Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pp_sys.c:957: Perl_pp_tie: Assertion `!isGV_with_GP(_svcur)' failed #15825

Closed
p5pRT opened this issue Jan 22, 2017 · 6 comments
Closed

pp_sys.c:957: Perl_pp_tie: Assertion `!isGV_with_GP(_svcur)' failed #15825

p5pRT opened this issue Jan 22, 2017 · 6 comments

Comments

@p5pRT
Copy link

p5pRT commented Jan 22, 2017

Migrated from rt.perl.org#130623 (status was 'resolved')

Searchable as RT130623$

@p5pRT
Copy link
Author

p5pRT commented Jan 22, 2017

From @dur-randir

Created by @dur-randir

While fuzzing perl v5.25.8-216-gfbceb79751 built with afl and run
under libdislocator, I found the following program

tie$0,*0

to cause an assertion failure. This is a regression in blead, bisect points to

0b077c8 is the first bad commit
commit 0b077c8
Author​: Dagfinn Ilmari Mannsåker <ilmari@​ilmari.org>
Date​: Sun Nov 13 15​:10​:38 2016 +0100

  Improve error for missing tie() pacakge/method

  This brings the error messages in line with the ones used for normal
  method calls, despite not using call_method().

GDB info about the crash location​:

(gdb) bt
#0 __GI_raise (sig=sig@​entry=6) at ../sysdeps/unix/sysv/linux/raise.c​:58
#1 0x00007f869ed7f40a in __GI_abort () at abort.c​:89
#2 0x00007f869ed76e47 in __assert_fail_base (fmt=<optimized out>,
assertion=assertion@​entry=0x7f86a04924f6 "!isGV_with_GP(_svcur)",
  file=file@​entry=0x7f86a049245f "pp_sys.c", line=line@​entry=957,
function=function@​entry=0x7f86a0494a80 <__PRETTY_FUNCTION__.15407>
"Perl_pp_tie")
  at assert.c​:92
#3 0x00007f869ed76ef2 in __GI___assert_fail (assertion=0x7f86a04924f6
"!isGV_with_GP(_svcur)", file=0x7f86a049245f "pp_sys.c", line=957,
  function=0x7f86a0494a80 <__PRETTY_FUNCTION__.15407> "Perl_pp_tie")
at assert.c​:101
#4 0x00007f86a033e545 in Perl_pp_tie () at pp_sys.c​:957
#5 0x00007f86a0200bde in Perl_runops_debug () at dump.c​:2260
#6 0x00007f86a00fb156 in S_run_body (oldscope=1) at perl.c​:2528
#7 0x00007f86a00fa6d4 in perl_run (my_perl=0x7f86a1732010) at perl.c​:2451
#8 0x00007f86a00b5d3e in main (argc=2, argv=0x7fff65409c28,
env=0x7fff65409c40) at perlmain.c​:123

Perl Info

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.25.9:

Configured by root at Sat Jan 14 02:25:05 MSK 2017.

Summary of my perl5 (revision 5 version 25 subversion 9) configuration:
  Commit id: cbe2fc5001aa59cdc73e04cc35e097a2ecfbeec0
  Platform:
    osname=linux
    osvers=3.16.0-4-amd64
    archname=x86_64-linux
    uname='linux dorothy 3.16.0-4-amd64 #1 smp debian 3.16.36-1+deb8u2
(2016-10-19) x86_64 gnulinux '
    config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast
-Doptimize=-O0 -g -ggdb3'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    bincompat5005=undef
  Compiler:
    cc='afl-clang-fast'
    ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
    optimize='-O0 -g -ggdb3'
    cppflags='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include'
    ccversion=''
    gccversion='4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='afl-clang-fast'
    ldflags =' -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib
/usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu
/lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
    libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.24.so
    so=so
    useshrplib=false
    libperl=libperl.a
    gnulibc_version='2.24'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -O0 -g -ggdb3 -L/usr/local/lib -fstack-protector-strong'



@INC for perl 5.25.9:
    lib
    /usr/local/lib/perl5/site_perl/5.25.9/x86_64-linux
    /usr/local/lib/perl5/site_perl/5.25.9
    /usr/local/lib/perl5/5.25.9/x86_64-linux
    /usr/local/lib/perl5/5.25.9


Environment for perl 5.25.9:
    HOME=/home/afl
    LANG=en_US.UTF-8
    LANGUAGE=en_US:en
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
    PERLBREW_BASHRC_VERSION=0.78
    PERLBREW_HOME=/home/afl/.perlbrew
    PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.22.1/man
    PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.22.1/bin
    PERLBREW_PERL=perl-5.22.1
    PERLBREW_ROOT=/home/afl/perlbrew
    PERLBREW_VERSION=0.78
    PERL_BADLANG (unset)
    SHELL=/usr/bin/zsh

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2017

From @dur-randir

Different way to hit the same line, but with another assertion​:

tie%0,\0

pp_sys.c​:957​: OP *Perl_pp_tie()​: Assertion `PL_valid_types_PVX[SvTYPE(_svcur) & SVt_MASK] || SvTYPE(_svcur) == SVt_REGEXP' failed.

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2017

From [Unknown Contact. See original ticket]

Different way to hit the same line, but with another assertion​:

tie%0,\0

pp_sys.c​:957​: OP *Perl_pp_tie()​: Assertion `PL_valid_types_PVX[SvTYPE(_svcur) & SVt_MASK] || SvTYPE(_svcur) == SVt_REGEXP' failed.

@p5pRT
Copy link
Author

p5pRT commented Jan 24, 2017

From @arc

Thanks for the report. As you surmise, these are subtly different bugs relating to the same area of code. They are fixed as of 32207c6.

--
Aaron Crane ** http​://aaroncrane.co.uk/

@p5pRT
Copy link
Author

p5pRT commented Jan 24, 2017

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Jan 24, 2017

@arc - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant