New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Null pointer dereference + segfault in Perl_pp_subst (pp_hot.c:3368) #15756
Comments
From @geeknikTriggered with Perl v5.25.7-98-gdf13534 while fuzzing with AFL. od -tx1 test114 semi-panic: attempt to dup freed string at test114 line 1.
|
From @geeknik |
From @iabynOn Sun, Dec 11, 2016 at 12:39:15PM -0800, Brian Carpenter wrote:
This is a stack-not-ref-counted issue. It can be reduced to: map 1, (%x) = (1..3), (%x) = (); perl: sv.c:6540: Perl_sv_clear: Assertion `((svtype)((sv)->sv_flags & 0xff)) != (svtype)0xff' failed. or using a for loop instead, which has a hack that checks whether the 1 for (%x) = (1..3), (%x) = (); Use of freed value in iteration at /tmp/test114 line 1. -- |
The RT System itself - Status changed from 'new' to 'open' |
Migrated from rt.perl.org#130315 (status was 'open')
Searchable as RT130315$
The text was updated successfully, but these errors were encountered: