Skip Menu |
Report information
Id: 132630
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: (no value)



Date: Wed, 20 Dec 2017 12:22:03 -0600
To: perlbug [...] perl.org
From: "Brian C." <brian.carpenter [...] gmail.com>
Subject: Assertion failure in Perl_fbm_instr (util.c:816)
This assertion failure was triggered with Perl v5.27.6-346-gd4abdeed82, built with clang 6-trunk and -fsanitize=address.

 ./perl -e '$_="0\x{1000000}";/^000?\0000/'
perl: util.c:816: char *Perl_fbm_instr(unsigned char *, unsigned char *, SV *, U32): Assertion `bigend >= big' failed.
Aborted

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
#1  0x00007ffff6cc837a in __GI_abort () at abort.c:89
#2  0x00007ffff6cbeb47 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0xcbcde0 <.str.35> "bigend >= big", file=file@entry=0xcbc440 <.str.9> "util.c", line=line@entry=816,
    function=function@entry=0xcbcc40 <__PRETTY_FUNCTION__.Perl_fbm_instr> "char *Perl_fbm_instr(unsigned char *, unsigned char *, SV *, U32)") at assert.c:92
#3  0x00007ffff6cbebf2 in __GI___assert_fail (assertion=0xcbcde0 <.str.35> "bigend >= big", file=0xcbc440 <.str.9> "util.c", line=816, function=0xcbcc40 <__PRETTY_FUNCTION__.Perl_fbm_instr> "char *Perl_fbm_instr(unsigned char *, unsigned char *, SV *, U32)") at assert.c:101
#4  0x00000000007bda79 in Perl_fbm_instr (big=<optimized out>, bigend=0x602000000fb3 "\200\200\200", littlestr=0x621000001968, flags=0) at util.c:816
#5  0x0000000000a9dbb4 in Perl_re_intuit_start (rx=0x602000000fb6, sv=<optimized out>, strbeg=0x602000000fb0 "0\371\200\200\200\200", strpos=<optimized out>, strend=0x602000000fb6 "", flags=<optimized out>, data=<optimized out>) at regexec.c:935
#6  0x0000000000a92680 in Perl_regexec_flags (rx=0x62100000c328, stringarg=0x602000000fb0 "0\371\200\200\200\200", strend=0x602000000fb6 "", strbeg=0x602000000fb0 "0\371\200\200\200\200", minend=0, sv=<optimized out>, data=<optimized out>, flags=<optimized out>) at regexec.c:3015
#7  0x0000000000877578 in Perl_pp_match () at pp_hot.c:3046
#8  0x00000000007b47e9 in Perl_runops_debug () at dump.c:2495
#9  0x00000000005a6332 in S_run_body (oldscope=1) at perl.c:2717
#10 0x00000000005a5981 in perl_run (my_perl=<optimized out>) at perl.c:2633
#11 0x0000000000503698 in main (argc=<optimized out>, argv=<optimized out>, env=0x7fffffffe380) at perlmain.c:123
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 246b
I looked at this briefly. It looks like an issue where something is expecting a NUL-terminated C string, but the data contains an embedded NUL. Scanning through the fbm code, I saw only operation that allowed embedded NULs. -- Karl Williamson
From: demerphq <demerphq [...] gmail.com>
Date: Wed, 7 Feb 2018 23:09:38 +0100
Subject: Re: [perl #132630] Assertion failure in Perl_fbm_instr (util.c:816)
To: Perl RT Bug Tracker <perlbug-followup [...] perl.org>
CC: Perl5 Porteros <perl5-porters [...] perl.org>
Download (untitled) / with headers
text/plain 1.2k
On 7 February 2018 at 22:35, Karl Williamson via RT <perlbug-followup@perl.org> wrote: Show quoted text
> I looked at this briefly. It looks like an issue where something is expecting a NUL-terminated C string, but the data contains an embedded NUL. Scanning through the fbm code, I saw only operation that allowed embedded NULs.
Run it with -Mre=Debug,ALL ... Matching REx "^000?\0000" against "0%x{1000000}" UTF-8 string... Intuit: trying to determine minimum start position... substrs[0]: min=0 max=0 end shift=2 useful=100 utf8=1 [PVMG("00"\0) [UTF8 "00"]] substrs[1]: min=2 max=3 end shift=0 useful=100 utf8=1 [PVMG("\0000"\0) [UTF8 "\x{0}0"]] substrs[2]: min=2 max=3 end shift=0 useful=100 utf8=1 [PVMG("\0000"\0) [UTF8 "\x{0}0"]] At restart: rx_origin=0 Check offset min: 2 Start shift: 2 End shift 0 Real end Shift: 0 [assert goes here] The string is only two characters long, and the string we are looking for "\x{0}0" has to be found at position 2 or later. We are falling into the block at around 1253 of regexec.c where we recompute the endpoint, and we dont take into account that doing so could move the endpoint to before the start point. Fixed in 12453e29a22d63862ba5924c61c08baabd9c6782 :-) I think this can be closed. Yves
RT-Send-CC: perl5-porters [...] perl.org
Agreed. Closing -- Karl Williamson
Download (untitled) / with headers
text/plain 317b
Thank you for filing this report. You have helped make Perl better. With the release yesterday of Perl 5.28.0, this and 185 other issues have been resolved. Perl 5.28.0 may be downloaded via: https://metacpan.org/release/XSAWYERX/perl-5.28.0 If you find that the problem persists, feel free to reopen this ticket.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org