From @geeknik

z;$z{&i};i causes an assertion failure in Perl_cv_const_sv_or_av (op.c​:7766). This bug was found using American Fuzzy Lop. Perl v5.23.6 (v5.23.5-113-g406d554) was compiled as follows​:

./Configure -des -Dusedevel -DDEBUGGING -Dcc=afl-gcc -Doptimize=-O2\ -g && AFL_HARDEN=1 make -j6

valgrind -q ~/perl/perl test09
Array found where operator expected at test09 line 1, at end of line
  (Missing operator before ?)
perl​: op.c​:7766​: Perl_cv_const_sv_or_av​: Assertion `((svtype)((cv)->sv_flags & 0xff)) == SVt_PVCV || ((svtype)((cv)->sv_flags & 0xff)) == SVt_PVFM' failed.
Aborted

Starting program​: /home/geeknik/perl/perl test09
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Array found where operator expected at test09 line 1, at end of line
  (Missing operator before ?)
perl​: op.c​:7766​: Perl_cv_const_sv_or_av​: Assertion `((svtype)((cv)->sv_flags & 0xff)) == SVt_PVCV || ((svtype((cv)->sv_flags & 0xff)) == SVt_PVFM' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff6d90165 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c​: No such file or directory.
(gdb) bt
#0 0x00007ffff6d90165 in *__GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:64
#1 0x00007ffff6d933e0 in *__GI_abort () at abort.c​:92
#2 0x00007ffff6d89311 in *__GI___assert_fail (
  assertion=assertion@​entry=0xe83af8 "((svtype)((cv)->sv_flags & 0xff)) == SVt_PVCV || ((svtype)((cv)->sv_fags & 0xff)) == SVt_PVFM", file=<optimized out>, file@​entry=0xf50f22 "op.c", line=line@​entry=7766,
  function=function@​entry=0xe95f90 "Perl_cv_const_sv_or_av") at assert.c​:81
#3 0x0000000000449ae5 in Perl_cv_const_sv_or_av (cv=cv@​entry=0x11bdbc0) at op.c​:7766
#4 0x00000000005e3b1c in Perl_yylex () at toke.c​:7056
#5 0x000000000065aa7d in Perl_yyparse (gramtype=gramtype@​entry=258) at perly.c​:322
#6 0x000000000052e625 in S_parse_body (env=env@​entry=0x0, xsinit=xsinit@​entry=0x42e190 <xs_init>)
  at perl.c​:2312
#7 0x0000000000534737 in perl_parse (my_perl=<optimized out>, xsinit=xsinit@​entry=0x42e190 <xs_init>,
  argc=<optimized out>, argv=<optimized out>, env=env@​entry=0x0) at perl.c​:1634
#8 0x000000000042dda8 in main (argc=2, argv=0x7fffffffe668, env=0x7fffffffe680) at perlmain.c​:114

From @tonycoz

On Thu Dec 10 08​:44​:03 2015, brian.carpenter@​gmail.com wrote​:

z;$z{&i};i causes an assertion failure in Perl_cv_const_sv_or_av
(op.c​:7766). This bug was found using American Fuzzy Lop. Perl v5.23.6
(v5.23.5-113-g406d554) was compiled as follows​:

./Configure -des -Dusedevel -DDEBUGGING -Dcc=afl-gcc -Doptimize=-O2\
-g && AFL_HARDEN=1 make -j6

valgrind -q ~/perl/perl test09
Array found where operator expected at test09 line 1, at end of line
(Missing operator before ?)
perl​: op.c​:7766​: Perl_cv_const_sv_or_av​: Assertion `((svtype)((cv)-

sv_flags & 0xff)) == SVt_PVCV || ((svtype)((cv)->sv_flags & 0xff)) ==
SVt_PVFM' failed.
Aborted

I haven't managed to reproduce this.

$ hd ../126871.pl
00000000 7a 3b 24 7a 7b 26 69 7d 3b 69 |z;$z{&i};i|
0000000a

Built blead with and without afl-gcc 1.06b, test runs with and without valgrind, all builds with -DDEBUGGING.

Also tried with 5.23.7 and 5.23.4 build with -DDEBUGGING and plain gcc.

Tony

The RT System itself - Status changed from 'new' to 'open'

From @geeknik

On Tue Feb 09 21​:43​:44 2016, tonyc wrote​:

I haven't managed to reproduce this.

$ hd ../126871.pl
00000000 7a 3b 24 7a 7b 26 69 7d 3b 69 |z;$z{&i};i|
0000000a

Built blead with and without afl-gcc 1.06b, test runs with and without
valgrind, all builds with -DDEBUGGING.

Also tried with 5.23.7 and 5.23.4 build with -DDEBUGGING and plain
gcc.

Tony

I am no longer able to reproduce this.

From @tonycoz

On Wed Feb 10 00​:51​:25 2016, brian.carpenter@​gmail.com wrote​:

On Tue Feb 09 21​:43​:44 2016, tonyc wrote​:

I haven't managed to reproduce this.

I am no longer able to reproduce this.

Ok, closing.

Tony

@tonycoz - Status changed from 'open' to 'rejected'