From @geeknik

This assertion failure was triggered with Perl v5.27.6-346-gd4abdeed82,
built with clang 6-trunk and -fsanitize=address.

./perl -e '$_="0\x{1000000}";/^000?\0000/'
perl​: util.c​:816​: char *Perl_fbm_instr(unsigned char *, unsigned char *, SV
*, U32)​: Assertion `bigend >= big' failed.
Aborted

#0 __GI_raise (sig=sig@​entry=6) at ../sysdeps/unix/sysv/linux/raise.c​:58
#1 0x00007ffff6cc837a in __GI_abort () at abort.c​:89
#2 0x00007ffff6cbeb47 in __assert_fail_base (fmt=<optimized out>,
assertion=assertion@​entry=0xcbcde0 <.str.35> "bigend >= big",
file=file@​entry=0xcbc440 <.str.9> "util.c", line=line@​entry=816,
  function=function@​entry=0xcbcc40 <__PRETTY_FUNCTION__.Perl_fbm_instr>
"char *Perl_fbm_instr(unsigned char *, unsigned char *, SV *, U32)") at
assert.c​:92
#3 0x00007ffff6cbebf2 in __GI___assert_fail (assertion=0xcbcde0 <.str.35>
"bigend >= big", file=0xcbc440 <.str.9> "util.c", line=816,
function=0xcbcc40 <__PRETTY_FUNCTION__.Perl_fbm_instr> "char
*Perl_fbm_instr(unsigned char *, unsigned char *, SV *, U32)") at
assert.c​:101
#4 0x00000000007bda79 in Perl_fbm_instr (big=<optimized out>,
bigend=0x602000000fb3 "\200\200\200", littlestr=0x621000001968, flags=0) at
util.c​:816
#5 0x0000000000a9dbb4 in Perl_re_intuit_start (rx=0x602000000fb6,
sv=<optimized out>, strbeg=0x602000000fb0 "0\371\200\200\200\200",
strpos=<optimized out>, strend=0x602000000fb6 "", flags=<optimized out>,
data=<optimized out>) at regexec.c​:935
#6 0x0000000000a92680 in Perl_regexec_flags (rx=0x62100000c328,
stringarg=0x602000000fb0 "0\371\200\200\200\200", strend=0x602000000fb6 "",
strbeg=0x602000000fb0 "0\371\200\200\200\200", minend=0, sv=<optimized
out>, data=<optimized out>, flags=<optimized out>) at regexec.c​:3015
#7 0x0000000000877578 in Perl_pp_match () at pp_hot.c​:3046
#8 0x00000000007b47e9 in Perl_runops_debug () at dump.c​:2495
#9 0x00000000005a6332 in S_run_body (oldscope=1) at perl.c​:2717
#10 0x00000000005a5981 in perl_run (my_perl=<optimized out>) at perl.c​:2633
#11 0x0000000000503698 in main (argc=<optimized out>, argv=<optimized out>,
env=0x7fffffffe380) at perlmain.c​:123

From @khwilliamson

I looked at this briefly. It looks like an issue where something is expecting a NUL-terminated C string, but the data contains an embedded NUL. Scanning through the fbm code, I saw only operation that allowed embedded NULs.

--
Karl Williamson

The RT System itself - Status changed from 'new' to 'open'

From @demerphq

On 7 February 2018 at 22​:35, Karl Williamson via RT
<perlbug-followup@​perl.org> wrote​:

I looked at this briefly. It looks like an issue where something is expecting a NUL-terminated C string, but the data contains an embedded NUL. Scanning through the fbm code, I saw only operation that allowed embedded NULs.

Run it with -Mre=Debug,ALL
...
Matching REx "^000?\0000" against "0%x{1000000}"
UTF-8 string...
Intuit​: trying to determine minimum start position...
  substrs[0]​: min=0 max=0 end shift=2 useful=100 utf8=1 [PVMG("00"\0)
[UTF8 "00"]]
  substrs[1]​: min=2 max=3 end shift=0 useful=100 utf8=1
[PVMG("\0000"\0) [UTF8 "\x{0}0"]]
  substrs[2]​: min=2 max=3 end shift=0 useful=100 utf8=1
[PVMG("\0000"\0) [UTF8 "\x{0}0"]]
  At restart​: rx_origin=0 Check offset min​: 2 Start shift​: 2 End shift
0 Real end Shift​: 0
[assert goes here]

The string is only two characters long, and the string we are looking
for "\x{0}0" has to be found at position 2 or later.

We are falling into the block at around 1253 of regexec.c where we
recompute the endpoint, and we dont take into account that doing so
could move the endpoint to before the start point.

Fixed in 12453e2

:-)

I think this can be closed.

Yves

From @khwilliamson

Agreed. Closing
--
Karl Williamson

@khwilliamson - Status changed from 'open' to 'pending release'

From @khwilliamson

Thank you for filing this report. You have helped make Perl better.

With the release yesterday of Perl 5.28.0, this and 185 other issues have been
resolved.

Perl 5.28.0 may be downloaded via​:
https://metacpan.org/release/XSAWYERX/perl-5.28.0

If you find that the problem persists, feel free to reopen this ticket.

@khwilliamson - Status changed from 'pending release' to 'resolved'