Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perl: sv.c:6566: void Perl_sv_clear(SV *const): Assertion `SvTYPE(sv) != (svtype)SVTYPEMASK' failed #16103

Open
p5pRT opened this issue Aug 8, 2017 · 4 comments
Open

perl: sv.c:6566: void Perl_sv_clear(SV *const): Assertion `SvTYPE(sv) != (svtype)SVTYPEMASK' failed #16103

p5pRT opened this issue Aug 8, 2017 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Aug 8, 2017

Migrated from rt.perl.org#131861 (status was 'open')

Searchable as RT131861$
@p5pRT
Copy link
Author

p5pRT commented Aug 8, 2017

From gy741.kim@gmail.com

Hi.

I found a segmentation fault bug in perl.

Please confirm.

Thanks.

Version​: This is perl 5, version 27, subversion 2 (v5.27.2) built for
i686-linux
OS​: Ubuntu 16.04.2 32bit
Steps to reproduce​:
1.Download the PoC files.
2.Compile the source code with ASan.
3.Execute the following command
  : ./perl $PoC

```
==11818== Process terminating with default action of signal 6 (SIGABRT)
==11818== at 0x4138EA9​: raise (raise.c​:54)
==11818== by 0x413A406​: abort (abort.c​:89)
==11818== by 0x4131D06​: __assert_fail_base (assert.c​:92)
==11818== by 0x4131D8A​: __assert_fail (assert.c​:101)
==11818== by 0x867CBFA​: Perl_sv_clear (sv.c​:6566)
==11818== by 0x86829E2​: Perl_sv_free2 (sv.c​:7090)
==11818== by 0x87AF7F0​: S_SvREFCNT_dec (inline.h​:191)
==11818== by 0x87AF7F0​: Perl_pp_mapwhile (pp_ctl.c​:1121)
==11818== by 0x84DEBDC​: Perl_runops_debug (dump.c​:2483)
==11818== by 0x823AAF3​: S_run_body (perl.c​:2553)
==11818== by 0x823AAF3​: perl_run (perl.c​:2476)
==11818== by 0x81494D4​: main (perlmain.c​:123)
```

@p5pRT
Copy link
Author

p5pRT commented Aug 8, 2017

From gy741.kim@gmail.com

stack-not-refcounted

@p5pRT
Copy link
Author

p5pRT commented Aug 8, 2017

From @tonycoz

On Tue, 08 Aug 2017 08​:08​:09 -0700, gy741.kim@​gmail.com wrote​:

Hi.

I found a segmentation fault bug in perl.

Please confirm.

Thanks.

Version​: This is perl 5, version 27, subversion 2 (v5.27.2) built for
i686-linux
OS​: Ubuntu 16.04.2 32bit
Steps to reproduce​:
1.Download the PoC files.
2.Compile the source code with ASan.
3.Execute the following command
: ./perl $PoC

```
==11818== Process terminating with default action of signal 6 (SIGABRT)
==11818== at 0x4138EA9​: raise (raise.c​:54)
==11818== by 0x413A406​: abort (abort.c​:89)
==11818== by 0x4131D06​: __assert_fail_base (assert.c​:92)
==11818== by 0x4131D8A​: __assert_fail (assert.c​:101)
==11818== by 0x867CBFA​: Perl_sv_clear (sv.c​:6566)
==11818== by 0x86829E2​: Perl_sv_free2 (sv.c​:7090)
==11818== by 0x87AF7F0​: S_SvREFCNT_dec (inline.h​:191)
==11818== by 0x87AF7F0​: Perl_pp_mapwhile (pp_ctl.c​:1121)
==11818== by 0x84DEBDC​: Perl_runops_debug (dump.c​:2483)
==11818== by 0x823AAF3​: S_run_body (perl.c​:2553)
==11818== by 0x823AAF3​: perl_run (perl.c​:2476)
==11818== by 0x81494D4​: main (perlmain.c​:123)
```

We haven't been treating stack-not-refcounted bugs as security issues.

Tony

@p5pRT
Copy link
Author

p5pRT commented Aug 8, 2017

The RT System itself - Status changed from 'new' to 'open'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@p5pRT