Skip Menu |
Report information
Id: 131746
Status: open
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: (no value)



Date: Wed, 12 Jul 2017 13:51:03 -0500
From: Brian Carpenter <brian.carpenter [...] gmail.com>
Subject: runtime error: null pointer passed as argument 1, which is declared to never be null (pp_hot.c:4147:6)
To: perlbug [...] perl.org
Download (untitled) / with headers
text/plain 1.9k
While compiling 1e629c2 for the purposes of fuzzing, I encountered some "Undefined Behavior" which should probably be fixed.

Command line:
./Configure -des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-O2\ -g -Accflags='-fsanitize=address,undefined -fno-omit-frame-pointer' -Aldflags='-fsanitize=address,undefined -fno-omit-frame-pointer' && AFL_TRACE_PC=1 AFL_USE_ASAN=1 make

Error:
afl-clang-fast [tpcg] 2.46b by <lszekeres@google.com>
./miniperl -w -Ilib -Idist/Exporter/lib -MExporter -e '<?>' || sh -c 'echo >&2 Failed to build miniperl.  Please run make minitest; exit 1'
pp_hot.c:4147:6: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior pp_hot.c:4147:6

I tried to get a stack trace, but this is all UBSan would give up:
UBSAN_OPTIONS=symbolize=1:halt_on_error=1:abort_on_error=1:print_stacktrace=1 AFL_TRACE_PC=1 AFL_USE_ASAN=1 make
./miniperl -Ilib make_ext.pl cpan/Archive-Tar/pm_to_blib  MAKE="make" LIBPERL_A=libperl.a
pp_hot.c:4147:6: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0xeff26a  (/root/perl/miniperl+0xeff26a)
    #1 0x69d223  (/root/perl/miniperl+0x69d223)
    #2 0x677d0c  (/root/perl/miniperl+0x677d0c)
    #3 0x5ce100  (/root/perl/miniperl+0x5ce100)
    #4 0x559854  (/root/perl/miniperl+0x559854)
    #5 0x9642ff  (/root/perl/miniperl+0x9642ff)
    #6 0x68d51f  (/root/perl/miniperl+0x68d51f)
    #7 0x67d050  (/root/perl/miniperl+0x67d050)
    #8 0x17dd231  (/root/perl/miniperl+0x17dd231)
    #9 0x7fbe01104b44  (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #10 0x41ef5b  (/root/perl/miniperl+0x41ef5b)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior pp_hot.c:4147:6 in
Aborted
makefile:586: recipe for target 'cpan/Archive-Tar/pm_to_blib' failed
make: *** [cpan/Archive-Tar/pm_to_blib] Error 134
From: Tony Cook <tony [...] develop-help.com>
Date: Thu, 13 Jul 2017 15:01:25 +1000
Subject: Re: [perl #131746] runtime error: null pointer passed as argument 1, which is declared to never be null (pp_hot.c:4147:6)
To: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 3.4k
On Wed, Jul 12, 2017 at 11:51:52AM -0700, Brian Carpenter wrote: Show quoted text
> # New Ticket Created by Brian Carpenter > # Please include the string: [perl #131746] > # in the subject line of all future correspondence about this issue. > # <URL: https://rt.perl.org/Ticket/Display.html?id=131746 > > > > While compiling 1e629c2 for the purposes of fuzzing, I encountered some > "Undefined Behavior" which should probably be fixed. > > Command line: > ./Configure -des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-O2\ > -g -Accflags='-fsanitize=address,undefined -fno-omit-frame-pointer' > -Aldflags='-fsanitize=address,undefined -fno-omit-frame-pointer' && > AFL_TRACE_PC=1 AFL_USE_ASAN=1 make > > Error: > afl-clang-fast [tpcg] 2.46b by <lszekeres@google.com> > ./miniperl -w -Ilib -Idist/Exporter/lib -MExporter -e '<?>' || sh -c 'echo
> >&2 Failed to build miniperl. Please run make minitest; exit 1'
> pp_hot.c:4147:6: runtime error: null pointer passed as argument 1, which is > declared to never be null > /usr/include/string.h:47:28: note: nonnull attribute specified here > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior pp_hot.c:4147:6 > > I tried to get a stack trace, but this is all UBSan would give up: > UBSAN_OPTIONS=symbolize=1:halt_on_error=1:abort_on_error=1:print_stacktrace=1 > AFL_TRACE_PC=1 AFL_USE_ASAN=1 make > ./miniperl -Ilib make_ext.pl cpan/Archive-Tar/pm_to_blib MAKE="make" > LIBPERL_A=libperl.a > pp_hot.c:4147:6: runtime error: null pointer passed as argument 1, which is > declared to never be null > /usr/include/string.h:47:28: note: nonnull attribute specified here > #0 0xeff26a (/root/perl/miniperl+0xeff26a) > #1 0x69d223 (/root/perl/miniperl+0x69d223) > #2 0x677d0c (/root/perl/miniperl+0x677d0c) > #3 0x5ce100 (/root/perl/miniperl+0x5ce100) > #4 0x559854 (/root/perl/miniperl+0x559854) > #5 0x9642ff (/root/perl/miniperl+0x9642ff) > #6 0x68d51f (/root/perl/miniperl+0x68d51f) > #7 0x67d050 (/root/perl/miniperl+0x67d050) > #8 0x17dd231 (/root/perl/miniperl+0x17dd231) > #9 0x7fbe01104b44 (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) > #10 0x41ef5b (/root/perl/miniperl+0x41ef5b) > > SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior pp_hot.c:4147:6 in > Aborted > makefile:586: recipe for target 'cpan/Archive-Tar/pm_to_blib' failed > make: *** [cpan/Archive-Tar/pm_to_blib] Error 134
I haven't been able to reproduce this. To get more information you might try it under a debugger, so something like: ASAN_OPTIONS=abort_on_error=1 gdb --args ./miniperl -Ilib make_ext.pl cpan/Archive-Tar/pm_to_blib MAKE="make" LIBPERL_A=libperl.a Given the line number, this code: Copy(MARK+1,AvARRAY(av),items,SV*); is the problem, but I don't see how MARK can be NULL (and MARK+1 won't be NULL). So it's likely AvARRAY(av) is NULL, and in this case items is probably zero. Copy() is essentially a wrapper around memcpy(), and from this message: Show quoted text
> /usr/include/string.h:47:28: note: nonnull attribute specified here
it looks like memcpy() has NULL restrictions on its pointer parameters (I found none in my local string.h), which seemed kind of questionable, but both: https://stackoverflow.com/questions/5243012/is-it-guaranteed-to-be-safe-to-perform-memcpy0-0-0 and https://www.imperialviolet.org/2016/06/26/nonnull.html make a good argument that it isn't. Can you reproduce the problem if you add a conditional to that line, eg: if (items) Copy(MARK+1,AvARRAY(av),items,SV*); Tony
Subject: Re: [perl #131746] runtime error: null pointer passed as argument 1, which is declared to never be null (pp_hot.c:4147:6)
To: perlbug-followup [...] perl.org
Date: Thu, 13 Jul 2017 00:54:33 -0500
From: Brian Carpenter <brian.carpenter [...] gmail.com>
Download (untitled) / with headers
text/plain 2.1k
llvm-symbolizer wasn't in my $PATH on this particular machine. Once I solved that oversight:

