Skip Menu |
Report information
Id: 132433
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: (no value)



From: Brian Carpenter <brian.carpenter [...] gmail.com>
To: perlbug [...] perl.org
Subject: segfault in S_check_uni (toke.c:1938)
Date: Sat, 11 Nov 2017 15:58:54 -0600
Download (untitled) / with headers
text/plain 1024b
./perl -e 'dj{lc-&1J' triggers a segfault in v5.27.5-323-g2b503742ec.

==26052==ERROR: AddressSanitizer: SEGV on unknown address 0x602000010000 (pc 0x7f3e54333caa bp 0x7fffccd42ab0 sp 0x7fffccd42248 T0)
==26052==The signal is caused by a READ memory access.
    #0 0x7f3e54333ca9 in memchr (/lib/x86_64-linux-gnu/libc.so.6+0x90ca9)
    #1 0x451731 in __interceptor_memchr (/root/perl/perl+0x451731)
    #2 0x6a520d in S_check_uni /root/perl/toke.c:1938:9
    #3 0x65a8ab in Perl_yylex /root/perl/toke.c:5768:7
    #4 0x6cb273 in Perl_yyparse /root/perl/perly.c:340:34
    #5 0x5bfd22 in S_parse_body /root/perl/perl.c:2452:9
    #6 0x5b7c5a in perl_parse /root/perl/perl.c:1755:2
    #7 0x5033e5 in main /root/perl/perlmain.c:121:18
    #8 0x7f3e542c33f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
    #9 0x4360a9 in _start (/root/perl/perl+0x4360a9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x90ca9) in memchr
==26052==ABORTING
Subject: Re: [perl #132433] perlbug AutoReply: segfault in S_check_uni (toke.c:1938)
Date: Sat, 11 Nov 2017 16:03:44 -0600
From: Brian Carpenter <brian.carpenter [...] gmail.com>
To: perlbug-followup [...] perl.org
Download (untitled) / with headers
text/plain 1.5k
./perl -e '-C-' also triggers this segfault, unless you put -C- in file and run ./perl file in which case it triggers this:

==26553==ERROR: AddressSanitizer: negative-size-param: (size=-1)
    #0 0x451782 in __interceptor_memchr (/root/perl/perl+0x451782)
    #1 0x6a520d in S_check_uni /root/perl/toke.c:1938:9
    #2 0x65a8ab in Perl_yylex /root/perl/toke.c:5768:7
    #3 0x6cb273 in Perl_yyparse /root/perl/perly.c:340:34
    #4 0x5bfd22 in S_parse_body /root/perl/perl.c:2452:9
    #5 0x5b7c5a in perl_parse /root/perl/perl.c:1755:2
    #6 0x5033e5 in main /root/perl/perlmain.c:121:18
    #7 0x7febd38513f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
    #8 0x4360a9 in _start (/root/perl/perl+0x4360a9)

0x602000000df3 is located 3 bytes inside of 10-byte region [0x602000000df0,0x602000000dfa)
allocated by thread T0 here:
    #0 0x4d6da3 in malloc (/root/perl/perl+0x4d6da3)
    #1 0x7f6f98 in Perl_safesysmalloc /root/perl/util.c:153:21
    #2 0x8efcab in Perl_sv_grow /root/perl/sv.c:1603:17
    #3 0x9072d9 in Perl_sv_setpvn /root/perl/sv.c:5004:12
    #4 0x956fae in Perl_newSVpvn /root/perl/sv.c:9441:5
    #5 0x60de28 in Perl_lex_start /root/perl/toke.c:768:20
    #6 0x5bfc32 in S_parse_body /root/perl/perl.c:2441:5
    #7 0x5b7c5a in perl_parse /root/perl/perl.c:1755:2
    #8 0x5033e5 in main /root/perl/perlmain.c:121:18
    #9 0x7febd38513f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)

SUMMARY: AddressSanitizer: negative-size-param (/root/perl/perl+0x451782) in __interceptor_memchr
==26553==ABORTING
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 1.6k
On Sat, 11 Nov 2017 14:04:40 -0800, brian.carpenter@gmail.com wrote: Show quoted text
> ./perl -e '-C-' also triggers this segfault, unless you put -C- in file and > run ./perl file in which case it triggers this: > > ==26553==ERROR: AddressSanitizer: negative-size-param: (size=-1) > #0 0x451782 in __interceptor_memchr (/root/perl/perl+0x451782) > #1 0x6a520d in S_check_uni /root/perl/toke.c:1938:9 > #2 0x65a8ab in Perl_yylex /root/perl/toke.c:5768:7 > #3 0x6cb273 in Perl_yyparse /root/perl/perly.c:340:34 > #4 0x5bfd22 in S_parse_body /root/perl/perl.c:2452:9 > #5 0x5b7c5a in perl_parse /root/perl/perl.c:1755:2 > #6 0x5033e5 in main /root/perl/perlmain.c:121:18 > #7 0x7febd38513f0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x203f0) > #8 0x4360a9 in _start (/root/perl/perl+0x4360a9) > > 0x602000000df3 is located 3 bytes inside of 10-byte region > [0x602000000df0,0x602000000dfa) > allocated by thread T0 here: > #0 0x4d6da3 in malloc (/root/perl/perl+0x4d6da3) > #1 0x7f6f98 in Perl_safesysmalloc /root/perl/util.c:153:21 > #2 0x8efcab in Perl_sv_grow /root/perl/sv.c:1603:17 > #3 0x9072d9 in Perl_sv_setpvn /root/perl/sv.c:5004:12 > #4 0x956fae in Perl_newSVpvn /root/perl/sv.c:9441:5 > #5 0x60de28 in Perl_lex_start /root/perl/toke.c:768:20 > #6 0x5bfc32 in S_parse_body /root/perl/perl.c:2441:5 > #7 0x5b7c5a in perl_parse /root/perl/perl.c:1755:2 > #8 0x5033e5 in main /root/perl/perlmain.c:121:18 > #9 0x7febd38513f0 in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x203f0) > > SUMMARY: AddressSanitizer: negative-size-param (/root/perl/perl+0x451782) > in __interceptor_memchr > ==26553==ABORTING
Fixed in commit 4efcdc02.
From: Zefram <zefram [...] fysh.org>
To: perl5-porters [...] perl.org
Subject: Re: [perl #132433] segfault in S_check_uni (toke.c:1938)
Date: Sun, 12 Nov 2017 02:28:19 +0000
Download (untitled) / with headers
text/plain 146b
l.mai@web.de via RT wrote: Show quoted text
>Fixed in commit 4efcdc02.
That's not a fix. It avoids crashing, but the parser state still gets messed up. -zefram
From: Zefram <zefram [...] fysh.org>
To: perl5-porters [...] perl.org
Subject: Re: [perl #132433] segfault in S_check_uni (toke.c:1938)
Date: Sun, 12 Nov 2017 02:32:46 +0000
I wrote: Show quoted text
>That's not a fix.
Sorry, I misread it. I think it's fine. -zefram


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org