Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Random made scripts crashing perl #7463

Closed
p5pRT opened this issue Aug 13, 2004 · 6 comments
Closed

Random made scripts crashing perl #7463

p5pRT opened this issue Aug 13, 2004 · 6 comments
Labels
distro-Linux type-core

Comments

@p5pRT
Copy link

p5pRT commented Aug 13, 2004

Migrated from rt.perl.org#31111 (status was 'resolved')

Searchable as RT31111$
@p5pRT
Copy link
Author

p5pRT commented Aug 13, 2004

From skarkkai@woods.iki.fi

Created by skarkkai@woods.iki.fi

http​://www.woods.iki.fi/t/perlabuse/ contains a number of scripts --
segfault\d.pl -- that all crash all or most perl versions I've tried,
mostly on i386.

Those are created by running perlabuse.sh a few hours. That program
will generate random perl programs, eval them, and print them on stdout
in case they seem to crash. Usually the crash is due to the program
exceeding resource limits, but now and then it finds also real bugs.

Perl Info 

Flags:
    category=core
    severity=medium

Site configuration information for perl v5.8.3:

Configured by bhcompile at Thu Apr 15 13:08:28 EDT 2004.

Summary of my perl5 (revision 5.0 version 8 subversion 3) configuration:
  Platform:
    osname=linux, osvers=2.4.21-4.elsmp, archname=i386-linux-thread-multi
    uname='linux tweety.devel.redhat.com 2.4.21-4.elsmp #1 smp fri oct 3 17:52:56 edt 2003 i686 i686 i386 gnulinux '
    config_args='-des -Doptimize=-O2 -g -pipe -march=i386 -mcpu=i686 -Dversion=5.8.3 -Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dinc_version_list=5.8.2 5.8.1 5.8.0'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2 -g -pipe -march=i386 -mcpu=i686',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='3.3.3 20040412 (Red Hat Linux 3.3.3-7)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.3.3.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.3.3'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic -Wl,-rpath,/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    


@INC for perl v5.8.3:
    /usr/lib/perl5/5.8.3/i386-linux-thread-multi
    /usr/lib/perl5/5.8.3
    /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.3
    /usr/lib/perl5/site_perl/5.8.2
    /usr/lib/perl5/site_perl/5.8.1
    /usr/lib/perl5/site_perl/5.8.0
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.3
    /usr/lib/perl5/vendor_perl/5.8.2
    /usr/lib/perl5/vendor_perl/5.8.1
    /usr/lib/perl5/vendor_perl/5.8.0
    /usr/lib/perl5/vendor_perl
    .


Environment for perl v5.8.3:
    HOME=/home/skarkkai
    LANG=C
    LANGUAGE (unset)
    LC_CTYPE=fi_FI@euro
    LC_PAPER=fi_FI@euro
    LD_LIBRARY_PATH=/opt/YoSucker/current/lib:/opt/cxoffice/current/lib:/opt/dfb/current/lib:/opt/gimp/current/lib:/opt/mplayer/current/lib:/opt/netbrake/current/lib:/opt/shake/current/lib
    LOGDIR (unset)
    PATH=/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/lib/jre/bin:/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/bin:/opt/rsbac/bin:/home/skarkkai/bin:/usr/lib/jre/bin:/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/bin:/opt/rsbac/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Aug 28, 2004

From whatever@davidnicol.com

This is an interesting result, but it's incomplete. Would you mind
identifying where within the segfault-producing random scripts the
segfault occurs?

I bet you can even automate the process.

On Fri, 2004-08-13 at 16​:47, skarkkai@​woods.iki.fi (via RT) wrote​:

# New Ticket Created by skarkkai@​woods.iki.fi
# Please include the string​: [perl #31111]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org​:80/rt3/Ticket/Display.html?id=31111 >

http​://www.woods.iki.fi/t/perlabuse/ contains a number of scripts --
segfault\d.pl -- that all crash all or most perl versions I've tried,
mostly on i386.

@p5pRT
Copy link
Author

p5pRT commented Aug 28, 2004

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Aug 28, 2004

From skarkkai@woods.iki.fi

On Sat, Aug 28, 2004 at 12​:38​:32AM -0000, david nicol via RT wrote​:

This is an interesting result, but it's incomplete. Would you mind
identifying where within the segfault-producing random scripts the
segfault occurs?

I bet you can even automate the process.

You mean something like instead of just printing out the script, create
a tree representation of its structure, and if the script makes perl
crash, trim the tree to the minimum where it still crashes? I guess
that would be possible. Would that considerably help fixing the bugs?

--
  Samuli Kärkkäinen |\ _,,,---,,_
skarkkai@​woods.iki.fi ---------ZZZzz /,`.-'`' -. ;-;;,_------
http​://www.woods.iki.fi |,4- ) )-,_. ,\ ( `'-'
  '---''(_/--' `-'\_)

@p5pRT
Copy link
Author

p5pRT commented Sep 1, 2004

From @iabyn

On Sat, Aug 28, 2004 at 03​:53​:38AM +0300, Samuli Karkkainen wrote​:

On Sat, Aug 28, 2004 at 12​:38​:32AM -0000, david nicol via RT wrote​:

This is an interesting result, but it's incomplete. Would you mind
identifying where within the segfault-producing random scripts the
segfault occurs?

I bet you can even automate the process.

You mean something like instead of just printing out the script, create
a tree representation of its structure, and if the script makes perl
crash, trim the tree to the minimum where it still crashes? I guess
that would be possible. Would that considerably help fixing the bugs?

Please ignore the above comment. It was easy enough to track down the
segfaults with just the full scripts, which were very short.

Of the seven segfaults, 1 & 2 have been fixed in Perl 5.8.5, and
in addition, 4,6 and 7 have been fixed in the current development version
of Perl. This leaves just 3 and 5, which are both just variants
of the code

  formline undef;

It turns out that the foemline op assumed that its first arg was a valid
string.

The patch beolow to bleedperl fixes that assumption.

Dave.

--
In my day, we used to edit the inodes by hand. With magnets.

Change 23251 by davem@​davem-percy on 2004/09/01 22​:17​:47

  [perl #31111] Random made scripts crashing perl
  fix 'formline undef' coredump

Affected files ...

... //depot/perl/pp_ctl.c#403 edit
... //depot/perl/t/lib/warnings/9uninit#5 edit

Differences ...

==== //depot/perl/pp_ctl.c#403 (text) ====

@​@​ -379,7 +379,8 @​@​
  NV value;
  bool gotsome = FALSE;
  STRLEN len;
- STRLEN fudge = SvCUR(tmpForm) * (IN_BYTES ? 1 : 3) + 1;
+ STRLEN fudge = SvPOK(tmpForm)
+ ? (SvCUR(tmpForm) * (IN_BYTES ? 1 : 3) + 1) : 0;
  bool item_is_utf8 = FALSE;
  bool targ_is_utf8 = FALSE;
  SV * nsv = Nullsv;
@​@​ -387,6 +388,8 @​@​
  char *fmt;
  bool oneline;

+
+
  if (!SvMAGICAL(tmpForm) || !SvCOMPILED(tmpForm)) {
  if (SvREADONLY(tmpForm)) {
  SvREADONLY_off(tmpForm);

==== //depot/perl/t/lib/warnings/9uninit#5 (text) ====

@​@​ -885,7 +885,8 @​@​

$v = sprintf $m1;
$v = sprintf '%d%d%d%d', $m1, $m2, $g1, $g2;
-eval {formline $m1 }; undef $m1;
+my $m3;
+eval {formline $m3 };
formline '@​<<@​<<@​<<@​<<', $m1, $m2, $g1, $g2;
EXPECT
Use of uninitialized value $m1 in sprintf at - line 5.

@p5pRT
Copy link
Author

p5pRT commented Sep 4, 2005

@smpeters - Status changed from 'open' to 'resolved'

@p5pRT p5pRT closed this as completed Sep 4, 2005
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
distro-Linux type-core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@p5pRT