From superbsegfault@gmail.com

=================================================================
==25922==ERROR​: AddressSanitizer​: heap-buffer-overflow on address
0x619000004fa0 at pc 0x000000ef95ec bp 0x7ffd45c68050 sp 0x7ffd45c68048
READ of size 8 at 0x619000004fa0 thread T0
  #0 0xef95eb in S_mro_gather_and_rename
/home/perl_asan/perl-5.28.0/mro_core.c​:930​:9
  #1 0xeefbc4 in S_mro_gather_and_rename
/home/perl_asan/perl-5.28.0/mro_core.c​:1186​:4
  #2 0xed6dd3 in Perl_mro_package_moved
/home/perl_asan/perl-5.28.0/mro_core.c​:851​:5
  #3 0x113bc64 in S_glob_assign_glob
/home/perl_asan/perl-5.28.0/sv.c​:3886​:6
  #4 0x111cc3d in Perl_sv_setsv_flags
/home/perl_asan/perl-5.28.0/sv.c​:4365​:7
  #5 0xfef1cb in Perl_pp_sassign
/home/perl_asan/perl-5.28.0/pp_hot.c​:226​:5
  #6 0xfeb0f0 in Perl_runops_standard
/home/perl_asan/perl-5.28.0/run.c​:41​:26
  #7 0x71328f in S_run_body /home/perl_asan/perl-5.28.0/perl.c
  #8 0x71328f in perl_run /home/perl_asan/perl-5.28.0/perl.c​:2617
  #9 0x52b888 in main /home/perl_asan/perl-5.28.0/perlmain.c​:122​:9
  #10 0x7efe79ce8b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c​:310
  #11 0x43c109 in _start (/home/perl_asan/perl-5.28.0/perl+0x43c109)

0x619000004fa0 is located 32 bytes to the right of 1024-byte region
[0x619000004b80,0x619000004f80)
allocated by thread T0 here​:
  #0 0x4f1b85 in realloc (/home/perl_asan/perl-5.28.0/perl+0x4f1b85)
  #1 0xdf7fe2 in Perl_safesysrealloc
/home/perl_asan/perl-5.28.0/util.c​:271​:18

SUMMARY​: AddressSanitizer​: heap-buffer-overflow
/home/perl_asan/perl-5.28.0/mro_core.c​:930​:9 in S_mro_gather_and_rename
Shadow bytes around the buggy address​:
  0x0c327fff89a0​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c327fff89b0​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c327fff89c0​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c327fff89d0​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c327fff89e0​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c327fff89f0​: fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa
  0x0c327fff8a00​: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c327fff8a10​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c327fff8a20​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c327fff8a30​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c327fff8a40​: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes)​:
  Addressable​: 00
  Partially addressable​: 01 02 03 04 05 06 07
  Heap left redzone​: fa
  Freed heap region​: fd
  Stack left redzone​: f1
  Stack mid redzone​: f2
  Stack right redzone​: f3
  Stack after return​: f5
  Stack use after scope​: f8
  Global redzone​: f9
  Global init order​: f6
  Poisoned by user​: f7
  Container overflow​: fc
  Array cookie​: ac
  Intra object redzone​: bb
  ASan internal​: fe
  Left alloca redzone​: ca
  Right alloca redzone​: cb
==25922==ABORTING

From superbsegfault@gmail.com

heap_buffer_overflow

From @hvds

I suspect this is the same issue as rt133334, but we should check again after we get a fix for that.

Hugo

The RT System itself - Status changed from 'new' to 'open'

From @tonycoz

On Fri, 13 Jul 2018 04​:19​:23 -0700, hv wrote​:

I suspect this is the same issue as rt133334, but we should check
again after we get a fix for that.

It looks the same here​:

...
stash
SV = PVHV(0x557dea5db860) at 0x557dea5fb578
  REFCNT = 1
  FLAGS = (SHAREKEYS)
  ARRAY = 0x557dea620200 (0​:88, 1​:34, 2​:5, 3​:1)
  hash quality = 128.2%
  KEYS = 47
  FILL = 40
  MAX = 127
oldstash
SV = PVHV(0x557dea5db860) at 0x557dea5fb578
  REFCNT = 1
  FLAGS = (SHAREKEYS)
  ARRAY = 0x557dea620200 (0​:88, 1​:34, 2​:5, 3​:1)
  hash quality = 128.2%
  KEYS = 47
  FILL = 40
  MAX = 127
miniperl​: mro_core.c​:934​: S_mro_gather_and_rename​: Assertion `SvOOK(oldstash)' failed.
Aborted

Tony

From @tonycoz

On Thu, 02 Aug 2018 22​:19​:21 -0700, tonyc wrote​:

On Fri, 13 Jul 2018 04​:19​:23 -0700, hv wrote​:

I suspect this is the same issue as rt133334, but we should check
again after we get a fix for that.

It looks the same here​:

...
stash
SV = PVHV(0x557dea5db860) at 0x557dea5fb578
REFCNT = 1
FLAGS = (SHAREKEYS)
ARRAY = 0x557dea620200 (0​:88, 1​:34, 2​:5, 3​:1)
hash quality = 128.2%
KEYS = 47
FILL = 40
MAX = 127
oldstash
SV = PVHV(0x557dea5db860) at 0x557dea5fb578
REFCNT = 1
FLAGS = (SHAREKEYS)
ARRAY = 0x557dea620200 (0​:88, 1​:34, 2​:5, 3​:1)
hash quality = 128.2%
KEYS = 47
FILL = 40
MAX = 127
miniperl​: mro_core.c​:934​: S_mro_gather_and_rename​: Assertion
`SvOOK(oldstash)' failed.
Aborted

Since this seems like the same issue as #13334, it's also now public.

Not quite confident enough to merge them though.

Tony