Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault in S_incline at toke.c:1697 #15139

Closed
p5pRT opened this issue Jan 21, 2016 · 7 comments
Closed

Segfault in S_incline at toke.c:1697 #15139

p5pRT opened this issue Jan 21, 2016 · 7 comments

Comments

@p5pRT
Copy link

p5pRT commented Jan 21, 2016

Migrated from rt.perl.org#127334 (status was 'resolved')

Searchable as RT127334$

@p5pRT
Copy link
Author

p5pRT commented Jan 21, 2016

From @geeknik

Found while fuzzing Perl v5.23.8 (v5.23.7-9-gd15ad02) with American Fuzzy Lop. This crash happens with v5.20.2 (x64 Debian) as well, but not with v5.14.2 (x64 Debian) or 5.20.2 (x64 FreeBSD) and v5.20.3 (x86 FreeBSD).

hexdump -C test00
00000000 23 6c 69 6e 65 20 30 30 30 30 30 30 30 30 30 30 |#line 0000000000|
00000010 30 30 30 30 30 30 30 |0000000|
00000017

Program received signal SIGSEGV, Segmentation fault.
S_incline (s=0x1242cf7 "") at toke.c​:1697
1697 while (!isSPACE(*t))
(gdb) bt
#0 S_incline (s=0x1242cf7 "") at toke.c​:1697
#1 0x00000000005f67ec in Perl_yylex () at toke.c​:4984
#2 0x000000000066b7f5 in Perl_yyparse (gramtype=772) at perly.c​:322
#3 0x000000000053b6a9 in S_parse_body (env=env@​entry=0x0,
  xsinit=xsinit@​entry=0x42c0b0 <xs_init>) at perl.c​:2314
#4 0x000000000054344b in perl_parse (my_perl=<optimized out>,
  xsinit=xsinit@​entry=0x42c0b0 <xs_init>, argc=<optimized out>,
  argv=<optimized out>, env=env@​entry=0x0) at perl.c​:1636
#5 0x000000000042bcd8 in main (argc=2, argv=0x7fffffffe378,
  env=0x7fffffffe390) at perlmain.c​:114
(gdb) list
1692 s++;
1693 e = t + 1;
1694 }
1695 else {
1696 t = s;
1697 while (!isSPACE(*t))
1698 t++;
1699 e = t;
1700 }
1701 while (SPACE_OR_TAB(*e) || *e == '\r' || *e == '\f')

@p5pRT
Copy link
Author

p5pRT commented Jan 21, 2016

From @geeknik

test00

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2016

From @tonycoz

On Wed Jan 20 18​:22​:43 2016, brian.carpenter@​gmail.com wrote​:

Program received signal SIGSEGV, Segmentation fault.
S_incline (s=0x1242cf7 "") at toke.c​:1697
1697 while (!isSPACE(*t))

Thanks, fixed by 1bb1a3d.

Tony

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2016

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2016

@tonycoz - Status changed from 'open' to 'pending release'

@p5pRT
Copy link
Author

p5pRT commented May 13, 2016

From @khwilliamson

Thank you for submitting this report. You have helped make Perl better.
 
With the release of Perl 5.24.0 on May 9, 2016, this and 149 other issues have been resolved.

Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0

@p5pRT
Copy link
Author

p5pRT commented May 13, 2016

@khwilliamson - Status changed from 'pending release' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant