Skip Menu |
Report information
Id: 131628
Status: pending release
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: randir <sergey.aleynikov [at] gmail.com>
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: medium
Type: core
Perl Version: 5.27.1
Fixed In: (no value)



From: Sergey Aleynikov <sergey.aleynikov [...] gmail.com>
Date: Thu, 22 Jun 2017 21:11:46 +0300
To: perlbug [...] perl.org
Subject: Memory leak in S_pmtrans
Download (untitled) / with headers
text/plain 4.9k
This is a bug report for perl from sergey.aleynikov@gmail.com, generated with the help of perlbug 1.40 running under perl 5.27.1. ----------------------------------------------------------------- [Please describe your issue here] While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run under libdislocator, I found the following program eval"y//\x{e00}/" #while (1) to leak memory. To observe the leak without ASAN, remove the '#' symbol. ASAN info about the leaked allocation is: ================================================================= ==47410==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1 byte(s) in 1 object(s) allocated from: #0 0x4ea778 in malloc (/home/afl/afl-asan/perl+0x4ea778) #1 0x85fd9e in Perl_safesysmalloc /home/afl/afl-asan/util.c:153:21 #2 0xc7b782 in Perl_bytes_to_utf8 /home/afl/afl-asan/utf8.c:2145:5 #3 0x54783b in S_pmtrans /home/afl/afl-asan/op.c:5339:18 #4 0x54783b in Perl_pmruntime /home/afl/afl-asan/op.c:5740 #5 0x706734 in Perl_yyparse /home/afl/afl-asan/perly.y:1210:23 #6 0xb227bf in S_doeval_compile /home/afl/afl-asan/pp_ctl.c:3456:77 #7 0xb1fa12 in Perl_pp_entereval /home/afl/afl-asan/pp_ctl.c:4415:9 #8 0x85a804 in Perl_runops_debug /home/afl/afl-asan/dump.c:2451:23 #9 0x5f72f5 in S_run_body /home/afl/afl-asan/perl.c:2548:2 #10 0x5f72f5 in perl_run /home/afl/afl-asan/perl.c:2471 #11 0x5225c2 in main /home/afl/afl-asan/perlmain.c:123:9 #12 0x7fb5ef9952b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: 1 byte(s) leaked in 1 allocation(s). [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=medium --- Site configuration information for perl 5.27.1: Configured by root at Sun May 28 01:44:41 MSK 2017. Summary of my perl5 (revision 5 version 26 subversion 0) configuration: Derived from: 4c95ee9f298c2edfc1382d540ff89288790e78b6 Platform: osname=linux osvers=4.9.0-3-amd64 archname=x86_64-linux uname='linux dorothy 4.9.0-3-amd64 #1 smp debian 4.9.25-1 (2017-05-02) x86_64 gnulinux ' config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-O0 -g -ggdb3 -fno-omit-frame-pointer' hint=previous useposix=true d_sigaction=define useithreads=undef usemultiplicity=undef use64bitint=define use64bitall=define uselongdouble=undef usemymalloc=n default_inc_excludes_dot=define bincompat5005=undef Compiler: cc='afl-clang-fast' ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2' optimize='-O0 -g -ggdb3 -fno-omit-frame-pointer' cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='' gccversion='4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)' gccosandvers='' intsize=4 longsize=8 ptrsize=8 doublesize=8 byteorder=12345678 doublekind=3 d_longlong=define longlongsize=8 d_longdbl=define longdblsize=16 longdblkind=3 ivtype='long' ivsize=8 nvtype='double' nvsize=8 Off_t='off_t' lseeksize=8 alignbytes=8 prototype=define Linker and Libraries: ld='afl-clang-fast' ldflags =' -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib /usr/include/x86_64-linux-gnu /usr/lib libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=libc-2.24.so so=so useshrplib=false libperl=libperl.a gnulibc_version='2.24' Dynamic Linking: dlsrc=dl_dlopen.xs dlext=so d_dlsymun=undef ccdlflags='-Wl,-E' cccdlflags='-fPIC' lddlflags='-shared -O0 -g -ggdb3 -fno-omit-frame-pointer -L/usr/local/lib -fstack-protector-strong' Locally applied patches: uncommitted-changes --- @INC for perl 5.27.1: lib /usr/local/lib/perl5/site_perl/5.26.0/x86_64-linux /usr/local/lib/perl5/site_perl/5.26.0 /usr/local/lib/perl5/5.26.0/x86_64-linux /usr/local/lib/perl5/5.26.0 --- Environment for perl 5.27.1: HOME=/home/afl LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_CTYPE=en_US.UTF-8 LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games PERLBREW_BASHRC_VERSION=0.78 PERLBREW_HOME=/home/afl/.perlbrew PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.24.1-dbg/man PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin PERLBREW_PERL=perl-5.24.1-dbg PERLBREW_ROOT=/home/afl/perlbrew PERLBREW_VERSION=0.78 PERL_BADLANG (unset) SHELL=/usr/bin/zsh
To: perl5-porters [...] perl.org
Subject: Re: [perl #131628] Memory leak in S_pmtrans
Date: Thu, 22 Jun 2017 12:24:35 -0600
From: Karl Williamson <public [...] khwilliamson.com>
On 06/22/2017 12:11 PM, Sergey Aleynikov (via RT) wrote: Show quoted text
> # New Ticket Created by Sergey Aleynikov > # Please include the string: [perl #131628] > # in the subject line of all future correspondence about this issue. > # <URL: https://rt.perl.org/Ticket/Display.html?id=131628 > > > > This is a bug report for perl from sergey.aleynikov@gmail.com, > generated with the help of perlbug 1.40 running under perl 5.27.1. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run > under libdislocator, I found the following program > > eval"y//\x{e00}/" #while (1) > > to leak memory. To observe the leak without ASAN, remove the '#' > symbol. ASAN info about the leaked allocation is: >
I was in the middle of revamping this code when I ran out of time in 5.26. Initially, the revamp was to avoid the use of utf8_heavy.pl. Anyway, I'll look into this when I get back into the revamp, so it would likely be a waste of time for someone else to look at it.
RT-Send-CC: perl5-porters [...] perl.org
This is fixed in blead; It wasn't trivial for me to bisect, so I gave up -- Karl Williamson


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org