Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Perl_sv_2nv_flags(SV *const, const I32): Assertion `((svtye)((sv)->sv_flags & 0xff)) != SVt_PVAV && ((svtype)((sv)->sv_flags & 0xff)) != SVt_PVHV && ((svtype)((sv)->sv_flags & 0xff)) != SVt_PVFM' fail #15758

Open
p5pRT opened this issue Dec 11, 2016 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Dec 11, 2016

Migrated from rt.perl.org#130317 (status was 'open')

Searchable as RT130317$

@p5pRT
Copy link
Author

p5pRT commented Dec 11, 2016

From @geeknik

Triggered with Perl v5.25.7-98-gdf13534 while fuzzing with AFL.

od -tx1 test275
0000000 6d 61 70 24 5e 56 20 3e 5c 40 3d 2a 24 5f 2c 25
0000020 bd 3d 54 2c 4d 2c 25 5f 3d 44 2e 2e 2e 54 2c 33
0000040 2c 25 5f 3d 44 2e 2e 54 2c 4d 2c 04 22 04 3d 25
0000060 5d 3d 52 2e ff 7f ff ff 04 1d ff ff 75 70 67 1d
0000100 22 6c 6e 67 67 00 1b 80 00 98 90 20 0a
0000115

./perl test275
perl​: sv.c​:2612​: NV Perl_sv_2nv_flags(SV *const, const I32)​: Assertion
`((svtype)((sv)->sv_flags & 0xff)) != SVt_PVAV && ((svtype)((sv)->sv_flags
& 0xff)) != SVt_PVHV && ((svtype)((sv)->sv_flags & 0xff)) != SVt_PVFM'
failed.
Aborted

@p5pRT
Copy link
Author

p5pRT commented Dec 11, 2016

From @geeknik

test275.gz

@p5pRT
Copy link
Author

p5pRT commented Dec 12, 2016

From @iabyn

On Sun, Dec 11, 2016 at 01​:23​:56PM -0800, Brian Carpenter wrote​:

od -tx1 test275
0000000 6d 61 70 24 5e 56 20 3e 5c 40 3d 2a 24 5f 2c 25
0000020 bd 3d 54 2c 4d 2c 25 5f 3d 44 2e 2e 2e 54 2c 33
0000040 2c 25 5f 3d 44 2e 2e 54 2c 4d 2c 04 22 04 3d 25
0000060 5d 3d 52 2e ff 7f ff ff 04 1d ff ff 75 70 67 1d
0000100 22 6c 6e 67 67 00 1b 80 00 98 90 20 0a
0000115

./perl test275
perl​: sv.c​:2612​: NV Perl_sv_2nv_flags(SV *const, const I32)​: Assertion
`((svtype)((sv)->sv_flags & 0xff)) != SVt_PVAV && ((svtype)((sv)->sv_flags
& 0xff)) != SVt_PVHV && ((svtype)((sv)->sv_flags & 0xff)) != SVt_PVFM'
failed.
Aborted

Another stack-not-refcounted issue. Reduces to

  map(
  1,
  (%_) = ('D', 'E'),
  (%_) = (),
  );

--
Overhead, without any fuss, the stars were going out.
  -- Arthur C Clarke

@p5pRT
Copy link
Author

p5pRT commented Dec 12, 2016

The RT System itself - Status changed from 'new' to 'open'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants