Skip Menu |
Report information
Id: 127334
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: (no value)



Subject: Segfault in S_incline at toke.c:1697
Download (untitled) / with headers
text/plain 1.2k
Found while fuzzing Perl v5.23.8 (v5.23.7-9-gd15ad02) with American Fuzzy Lop. This crash happens with v5.20.2 (x64 Debian) as well, but not with v5.14.2 (x64 Debian) or 5.20.2 (x64 FreeBSD) and v5.20.3 (x86 FreeBSD). hexdump -C test00 00000000 23 6c 69 6e 65 20 30 30 30 30 30 30 30 30 30 30 |#line 0000000000| 00000010 30 30 30 30 30 30 30 |0000000| 00000017 Program received signal SIGSEGV, Segmentation fault. S_incline (s=0x1242cf7 "") at toke.c:1697 1697 while (!isSPACE(*t)) (gdb) bt #0 S_incline (s=0x1242cf7 "") at toke.c:1697 #1 0x00000000005f67ec in Perl_yylex () at toke.c:4984 #2 0x000000000066b7f5 in Perl_yyparse (gramtype=772) at perly.c:322 #3 0x000000000053b6a9 in S_parse_body (env=env@entry=0x0, xsinit=xsinit@entry=0x42c0b0 <xs_init>) at perl.c:2314 #4 0x000000000054344b in perl_parse (my_perl=<optimized out>, xsinit=xsinit@entry=0x42c0b0 <xs_init>, argc=<optimized out>, argv=<optimized out>, env=env@entry=0x0) at perl.c:1636 #5 0x000000000042bcd8 in main (argc=2, argv=0x7fffffffe378, env=0x7fffffffe390) at perlmain.c:114 (gdb) list 1692 s++; 1693 e = t + 1; 1694 } 1695 else { 1696 t = s; 1697 while (!isSPACE(*t)) 1698 t++; 1699 e = t; 1700 } 1701 while (SPACE_OR_TAB(*e) || *e == '\r' || *e == '\f')
Subject: test00
Download test00
application/octet-stream 23b

Message body not shown because it is not plain text.

RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 265b
On Wed Jan 20 18:22:43 2016, brian.carpenter@gmail.com wrote: Show quoted text
> Program received signal SIGSEGV, Segmentation fault. > S_incline (s=0x1242cf7 "") at toke.c:1697 > 1697 while (!isSPACE(*t))
Thanks, fixed by 1bb1a3d6d354f67d1158693a799cb49037d27475. Tony
Download (untitled) / with headers
text/plain 252b
Thank you for submitting this report. You have helped make Perl better. With the release of Perl 5.24.0 on May 9, 2016, this and 149 other issues have been resolved. Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org