Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

null pointer dereference in Perl_yyparse() #15881

Open
p5pRT opened this issue Feb 19, 2017 · 3 comments
Open

null pointer dereference in Perl_yyparse() #15881

p5pRT opened this issue Feb 19, 2017 · 3 comments

Comments

@p5pRT
Copy link

p5pRT commented Feb 19, 2017

Migrated from rt.perl.org#130819 (status was 'open')

Searchable as RT130819$

@p5pRT
Copy link
Author

p5pRT commented Feb 19, 2017

From @geeknik

Triggered with Perl v5.25.10 (v5.25.9-154-gd8f2fe0) while fuzzing with AFL.

./perl -e 'm((())(())@​{if(0){sub{]]])}my;sub y'
ASAN​:SIGSEGV

==11415==ERROR​: AddressSanitizer​: SEGV on unknown address 0x000000000000
(pc 0x0000006c2346 bp 0x7ffc83abbe70 sp 0x7ffc83abbca0 T0)
  #0 0x6c2345 in Perl_yyparse /home/geeknik/perl/perly.y​:283​:10
  #1 0x59d611 in S_parse_body /home/geeknik/perl/perl.c​:2376​:9
  #2 0x593890 in perl_parse /home/geeknik/perl/perl.c​:1691​:2
  #3 0x4dea05 in main /home/geeknik/perl/perlmain.c​:121​:18
  #4 0x7fb2cc67ab44 in __libc_start_main
/build/glibc-qK83Be/glibc-2.19/csu/libc-start.c​:287
  #5 0x4de69c in _start (/home/geeknik/perl/perl+0x4de69c)

AddressSanitizer can not provide additional info.
SUMMARY​: AddressSanitizer​: SEGV /home/geeknik/perl/perly.y​:283 Perl_yyparse
==11415==ABORTING

@p5pRT
Copy link
Author

p5pRT commented Mar 31, 2017

From zefram@fysh.org

Minimises to 'qq(@​{sub{]]])}my;sub z'. Looks to be the same mechanism as
[perl #126191].

-zefram

@p5pRT
Copy link
Author

p5pRT commented Mar 31, 2017

The RT System itself - Status changed from 'new' to 'open'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants