New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
double-free affecting multiple Perl versions #15765
Comments
From @geeknikTriggered with Perl v5.25.7-98-gdf13534 while fuzzing with AFL. od -tx1 test430 ================================================================= 0x60200000b4f0 is located 0 bytes inside of 10-byte region previously allocated by thread T0 here: SUMMARY: AddressSanitizer: double-free ??:0 __interceptor_free Perl 5.20.2 fails under Valgrind with: |
From @geeknik |
From @tonycozOn Mon, 12 Dec 2016 17:26:26 -0800, brian.carpenter@gmail.com wrote:
Another stack-not-refcounted bug. Rarely running this doesn't produce this error for me, but: $ ./perl ../130332.pl More rarely it produces: $ ./perl ../130332.pl==18246==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6210000114f0 at pc 0x839aa3 bp 0x7ffe5993e640 sp 0x7ffe5993e638 0x6210000114f0 is located 0 bytes to the right of 4080-byte region [0x621000010500,0x6210000114f0) SUMMARY: AddressSanitizer: heap-buffer-overflow /home/tony/dev/perl/git/perl/pp_hot.c:4362 Perl_vivify_ref which looks like #130321. Simplifies to: ./perl -e 'map*$_= $#$_=8,%_=D.. FD,%_=D.. F' The variations are likely from hash ordering. Tony |
The RT System itself - Status changed from 'new' to 'open' |
From @iabynOn Tue, Dec 13, 2016 at 09:27:33PM -0800, Tony Cook via RT wrote:
And as for #130321, I propose that the ticket be moved to the public -- |
From @iabynOn Mon, Feb 20, 2017 at 11:45:12AM +0000, Dave Mitchell wrote:
which I am now doing. -- |
Migrated from rt.perl.org#130332 (status was 'open')
Searchable as RT130332$
The text was updated successfully, but these errors were encountered: