New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segmentation fault in pack (S_pack_rec tries to access unallocated memory) #14977
Comments
From @dcollinsnGreetings Porters, I have compiled bleadperl with the afl-gcc compiler using: ./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Duselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -des And then fuzzed the resulting binary using: AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@ After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers a segmentation fault in the perl interpreter. The testcase is the file: pack+WH200000,\0 Today I'm reporting a pair of bugs related to pack/unpack. They appeared to be related, but GDB shows that they have very different behaviours. This is by far the tamer of the two. **GDB** (gdb) run Program received signal SIGSEGV, Segmentation fault. **VALGRIND** ==31388== Memcheck, a memory error detector **PERL -V** Summary of my perl5 (revision 5 version 23 subversion 4) configuration: Characteristics of this binary (from libperl): |
From @tonycozOn Sun Oct 11 04:49:37 2015, dcollinsn@gmail.com wrote:
The attached seems to fix it. I'm going to review the other pack handlers to check for similar issues. Tony |
From @tonycoz0001-perl-126325-don-t-read-past-the-end-of-the-source-fo.patch
|
The RT System itself - Status changed from 'new' to 'open' |
From @tonycozOn Wed Oct 21 18:05:47 2015, tonyc wrote:
Pushed as 0403a1a.
The others seemed ok to me. Tony |
@tonycoz - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#126325 (status was 'resolved')
Searchable as RT126325$
The text was updated successfully, but these errors were encountered: