New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Quadmath builds segfault on repeat with a very large count #15297
Comments
From @dcollinsnGreetings Porters, I have compiled bleadperl with the afl-gcc compiler using: ./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Uuselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -Dusequadmath -des And then fuzzed the resulting binary using: AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@ After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers a segmentation fault in the perl interpreter. The testcase is the 23-character file: dcollins@nightshade64:/usr/local/perl-afl/out$ cat allcrash/f4i000000 On quadmath builds, this crashes with a segmentation fault. On non-quadmath (long doubles) builds, this runs without error: dcollins@nightshade64:/usr/local/perl-afl/out$ ~/perlquad/perl allcrash/f4i000000 Debugging tool output is below. The crashing call is memcpy(0xec1182, 0xea1182, 131072). These memory locations do not overlap. Using a slightly smaller argument causes this to crash, rather appropriately, with Out of Memory: dcollins@nightshade64:/usr/local/perl-afl/out$ ~/perlquad/perl -e "20x20000000000000000000" I expect that quadmath perl is able to countenance a larger repeat count than regular perl is, and while regular perl would try to shove that number into a type it doesn't fit in (and therefore interpret a smaller repeat count that it is able to execute successfully), quadmath perl sees the full number of repetitions, fails to allocate enough memory, but attempts to copy it the full number of times anyway. **GDB** dcollins@nightshade64:/usr/local/perl-afl/out$ gdb --args ~/perlquad/perl allcrash/f4i000000 Program received signal SIGSEGV, Segmentation fault. Breakpoint 1, Perl_repeatcpy (to=0xea1182 "", from=0xea1180 "20", len=2, count=9223372036854775806) at util.c:3214 ... 3239 memcpy(p, to, size); Program received signal SIGSEGV, Segmentation fault. **VALGRIND** dcollins@nightshade64:/usr/local/perl-afl/out$ valgrind ~/perlquad/perl allcrash/f4i000000 **PERL -V** dcollins@nightshade64:/usr/local/perl-afl/out$ ~/perlquad/perl -V Characteristics of this binary (from libperl): |
From @dcollinsnThis is perhaps a duplicate of [perl #127915], which I didn't find in my On Tue, Apr 26, 2016 at 8:02 PM, Dan Collins <perlbug-followup@perl.org>
|
From @tonycozOn Tue Apr 26 17:02:59 2016, dcollinsn@gmail.com wrote:
This appears to have been fixed by 6bbd724. I can't reproduce it in blead. Tony |
The RT System itself - Status changed from 'new' to 'open' |
From @tonycozOn Sun Jun 05 21:26:24 2016, tonyc wrote:
Fixed for Dan too, per IRC discussion. Tony |
@tonycoz - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#128001 (status was 'resolved')
Searchable as RT128001$
The text was updated successfully, but these errors were encountered: