Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

inline.h:147: I32 S_POPMARK(): Assertion `(PL_markstack_ptr > PL_markstack) || !"MARK underflow"' failed. #16033

Open
p5pRT opened this issue Jun 22, 2017 · 2 comments

Comments

@p5pRT
Copy link

p5pRT commented Jun 22, 2017

Migrated from rt.perl.org#131634 (status was 'new')

Searchable as RT131634$

@p5pRT
Copy link
Author

p5pRT commented Jun 22, 2017

From @dur-randir

Created by @dur-randir

While fuzzing perl v5.27.1-37-g4c95ee9f29 built with afl and run
under libdislocator, I found the following program

00000000 31 2b 65 76 61 6c 20 71 21 28 29 20 3d 20 73 6f |1+eval q!() = so|
00000010 72 74 7b 30 7d 30 2c 30 2e 2e 5f 21 |rt{0}0,0.._!|
0000001c

to cause an assertion failure. This is a regression in v5.26, bisect points to​:

commit b369834
Author​: Zefram <zefram@​fysh.org>
Date​: Fri Jan 27 03​:55​:46 2017 +0000

  fix range op under aborted constant folding

GDB info about the crash location is​:

gdb$ bt
#0 __GI_raise (sig=sig@​entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c​:51
#1 0x00007f13bf1443fa in __GI_abort () at abort.c​:89
#2 0x00007f13bf13be37 in __assert_fail_base (fmt=<optimized out>,
assertion=assertion@​entry=0x563740fe6e88 "(PL_markstack_ptr >
PL_markstack) || !\"MARK underflow\"", file=file@​entry=0x563740fe6d20
"inline.h", line=line@​entry=0x93,
function=function@​entry=0x563740fe90f8 <__PRETTY_FUNCTION__.14228>
"S_POPMARK") at assert.c​:92
#3 0x00007f13bf13bee2 in __GI___assert_fail (assertion=0x563740fe6e88
"(PL_markstack_ptr > PL_markstack) || !\"MARK underflow\"",
file=0x563740fe6d20 "inline.h", line=0x93, function=0x563740fe90f8
<__PRETTY_FUNCTION__.14228> "S_POPMARK") at assert.c​:101
#4 0x0000563740dacc78 in S_POPMARK () at inline.h​:147
#5 0x0000563740db71ea in Perl_pp_aassign () at pp_hot.c​:1250
#6 0x0000563740d60a7d in Perl_runops_debug () at dump.c​:2451
#7 0x0000563740f63287 in S_sortcv (a=0x5637430e8b78,
b=0x5637430e93d0) at pp_sort.c​:1799
#8 0x0000563740f5dcd0 in dynprep (list1=0x5637430cfb60,
list2=0x7ffd9cd562d0, nmemb=0x2, cmp=0x563740f63093 <S_sortcv>) at
pp_sort.c​:197
#9 0x0000563740f5e150 in S_mergesortsv (base=0x5637430cfb60,
nmemb=0x2, cmp=0x563740f63093 <S_sortcv>, flags=0x0) at pp_sort.c​:379
#10 0x0000563740f60609 in Perl_sortsv_flags (array=0x5637430cfb60,
nmemb=0x2, cmp=0x563740f63093 <S_sortcv>, flags=0x0) at pp_sort.c​:1463
#11 0x0000563740f627c2 in Perl_pp_sort () at pp_sort.c​:1686
#12 0x0000563740d60a7d in Perl_runops_debug () at dump.c​:2451
#13 0x0000563740c56b3d in S_run_body (oldscope=0x1) at perl.c​:2548
#14 0x0000563740c560bb in perl_run (my_perl=0x5637430cb010) at perl.c​:2471
#15 0x0000563740c0ef3e in main (argc=0x2, argv=0x7ffd9cd56f48,
env=0x7ffd9cd56f60) at perlmain.c​:123

Perl Info

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.27.1:

Configured by root at Sun May 28 01:44:41 MSK 2017.

Summary of my perl5 (revision 5 version 26 subversion 0) configuration:
  Derived from: 4c95ee9f298c2edfc1382d540ff89288790e78b6
  Platform:
    osname=linux
    osvers=4.9.0-3-amd64
    archname=x86_64-linux
    uname='linux dorothy 4.9.0-3-amd64 #1 smp debian 4.9.25-1
(2017-05-02) x86_64 gnulinux '
    config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast
-Doptimize=-O0 -g -ggdb3 -fno-omit-frame-pointer'
    hint=previous
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
    bincompat5005=undef
  Compiler:
    cc='afl-clang-fast'
    ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
    optimize='-O0 -g -ggdb3 -fno-omit-frame-pointer'
    cppflags='-DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector-strong -I/usr/local/include'
    ccversion=''
    gccversion='4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='afl-clang-fast'
    ldflags =' -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib
/usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu
/lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
/usr/local/lib /usr/lib/llvm-3.9/bin/../lib/clang/3.9.1/lib
/usr/include/x86_64-linux-gnu /usr/lib
    libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.24.so
    so=so
    useshrplib=false
    libperl=libperl.a
    gnulibc_version='2.24'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -O0 -g -ggdb3 -fno-omit-frame-pointer
-L/usr/local/lib -fstack-protector-strong'

Locally applied patches:
    uncommitted-changes


@INC for perl 5.27.1:
    lib
    /usr/local/lib/perl5/site_perl/5.26.0/x86_64-linux
    /usr/local/lib/perl5/site_perl/5.26.0
    /usr/local/lib/perl5/5.26.0/x86_64-linux
    /usr/local/lib/perl5/5.26.0


Environment for perl 5.27.1:
    HOME=/home/afl
    LANG=en_US.UTF-8
    LANGUAGE=en_US:en
    LC_CTYPE=en_US.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
    PERLBREW_BASHRC_VERSION=0.78
    PERLBREW_HOME=/home/afl/.perlbrew
    PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.24.1-dbg/man
    PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.24.1-dbg/bin
    PERLBREW_PERL=perl-5.24.1-dbg
    PERLBREW_ROOT=/home/afl/perlbrew
    PERLBREW_VERSION=0.78
    PERL_BADLANG (unset)
    SHELL=/usr/bin/zsh

@p5pRT
Copy link
Author

p5pRT commented Jun 22, 2017

From @dur-randir

0076

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants