New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AddressSanitizer: attempting free on address in Perl_safesysfree #15894
Comments
From mtowalski@pentest.net.plHello, I've attached the poc and the asan log. Configure options: “./Configure -des -Dusedevel -DDEBUGGING -Dcc=clang -Doptimize=-O2 -Accflags="-fsanitize=address -fsanitize-coverage=edge" -Aldflags="-fsanitize=address -fsanitize-coverage=edge" -Alddlflags=-shared" Information about configuration: Distributor ID: Ubuntu Best Regards, |
From mtowalski@pentest.net.plperl: warning: Setting locale failed.
|
From @arcReduction: $ ./miniperl -e 'map $p[0][0],@z=z,@z=z,@z=z,@z=z,@z=z,@z= ~9'==13111==ERROR: AddressSanitizer: attempting free on address which was 0x62100000f598 is located 1176 bytes inside of 4080-byte region SUMMARY: AddressSanitizer: bad-free I was slightly surprised (a) that the multideref needn't look at the My first guess is that this is ultimately stack-not-refcounted, but I -- |
The RT System itself - Status changed from 'new' to 'open' |
From @tonycozOn Sun, 26 Feb 2017 10:12:45 -0800, arc@aaroncrane.co.uk wrote:
It's pretty common for stack-not-refcounted bugs to introduce just strange behaviour, with a slight variation required to make it crash, or assert: $ ./miniperl -e 'map $p[0][0],@z=z,@z=(1..3),@z= ~9' (which is a typical stack-not-refcounted assert().) Tony |
From @iabynOn Sun, Feb 26, 2017 at 08:58:19PM -0800, Tony Cook via RT wrote:
It can be reduced even further to map $$p, @z=1, @z=2; The second assignment to @z frees the IV(1) which is still left on the I think this is another ticket we just move to the public queue and I'll do this in a few days time unless anyone objects. -- |
From @iabynOn Mon, Feb 27, 2017 at 02:37:58PM +0000, Dave Mitchell wrote:
Now doing it. -- |
Migrated from rt.perl.org#130865 (status was 'open')
Searchable as RT130865$
The text was updated successfully, but these errors were encountered: