null ptr deref, segfault Perl_sv_setsv_flags (sv.c:4558) #15556

p5pRT · 2016-08-25T19:11:30Z

Migrated from rt.perl.org#129087 (status was 'open')

Searchable as RT129087$

p5pRT · 2016-08-25T19:11:30Z

From @geeknik

Null pointer deref and segfault in v5.25.5 (v5.25.4-10-g8d168aa) triggered by:

perl -e '*0=@0=*0=@0=@0=%::=@0=$0=%0=0'

==23769==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000c (pc 0x00000091fce8 bp 0x7ffd62207a00 sp 0x7ffd622078e0 T0)
#0 0x91fce7 in Perl_sv_setsv_flags /root/perl/sv.c:4558:3
#1 0x89e56e in Perl_pp_sassign /root/perl/pp_hot.c:226:5
#2 0x7f1dd3 in Perl_runops_debug /root/perl/dump.c:2234:23
#3 0x5a1234 in S_run_body /root/perl/perl.c:2525:2
#4 0x5a1234 in perl_run /root/perl/perl.c:2448
#5 0x4de85d in main /root/perl/perlmain.c:123:9
#6 0x7f7132ed6b44 in __libc_start_main /build/glibc-uPj9cH/glibc-2.19/csu/libc-start.c:287
#7 0x4de4cc in _start (/root/perl/perl+0x4de4cc)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/perl/sv.c:4558 Perl_sv_setsv_flags
==23769==ABORTING

On a non-instrumented build, we can look at the same thing in Valgrind:

valgrind -q ./unperl -e '*0=@0=*0=@0=@0=%::=@0=$0=%0=0'
==18924== Invalid read of size 4
==18924== at 0x521444: Perl_sv_setsv_flags (sv.c:4558)
==18924== by 0x4FEEE5: Perl_pp_sassign (pp_hot.c:226)
==18924== by 0x4D6261: Perl_runops_debug (dump.c:2234)
==18924== by 0x452E96: S_run_body (perl.c:2525)
==18924== by 0x452E96: perl_run (perl.c:2448)
==18924== by 0x421834: main (perlmain.c:123)
==18924== Address 0xc is not stack'd, malloc'd or (recently) free'd
==18924==
==18924==
==18924== Process terminating with default action of signal 11 (SIGSEGV)
==18924== Access not within mapped region at address 0xC
==18924== at 0x521444: Perl_sv_setsv_flags (sv.c:4558)
==18924== by 0x4FEEE5: Perl_pp_sassign (pp_hot.c:226)
==18924== by 0x4D6261: Perl_runops_debug (dump.c:2234)
==18924== by 0x452E96: S_run_body (perl.c:2525)
==18924== by 0x452E96: perl_run (perl.c:2448)
==18924== by 0x421834: main (perlmain.c:123)
==18924== If you believe this happened as a result of a stack
==18924== overflow in your program's main thread (unlikely but
==18924== possible), you can try to increase the size of the
==18924== main thread stack using the --main-stacksize= flag.
==18924== The main thread stack size used in this run was 8388608.
Segmentation fault

p5pRT · 2016-08-25T19:33:04Z

From @dcollinsn

Almost certainly an instance of RT #77706. *0 is being modified while on the stack.

--
Respectfully,
Dan Collins

p5pRT · 2016-08-25T19:33:05Z

From [Unknown Contact. See original ticket]

Almost certainly an instance of RT #77706. *0 is being modified while on the stack.

--
Respectfully,
Dan Collins

p5pRT · 2016-08-25T19:37:31Z

From zefram@fysh.org

Brian Carpenter wrote:

perl -e '*0=@0=*0=@0=@0=%::=@0=$0=%0=0'

Golfs to:

$ perl -e '*z=%::=$a=@b=0'

-zefram

p5pRT · 2016-08-25T19:37:31Z

The RT System itself - Status changed from 'new' to 'open'

p5pRT added Severity Low distro-All hasCoreDump type-core labels Oct 19, 2019

xenu removed the affects-5.25 label Nov 19, 2021

xenu removed the Severity Low label Dec 29, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

null ptr deref, segfault Perl_sv_setsv_flags (sv.c:4558) #15556

null ptr deref, segfault Perl_sv_setsv_flags (sv.c:4558) #15556

p5pRT commented Aug 25, 2016

p5pRT commented Aug 25, 2016

p5pRT commented Aug 25, 2016

p5pRT commented Aug 25, 2016

p5pRT commented Aug 25, 2016

p5pRT commented Aug 25, 2016

Navigation Menu

null ptr deref, segfault Perl_sv_setsv_flags (sv.c:4558) #15556

null ptr deref, segfault Perl_sv_setsv_flags (sv.c:4558) #15556

Comments

p5pRT commented Aug 25, 2016

p5pRT commented Aug 25, 2016

From @geeknik

p5pRT commented Aug 25, 2016

From @dcollinsn

p5pRT commented Aug 25, 2016

From [Unknown Contact. See original ticket]

p5pRT commented Aug 25, 2016

From zefram@fysh.org

p5pRT commented Aug 25, 2016