Skip Menu |
Report information
Id: 126404
Status: resolved
Priority: 0/
Queue: perl5

Owner: khw <khw [at] cpan.org>
Requestors: dcollinsn [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: (no value)



Subject: Assert fail with regex_sets error message, related to 125805
Download (untitled) / with headers
text/plain 7.3k
Greetings Porters, I have compiled bleadperl with the afl-gcc compiler using: ./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Duselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -des AFL_HARDEN=1 make && make test And then fuzzed the resulting binary using: AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@ After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers an assert fail in debugging builds of the perl interpreter. The testcase is the file: 00./(?[!()])/ This is related to bug 125805, in fact I didn't file this sooner because I thought it was the same bug. However after that was fixed, this assert still fails on debugging builds. Non-debugging builds emit the warning but exit normally. Valgrind is clean except for the backtrace from the SIGABRT. Output on debugging perl: The regex_sets feature is experimental in regex; marked by <-- HERE in m/(?[ <-- HERE !()])/ at -e line 1. perl: regcomp.c:13810: S_handle_regex_sets: Assertion `(! ((current)->sv_flags & 0x00000100))' failed. Aborted **GDB** (gdb) run Starting program: /home/dcollins/perldebug/perl -e 00./\(\?\[\!\(\)\]\)/ [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". The regex_sets feature is experimental in regex; marked by <-- HERE in m/(?[ <-- HERE !()])/ at -e line 1. perl: regcomp.c:13810: S_handle_regex_sets: Assertion `(! ((current)->sv_flags & 0x00000100))' failed. Program received signal SIGABRT, Aborted. 0x00007ffff6cf4107 in raise () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x00007ffff6cf4107 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007ffff6cf54e8 in abort () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007ffff6ced226 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x00007ffff6ced2d2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6 #4 0x0000000000727779 in S_handle_regex_sets (pRExC_state=0x7fffffffdaa0, return_invlist=0xbd36, flagp=0x6, depth=4294967295, oregcomp_parse=0xfefefefefefefe00 <error: Cannot access memory at address 0xfefefefefefefe00>) at regcomp.c:13810 #5 0x00000000006ff63a in S_reg (pRExC_state=0x7fffffffdaa0, paren=48438, flagp=0x7fffffffd60c, depth=4294967295) at regcomp.c:10494 #6 0x000000000072a375 in S_regatom (pRExC_state=0x7fffffffdaa0, flagp=0x7fffffffd79c, depth=4) at regcomp.c:11804 #7 0x000000000073a836 in S_regpiece (depth=<optimized out>, flagp=<optimized out>, pRExC_state=<optimized out>) at regcomp.c:10880 #8 S_regbranch (pRExC_state=0x7fffffffdaa0, flagp=0xbd36, first=-10116, depth=4294967295) at regcomp.c:10805 #9 0x000000000075d007 in S_reg (pRExC_state=0x7fffffffdaa0, flagp=0x7fffffffd96c, depth=<optimized out>, paren=<optimized out>) at regcomp.c:10550 #10 0x000000000079b9a9 in Perl_re_op_compile (patternp=0x1211f78, pat_count=0, expr=0x12080a8, eng=0xffffffffffffffff, old_re=0xe, is_bare_re=0x1211e40, orig_rx_flags=0, pm_flags=0) at regcomp.c:6953 #11 0x00000000004e7ec2 in Perl_pmruntime (o=0x1211d88, expr=0x1211d48, repl=0x6, isreg=255, floor=7948352) at op.c:5580 #12 0x000000000066f07d in Perl_yyparse (gramtype=18947464) at perly.y:1032 #13 0x000000000053a659 in S_parse_body (env=env@entry=0x0, xsinit=xsinit@entry=0x42c060 <xs_init>) at perl.c:2307 #14 0x00000000005423e3 in perl_parse (my_perl=<optimized out>, xsinit=xsinit@entry=0x42c060 <xs_init>, argc=<optimized out>, argv=<optimized out>, env=env@entry=0x0) at perl.c:1634 #15 0x000000000042bc88 in main (argc=3, argv=0x7fffffffe338, env=0x7fffffffe358) at