afl-clang-fast [tpcg] 2.46b by <lszekeres@google.com>
afl-clang-fast -fstack-protector-strong -L/usr/local/lib -fsanitize=address,undefined -fno-omit-frame-pointer -fsanitize=address,undefined -fno-omit-frame-pointer -fsanitize=address,undefined -fno-omit-frame-pointer -fsanitize=address,undefined -fno-omit-frame-pointer -fsanitize=address,undefined -fno-omit-frame-pointer -fsanitize=address,undefined -fno-omit-frame-pointer -o miniperl \
    opmini.o perlmini.o  gv.o toke.o perly.o pad.o regcomp.o dump.o util.o mg.o reentr.o mro_core.o keywords.o hv.o av.o run.o pp_hot.o sv.o pp.o scope.o pp_ctl.o pp_sys.o doop.o doio.o regexec.o utf8.o taint.o deb.o universal.o globals.o perlio.o perlapi.o numeric.o mathoms.o locale.o pp_pack.o pp_sort.o caretx.o dquote.o time64.o  miniperlmain.o  -lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
afl-clang-fast [tpcg] 2.46b by <lszekeres@google.com>
./miniperl -w -Ilib -Idist/Exporter/lib -MExporter -e '<?>' || sh -c 'echo >&2 Failed to build miniperl.  Please run make minitest; exit 1'
pp_hot.c:4147:6: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0xeff26a in Perl_pp_entersub /root/perl/pp_hot.c:4147:6
    #1 0x69d223 in Perl_call_sv /root/perl/perl.c:2872:6
    #2 0x677d0c in Perl_call_list /root/perl/perl.c:5043:6
    #3 0x5ce100 in S_process_special_blocks /root/perl/op.c:9058:6
    #4 0x559854 in Perl_newATTRSUB_x /root/perl/op.c:8987:21
    #5 0x9642ff in Perl_yyparse /root/perl/perly.y:302:12
    #6 0x68d51f in S_parse_body /root/perl/perl.c:2401:9
    #7 0x67d050 in perl_parse /root/perl/perl.c:1719:2
    #8 0x17dd371 in main /root/perl/miniperlmain.c:127:18
    #9 0x7fde4561cb44 in __libc_start_main /build/glibc-6V9RKT/glibc-2.19/csu/libc-start.c:287
    #10 0x41ef5b in _start (/root/perl/miniperl+0x41ef5b)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior pp_hot.c:4147:6 in
Aborted
Failed to build miniperl. Please run make minitest
makefile:362: recipe for target 'lib/buildcustomize.pl' failed
make: *** [lib/buildcustomize.pl] Error 1
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 276b
On Wed, 12 Jul 2017 22:56:09 -0700, brian.carpenter@gmail.com wrote: Show quoted text
> llvm-symbolizer wasn't in my $PATH on this particular machine. Once I > solved that oversight:
Thanks, I'm pretty sure the fix in my previous response will solve it, could you please try it? Thanks, Tony


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org