,683 bytes in 40 blocks ==1344== possibly lost: 12,878 bytes in 293 blocks ==1344== still reachable: 99,821 bytes in 333 blocks ==1344== suppressed: 0 bytes in 0 blocks ==1344== Rerun with --leak-check=full to see details of leaked memory ==1344== ==1344== For counts of detected and suppressed errors, rerun with: -v ==1344== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 25 from 8) Segmentation fault
RT-Send-CC: perl5-porters [...] perl.org
Thanks for reporting this. I'll fix it -- Karl Williamson
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 129b
Thanks for finding and reporting this. Now fixed in blead by commit e7cce976d7dd1f4fda1f387d02c6403f43346e9c -- Karl Williamson


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org