Skip Menu |
Report information
Id: 74764
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: frank.wiegand <frank.wiegand [at] gmail.com>
Cc:
AdminCc:

Operating System: All
PatchStatus: (no value)
Severity: High
Type:
Perl Version:
  • 5.12.1
  • 5.25.3
Fixed In: (no value)



Subject: -E 'given( goto f ) { f: }' => crash
Date: Thu, 29 Apr 2010 10:36:08 +0200
To: perlbug <perlbug [...] perl.org>
From: Frank Wiegand <frank.wiegand [...] gmail.com>
Download (untitled) / with headers
text/plain 3.2k
This is a bug report for perl from frank.wiegand@gmail.com, generated with the help of perlbug 1.39 running under perl 5.12.0. ----------------------------------------------------------------- The following code crashes perl: % perl5.12.0 -E 'given ( goto f ) { f: }' Use of "goto" to jump into a construct is deprecated at -e line 1. perl5.12.0: pp_ctl.c:4005: Perl_pp_leavegiven: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed. zsh: abort /opt/perl/perl-5.12.0-RC3/bin/perl5.12.0 -E 'given ( goto f ) { f: } Yes, I see the deprecated warning. Yes, no one would do this. But perl should not crash, too. Thanks, Frank ----------------------------------------------------------------- --- Flags: category=core severity=low --- Site configuration information for perl 5.12.0: Configured by fw at Sat Apr 3 09:18:00 CEST 2010. Summary of my perl5 (revision 5 version 12 subversion 0) configuration: Platform: osname=linux, osvers=2.6.32-trunk-amd64, archname=x86_64-linux uname='linux hal2 2.6.32-trunk-amd64 #1 smp sun jan 10 22:40:40 utc 2010 x86_64 gnulinux ' config_args='-de -Dusedevel -DDEBUGGING=both -Doptimize=-g -Dcc=ccache gcc -Dld=gcc -Dprefix=/opt/perl/perl-5.12.0-RC3/ -Dmad' hint=recommended, useposix=true, d_sigaction=define useithreads=undef, usemultiplicity=undef useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='ccache gcc', ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-g', cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion='', gccversion='4.4.3 20100108 (prerelease)', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='gcc', ldflags =' -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc libc=/lib/libc-2.10.2.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.10.2' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -g -L/usr/local/lib -fstack-protector' Locally applied patches: RC3 --- @INC for perl 5.12.0: /opt/perl/perl-5.12.0-RC3/lib/site_perl/5.12.0/x86_64-linux /opt/perl/perl-5.12.0-RC3/lib/site_perl/5.12.0 /opt/perl/perl-5.12.0-RC3/lib/5.12.0/x86_64-linux /opt/perl/perl-5.12.0-RC3/lib/5.12.0 . --- Environment for perl 5.12.0: HOME=/home/fw LANG=de_DE.UTF-8 LANGUAGE= LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/sbin:/usr/sbin:/home/fw/bin:/home/fw/bin:/usr/local/bin:/usr/bin:/bin:/usr/games PERL_AUTOINSTALL=--defaultdeps PERL_BADLANG (unset) PERL_EXTUTILS_AUTOINSTALL=--defaultdeps PERL_MM_USE_DEFAULT=1 SHELL=/bin/zsh
Subject: Hardening via random code generator (was: [perl #74764] -E 'given( goto f ) { f: }' => crash)
Date: Fri, 30 Apr 2010 10:04:13 +0100
To: perl5-porters [...] perl.org
From: Tim Bunce <Tim.Bunce [...] pobox.com>
Download (untitled) / with headers
text/plain 791b
Show quoted text
> The following code crashes perl: > > % perl5.12.0 -E 'given ( goto f ) { f: }' > Use of "goto" to jump into a construct is deprecated at -e line 1. > perl5.12.0: pp_ctl.c:4005: Perl_pp_leavegiven: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed. > zsh: abort /opt/perl/perl-5.12.0-RC3/bin/perl5.12.0 -E 'given ( goto f ) { f: }
This report triggers vague memories of a tool (not perl related) that generated random code fragments in an attempt to find flaws in a compiler or cpu (I forget which now). Ring a bell for anyone? Show quoted text
> Yes, no one would do this. > But perl should not crash, too.
Exactly. An interesting project for someone: a tool that generates random perl code fragments in an attempt to find crashing bugs in perl. Tim.
CC: perl5-porters [...] perl.org
Subject: Re: Hardening via random code generator (was: [perl #74764] -E 'given( goto f ) { f: }' => crash)
Date: Fri, 30 Apr 2010 10:08:05 +0100
To: Tim Bunce <Tim.Bunce [...] pobox.com>
From: Nicholas Clark <nick [...] ccl4.org>
Download (untitled) / with headers
text/plain 1016b
On Fri, Apr 30, 2010 at 10:04:13AM +0100, Tim Bunce wrote: Show quoted text
> > The following code crashes perl: > > > > % perl5.12.0 -E 'given ( goto f ) { f: }' > > Use of "goto" to jump into a construct is deprecated at -e line 1. > > perl5.12.0: pp_ctl.c:4005: Perl_pp_leavegiven: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed. > > zsh: abort /opt/perl/perl-5.12.0-RC3/bin/perl5.12.0 -E 'given ( goto f ) { f: }
> > This report triggers vague memories of a tool (not perl related) that > generated random code fragments in an attempt to find flaws in a > compiler or cpu (I forget which now). Ring a bell for anyone?
ftp://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz-revisited.ps Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services. I believe that Ilya Z also did something related by using Markov chains to feed plausible garbage to the perl interpreter, identifying the cause of the crashes, and then patching the bugs. Nicholas Clark
CC: bugs-bitbucket [...] rt.perl.org
Subject: Re: [perl #74764] -E 'given( goto f ) { f: }' => crash
Date: Sat, 01 May 2010 22:51:36 +0200
To: perl5-porters [...] perl.org
From: Frank Wiegand <frank.wiegand [...] gmail.com>
Download (untitled) / with headers
text/plain 877b
Am Donnerstag, den 29.04.2010, 01:36 -0700 schrieb Frank Wiegand: Show quoted text
> The following code crashes perl: > > % perl5.12.0 -E 'given ( goto f ) { f: }' > Use of "goto" to jump into a construct is deprecated at -e line 1. > perl5.12.0: pp_ctl.c:4005: Perl_pp_leavegiven: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed. > zsh: abort /opt/perl/perl-5.12.0-RC3/bin/perl5.12.0 -E 'given ( goto f ) { f: } > > Yes, I see the deprecated warning.
This one is without the warning: % perl-5.12.0-RC3 -wE 'given( do { goto f } ) { f: }' perl-5.12.0-RC3: pp_ctl.c:4005: Perl_pp_leavegiven: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed. zsh: abort LC_ALL=C perl-5.12.0-RC3 -wE 'given( do { goto f } ) { f: }' Show quoted text
> Yes, no one would do this. > But perl should not crash, too.
Still true. Frank
RT-Send-CC: perl5-porters [...] perl.org
I’ve fixed this bug in commit a01f464 by forbidding goto-into-given. -- Father Chrysostomos
Download (untitled) / with headers
text/plain 317b
Thank you for filing this report. You have helped make Perl better. With the release yesterday of Perl 5.28.0, this and 185 other issues have been resolved. Perl 5.28.0 may be downloaded via: https://metacpan.org/release/XSAWYERX/perl-5.28.0 If you find that the problem persists, feel free to reopen this ticket.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org