perlmain.c:114 (gdb) info locals No symbol table info available. (gdb) f 4 #4 0x0000000000727779 in S_handle_regex_sets (pRExC_state=0x7fffffffdaa0, return_invlist=0xbd36, flagp=0x6, depth=4294967295, oregcomp_parse=0xfefefefefefefe00 <error: Cannot access memory at address 0xfefefefefefefe00>) at regcomp.c:13810 13810 assert(IS_OPERAND(current)); (gdb) info locals stacked_operator = 0 '\000' lhs = 0x1208120 rhs = 0x0 current = 0x1208108 start = 0 end = 0 stack = 0x12080d8 len = 0 save_end = 0x100 <error: Cannot access memory at address 0x100> save_parse = 0x0 re_debug_flags = 0 __PRETTY_FUNCTION__ = "S_handle_regex_sets" (gdb) print *current $1 = {sv_any = 0x12080f8, sv_refcnt = 1, sv_flags = 4353, sv_u = {svu_pv = 0x21 <error: Cannot access memory at address 0x21>, svu_iv = 33, svu_uv = 33, svu_rv = 0x21, svu_rx = 0x21, svu_array = 0x21, svu_hash = 0x21, svu_gp = 0x21, svu_fp = 0x21}} (gdb) **PERL -V** Summary of my perl5 (revision 5 version 23 subversion 4) configuration: Commit id: a7dba6f870a82e3be87bda50593cb5d2042277fd Platform: osname=linux, osvers=3.16.0-4-amd64, archname=x86_64-linux-ld uname='linux nightshade64 3.16.0-4-amd64 #1 smp debian 3.16.7-ckt11-1+deb8u4 (2015-09-19) x86_64 gnulinux ' config_args='-Dusedevel -Dprefix=/usr/local/perl-afl -Dcc=ccache afl-gcc -Duselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -DDEBUGGING -DDEBUG_LEAKING_SCALARS -des' hint=recommended, useposix=true, d_sigaction=define useithreads=undef, usemultiplicity=undef use64bitint=define, use64bitall=define, uselongdouble=define usemymalloc=n, bincompat5005=undef Compiler: cc='ccache afl-gcc', ccflags ='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-g', cppflags='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='', gccversion='4.9.2', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3 ivtype='long', ivsize=8, nvtype='long double', nvsize=16, Off_t='off_t', lseeksize=8 alignbytes=16, prototype=define Linker and Libraries: ld='ccache afl-gcc', ldflags =' -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=libc-2.19.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.19' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -g -L/usr/local/lib -fstack-protector-strong' Characteristics of this binary (from libperl): Compile-time options: DEBUGGING HAS_TIMES PERLIO_LAYERS PERL_COPY_ON_WRITE PERL_DONT_CREATE_GVSV PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_MALLOC_WRAP PERL_PRESERVE_IVUV PERL_USE_DEVEL USE_64_BIT_ALL USE_64_BIT_INT USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_LONG_DOUBLE USE_PERLIO USE_PERL_ATOF Built under linux Compiled at Oct 15 2015 20:45:21 @INC: /usr/local/perl-afl/lib/site_perl/5.23.4/x86_64-linux-ld /usr/local/perl-afl/lib/site_perl/5.23.4 /usr/local/perl-afl/lib/5.23.4/x86_64-linux-ld /usr/local/perl-afl/lib/5.23.4 .
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 114b
Fixed by 174c9902b4705cef6307f83a226a0cb315b09ea7 Thank you for finding this, and the others -- Karl Williamson
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 397b
On Mon Oct 19 21:30:58 2015, khw wrote: Show quoted text
> Fixed by 174c9902b4705cef6307f83a226a0cb315b09ea7 > > Thank you for finding this, and the others
I'm sorry that commit number above is wrong (pasted from the wrong copy) It should be 9457bb3f08028eb92e8c712a484c94d427c6009a And the text of that commit message had a typo. It patches this ticket, #126406 Spotted by Steve Hay. ---- Karl Williamson
Download (untitled) / with headers
text/plain 252b
Thank you for submitting this report. You have helped make Perl better. With the release of Perl 5.24.0 on May 9, 2016, this and 149 other issues have been resolved. Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org