Skip Menu |
Report information
Id: 131628
Status: open
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: randir <sergey.aleynikov [at] gmail.com>
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: medium
Type: core
Perl Version: 5.27.1
Fixed In: (no value)



From: Sergey Aleynikov <sergey.aleynikov [...] gmail.com>
Date: Thu, 22 Jun 2017 21:11:46 +0300
To: perlbug [...] perl.org
Subject: Memory leak in S_pmtrans
Download (untitled) / with headers
text/plain 4.9k
This is a bug report for perl from sergey.aleynikov@gmail.com, generated with the help of perlbug 1.40 running under perl 5.27.1. ----------------------------------------------------------------- [Please describe your issue here] While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run under libdislocator, I found the following program eval"y//\x{e00}/" #while (1) to leak memory. To observe the leak without ASAN, remove the '#' symbol. ASAN info about the leaked allocation is: ================================================================= ==47410==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1 byte(s) in 1 object(s) allocated from: #0 0x4ea778 in malloc (/home/afl/afl-asan/perl+0x4ea778) #1 0x85fd9e in Perl_safesysmalloc /home/afl/afl-asan/util.c:153:21 #2 0xc7b782 in Perl_bytes_to_utf8 /home/afl/afl-asan/utf8.c:2145:5 #3 0x54783b in S_pmtrans /home/afl/afl-asan/op.c:5339:18 #4 0x54783b in Perl_pmruntime /home/afl/afl-asan/op.c:5740 #5 0x706734 in Perl_yyparse /home/afl/afl-asan/perly.y:1210:23 #6 0xb227bf in S_doeval_compile /home/afl/afl-asan/pp_ctl.c:3456:77 #7 0xb1fa12 in Perl_pp_entereval /home/afl/afl-asan/pp_ctl.c:4415:9 #8 0x85a804 in Perl_runops_debug /home/afl/afl-asan/dump.c:2451:23 #9 0x5f72f5 in S_run_body /home/afl/afl-asan/perl.c:2548:2 #10 0x5f72f5 in perl_run /home/afl/afl-asan/perl.c:2471 #11 0x5225c2 in main /home/afl/afl-asan/perlmain.c:123:9 #12 0x7fb5ef9952b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: 1 byte(s) leaked in 1 allocation(s). [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=medium --- Site configuration information for perl 5.27.1: Configured by root at Sun May 28 01:44:41 MSK 2017. Summary of my perl5 (revision 5 version 26 subversion 0) configuration: Derived from: 4c95ee9f298c2edfc1382d540ff89288790e78b6 Platform: osname=linux osvers=4.9.0-3-amd64 archname=x86_64-linux uname='linux dorothy 4.9.0-3-amd64 #1 smp debian 4.9.25-1 (2017-05-02) x86_64 gnulinux ' config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-O0 -g -ggdb3 -fno-omit-frame-pointer' hint=previous useposix=true d_sigaction=define useithreads=undef usemultiplicity=undef use64bitint=define use64bitall=define uselongdouble=undef usemymalloc=n default_inc_excludes_dot=define bincompat5005=undef Compiler: cc='afl-clang-fast' ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2' optimize='-O0 -g -ggdb3 -fno-omit-frame-pointer' cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='' gccversion='4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)' gccosandvers='' intsize=4 longsize=8 ptrsize=8 doublesize=8 byteorder=12345678 doublekind=3 d_longlong=define longlongsize=8 d_longdbl=define longdblsize=16 longdblkind=3 ivtype='long' ivsize=8 nvtype='double' nvsize=8 Off_t='off_t' lseeksize=8 alignbytes=8 prototype=define Linker and Libraries: ld='afl-clang-fast' ldflags =' -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib /usr/include/x86_64-linux-gnu /usr/lib libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=libc-2.24.so so=so useshrplib=false libperl=libperl.a gnulibc_version='2.24' Dynamic Linking: dlsrc=dl_dlopen.xs dlext=so d_dlsymun=undef ccdlflags='-Wl,-E' cccdlflags='-fPIC' lddlflags='-shared -O0 -g -ggdb3 -fno-omit-frame-pointer -L/usr/local/lib -fstack-protector-strong' Locally applied patches: uncommitted-changes --- @INC for perl 5.27.1: lib /usr/local/lib/perl5/site_perl/5.26.0/x86_64-linux /usr/local/lib/perl5/site_perl/5.26.0 /usr/local/lib/perl5/5.26.0/x86_64-linux /usr/local/lib/perl5/5.26.0 --- Environment for perl 5.27.1: HOME=/home/afl LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_CTYPE=en_US.UTF-8 LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games PERLBREW_BASHRC_VERSION=0.78 PERLBREW_HOME=/home/afl/.perlbrew PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.24.1-dbg/man PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin PERLBREW_PERL=perl-5.24.1-dbg PERLBREW_ROOT=/home/afl/perlbrew PERLBREW_VERSION=0.78 PERL_BADLANG (unset) SHELL=/usr/bin/zsh
To: perl5-porters [...] perl.org
Subject: Re: [perl #131628] Memory leak in S_pmtrans
Date: Thu, 22 Jun 2017 12:24:35 -0600
From: Karl Williamson <public [...] khwilliamson.com>
On 06/22/2017 12:11 PM, Sergey Aleynikov (via RT) wrote: Show quoted text
> # New Ticket Created by Sergey Aleynikov > # Please include the string: [perl #131628] > # in the subject line of all future correspondence about this issue. > # <URL: https://rt.perl.org/Ticket/Display.html?id=131628 > > > > This is a bug report for perl from sergey.aleynikov@gmail.com, > generated with the help of perlbug 1.40 running under perl 5.27.1. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run > under libdislocator, I found the following program > > eval"y//\x{e00}/" #while (1) > > to leak memory. To observe the leak without ASAN, remove the '#' > symbol. ASAN info about the leaked allocation is: >
I was in the middle of revamping this code when I ran out of time in 5.26. Initially, the revamp was to avoid the use of utf8_heavy.pl. Anyway, I'll look into this when I get back into the revamp, so it would likely be a waste of time for someone else to look at it.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org