Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion failure in Perl_pp_leave (pp_ctl.c:2121) #16982

Open
p5pRT opened this issue Apr 26, 2019 · 1 comment
Open

Assertion failure in Perl_pp_leave (pp_ctl.c:2121) #16982

p5pRT opened this issue Apr 26, 2019 · 1 comment
Labels
assertion failure type-core

Comments

@p5pRT
Copy link

p5pRT commented Apr 26, 2019

Migrated from rt.perl.org#134065 (status was 'new')

Searchable as RT134065$
@p5pRT
Copy link
Author

p5pRT commented Apr 26, 2019

From @dur-randir

Created by @dur-randir

While fuzzing perl v5.29.10-23-g7c0d7520a3 built with afl and run
under libdislocator, I found the following program

x{}u{0^\sort{0}0=>(O..0);{}}

To cause an assertion failure

perl​: pp_ctl.c​:2121​: OP *Perl_pp_leave(void)​: Assertion `CxTYPE(cx) ==
CXt_BLOCK' failed.

GDB stack trace is following

#0 __GI_raise (sig=sig@​entry=6) at ../sysdeps/unix/sysv/linux/raise.c​:50
#1 0x00007ffff7c25535 in __GI_abort () at abort.c​:79
#2 0x00007ffff7c2540f in __assert_fail_base (fmt=0x7ffff7d87ee0
"%s%s%s​:%u​: %s%sAssertion `%s' failed.\n%n",
  assertion=0x555555acd916 "CxTYPE(cx) == CXt_BLOCK",
file=0x555555acc455 "pp_ctl.c", line=2121, function=<optimized out>)
at assert.c​:92
#3 0x00007ffff7c330f2 in __GI___assert_fail (assertion=0x555555acd916
"CxTYPE(cx) == CXt_BLOCK", file=0x555555acc455 "pp_ctl.c", line=2121,
  function=0x555555ad3220 <__PRETTY_FUNCTION__.18989>
"Perl_pp_leave") at assert.c​:101
#4 0x0000555555832e58 in Perl_pp_leave () at pp_ctl.c​:2121
#5 0x000055555570c635 in Perl_runops_debug () at dump.c​:2537
#6 0x000055555591f4f9 in S_sortcv (a=0x555555b77e80,
b=0x555555b53740) at pp_sort.c​:1132
#7 0x000055555591b559 in dynprep (list1=0x555555b55db0,
list2=0x7fffffffd540, nmemb=2, cmp=0x55555591f136 <S_sortcv>) at
pp_sort.c​:197
#8 0x000055555591b9fc in Perl_sortsv_flags (base=0x555555b55db0,
nmemb=2, cmp=0x55555591f136 <S_sortcv>, flags=0) at pp_sort.c​:388
#9 0x000055555591e7c8 in Perl_pp_sort () at pp_sort.c​:1014
#10 0x000055555570c635 in Perl_runops_debug () at dump.c​:2537
#11 0x00005555555ed63d in S_run_body (oldscope=1) at perl.c​:2716
#12 0x00005555555ecbbb in perl_run (my_perl=0x555555b51260) at perl.c​:2639
#13 0x00005555555a1181 in main (argc=2, argv=0x7fffffffe1d8,
env=0x7fffffffe1f0) at perlmain.c​:134

This is a regression between 5.24 and 5.26, bisect points to

commit b369834
Author​: Zefram <zefram@​fysh.org>
Date​: Fri Jan 27 03​:55​:46 2017 +0000

  fix range op under aborted constant folding

  When constant-folding a range/flipflop construct, the op_next threading
  of peephole optimisation caused multiple ops in the construct to have
  a null op_next, because the final (and top-level) op in the construct
  is a null op. This meant that simple restoration of the top-level
  op's op_next after execution wouldn't get it back into a fit state
  to be composed with other ops. In the event that the range construct
  couldn't be constant-folded this made it compile to a broken optree.
  If it couldn't be constant-folded but could actually be executed, for
  example because it generated a warning, this meant the brokenness would
  be encountered at runtime. Execution would stop after the range op,
  because of the null op_next.

Perl Info 

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.29.9:

Configured by dur-randir at Wed Feb 27 14:51:01 MSK 2019.

Summary of my perl5 (revision 5 version 29 subversion 9) configuration:
  Commit id: c1e47bad34ce1d9c84ed57c9b8978bcbd5a02e98
  Platform:
    osname=darwin
    osvers=13.4.0
    archname=darwin-thread-multi-2level
    uname='darwin isengard.local 13.4.0 darwin kernel version 13.4.0:
mon jan 11 18:17:34 pst 2016; root:xnu-2422.115.15~1release_x86_64
x86_64 '
    config_args='-de -Dusedevel -DDEBUGGING -Dusethreads'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=define
    usemultiplicity=define
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='cc'
    ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include -DPERL_USE_SAFE_PUTENV'
    optimize='-O3 -g'
    cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9
-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include'
    ccversion=''
    gccversion='4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc'
    ldflags =' -mmacosx-version-min=10.9 -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.0/lib
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib
/usr/lib
    libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc
    perllibs=-lpthread -ldl -lm -lutil -lc
    libc=
    so=dylib
    useshrplib=false
    libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=bundle
    d_dlsymun=undef
    ccdlflags=' '
    cccdlflags=' '
    lddlflags=' -mmacosx-version-min=10.9 -bundle -undefined
dynamic_lookup -L/usr/local/lib -fstack-protector'



@INC for perl 5.29.9:
    lib
    /usr/local/lib/perl5/site_perl/5.29.9/darwin-thread-multi-2level
    /usr/local/lib/perl5/site_perl/5.29.9
    /usr/local/lib/perl5/5.29.9/darwin-thread-multi-2level
    /usr/local/lib/perl5/5.29.9


Environment for perl 5.29.9:
    DYLD_LIBRARY_PATH (unset)
    HOME=/Users/dur-randir
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin
    PERLBREW_HOME=/Users/dur-randir/.perlbrew
    PERLBREW_MANPATH=/Users/dur-randir/perlbrew/perls/perl-5.22.1/man
    PERLBREW_PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin
    PERLBREW_PERL=perl-5.22.1
    PERLBREW_ROOT=/Users/dur-randir/perlbrew
    PERLBREW_SHELLRC_VERSION=0.84
    PERLBREW_VERSION=0.84
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/zsh

@xenu xenu removed the affects-5.29 label Nov 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
assertion failure type-core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@khwilliamson @xenu @p5pRT