Skip Menu |
Report information
Id: 131912
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: 5.27.3



Date: Wed, 16 Aug 2017 13:18:34 -0500
To: perlbug [...] perl.org
From: Brian Carpenter <brian.carpenter [...] gmail.com>
Subject: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' (dump.c:581:52)
Download (untitled) / with headers
text/plain 2.8k
While fuzzing v5.27.2-135-g7aaa36b196*, undefined-behavior was triggered in the form of a 'left shift of 1 by 31 places' in dump.c.

./perl -DB -e "/0\l0@0@0-@0@@0@@0@@0@@0@0@@0@@0@@0@@0@@0@'0/"

*SNIP*

dump.c:581:52: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
    #0 0xc86d96 in S_opdump_indent /root/perl5/dump.c:581:52
    #1 0xc1b6a1 in S_do_op_dump_bar /root/perl5/dump.c:986:5
    #2 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #3 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #4 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #5 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #6 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #7 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #8 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #9 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #10 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #11 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #12 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #13 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #14 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #15 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #16 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #17 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #18 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #19 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #20 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #21 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #22 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #23 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #24 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #25 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #26 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #27 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #28 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #29 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #30 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #31 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #32 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #33 0xc1dc8a in S_do_op_dump_bar /root/perl5/dump.c:1268:6
    #34 0xc1252c in Perl_do_op_dump /root/perl5/dump.c:1278:5
    #35 0xc1252c in Perl_op_dump /root/perl5/dump.c:1294
    #36 0xc1252c in Perl_dump_all_perl /root/perl5/dump.c:640
    #37 0x6c8487 in S_run_body /root/perl5/perl.c:2527:6
    #38 0x6c8487 in perl_run /root/perl5/perl.c:2484
    #39 0x5251dc in main /root/perl5/perlmain.c:123:9
    #40 0x7ff3a1cb34d9 in __libc_start_main (/lib64/libc.so.6+0x204d9)
    #41 0x4359d9 in _start (/root/perl5/perl+0x4359d9)

SUMMARY: AddressSanitizer: undefined-behavior dump.c:581:52
Subject: Re: [perl #131912] runtime error: left shift of 1 by 31 places cannot be represented in type 'int' (dump.c:581:52)
From: Dave Mitchell <davem [...] iabyn.com>
Date: Thu, 17 Aug 2017 08:35:02 +0100
To: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 1.9k
On Wed, Aug 16, 2017 at 11:19:22AM -0700, Brian Carpenter wrote: Show quoted text
> # New Ticket Created by Brian Carpenter > # Please include the string: [perl #131912] > # in the subject line of all future correspondence about this issue. > # <URL: https://rt.perl.org/Ticket/Display.html?id=131912 > > > > While fuzzing v5.27.2-135-g7aaa36b196*, undefined-behavior was triggered in > the form of a 'left shift of 1 by 31 places' in dump.c. > > ./perl -DB -e "/0\l0@0@0-@0@@0@@0@@0@@0@0@@0@@0@@0@@0@@0@'0/" > > *SNIP* > > dump.c:581:52: runtime error: left shift of 1 by 31 places cannot be > represented in type 'int' > #0 0xc86d96 in S_opdump_indent /root/perl5/dump.c:581:52
It's kind of intended behaviour. It's the mechanism for adding vertical bars when dumping ops, e.g.: 11 +--add BINOP(0x26fbbf0) ===> 1 [leave 0x26fa600] TARG = 5 FLAGS = (VOID,KIDS,SLABBED) PRIVATE = (0x2) | 12 +--add BINOP(0x26fbc70) ===> 13 [padsv 0x26fbc38] | TARG = 4 | FLAGS = (SCALAR,KIDS,PARENS,SLABBED,MORESIB) | PRIVATE = (0x2) | | 10 | +--padsv OP(0x26fbcf0) ===> 14 [padsv 0x26fbcb8] | | TARG = 1 | | FLAGS = (SCALAR,SLABBED,MORESIB) | | 14 | +--padsv OP(0x26fbcb8) ===> 12 [add 0x26fbc70] | TARG = 2 | FLAGS = (SCALAR,SLABBED) | 13 +--padsv OP(0x26fbc38) ===> 11 [add 0x26fbbf0] TARG = 3 FLAGS = (SCALAR,SLABBED) The code uses the bits in an int to indicate which columns in the leading indentation get a vertical bar. When the indentation gets too great, it doesn't bother with the left-most bars. However, the code could be tweaked to make clang happy, which is what I've just pushed as v5.27.2-142-gf649c62. -- The Enterprise is involved in a bizarre time-warp experience which is in some way unconnected with the Late 20th Century. -- Things That Never Happen in "Star Trek" #14


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org