search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.95k stars 554 forks source link

-E 'given( goto f ) { f: }' => crash #10355

Closed p5pRT closed 6 years ago

p5pRT commented 14 years ago

Migrated from rt.perl.org#74764 (status was 'resolved')

Searchable as RT74764$

p5pRT commented 14 years ago

From frank.wiegand@gmail.com

This is a bug report for perl from frank.wiegand@​gmail.com\, generated with the help of perlbug 1.39 running under perl 5.12.0.

The following code crashes perl​:

  % perl5.12.0 -E 'given ( goto f ) { f​: }'   Use of "goto" to jump into a construct is deprecated at -e line 1.   perl5.12.0​: pp_ctl.c​:4005​: Perl_pp_leavegiven​: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed.   zsh​: abort /opt/perl/perl-5.12.0-RC3/bin/perl5.12.0 -E 'given ( goto f ) { f​: }

Yes\, I see the deprecated warning. Yes\, no one would do this.

But perl should not crash\, too.

Thanks\, Frank

Flags​:   category=core   severity=low

Site configuration information for perl 5.12.0​:

Configured by fw at Sat Apr 3 09​:18​:00 CEST 2010.

Summary of my perl5 (revision 5 version 12 subversion 0) configuration​:  
  Platform​:   osname=linux\, osvers=2.6.32-trunk-amd64\, archname=x86_64-linux   uname='linux hal2 2.6.32-trunk-amd64 #1 smp sun jan 10 22​:40​:40 utc 2010 x86_64 gnulinux '   config_args='-de -Dusedevel -DDEBUGGING=both -Doptimize=-g -Dcc=ccache gcc -Dld=gcc -Dprefix=/opt/perl/perl-5.12.0-RC3/ -Dmad'   hint=recommended\, useposix=true\, d_sigaction=define   useithreads=undef\, usemultiplicity=undef   useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef   use64bitint=define\, use64bitall=define\, uselongdouble=undef   usemymalloc=n\, bincompat5005=undef   Compiler​:   cc='ccache gcc'\, ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'\,   optimize='-g'\,   cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'   ccversion=''\, gccversion='4.4.3 20100108 (prerelease)'\, gccosandvers=''   intsize=4\, longsize=8\, ptrsize=8\, doublesize=8\, byteorder=12345678   d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=16   ivtype='long'\, ivsize=8\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8   alignbytes=8\, prototype=define   Linker and Libraries​:   ld='gcc'\, ldflags =' -fstack-protector -L/usr/local/lib'   libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64   libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat   perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc   libc=/lib/libc-2.10.2.so\, so=so\, useshrplib=false\, libperl=libperl.a   gnulibc_version='2.10.2'   Dynamic Linking​:   dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-Wl\,-E'   cccdlflags='-fPIC'\, lddlflags='-shared -g -L/usr/local/lib -fstack-protector'

Locally applied patches​:   RC3

@​INC for perl 5.12.0​:   /opt/perl/perl-5.12.0-RC3/lib/site_perl/5.12.0/x86_64-linux   /opt/perl/perl-5.12.0-RC3/lib/site_perl/5.12.0   /opt/perl/perl-5.12.0-RC3/lib/5.12.0/x86_64-linux   /opt/perl/perl-5.12.0-RC3/lib/5.12.0   .

Environment for perl 5.12.0​:   HOME=/home/fw   LANG=de_DE.UTF-8   LANGUAGE=   LD_LIBRARY_PATH (unset)   LOGDIR (unset)   PATH=/sbin​:/usr/sbin​:/home/fw/bin​:/home/fw/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/games   PERL_AUTOINSTALL=--defaultdeps   PERL_BADLANG (unset)   PERL_EXTUTILS_AUTOINSTALL=--defaultdeps   PERL_MM_USE_DEFAULT=1   SHELL=/bin/zsh

p5pRT commented 14 years ago

From @timbunce

The following code crashes perl​:

    % perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}'
    Use of "goto" to jump into a construct is deprecated at \-e line 1\.
    perl5\.12\.0​: pp\_ctl\.c​:4005​: Perl\_pp\_leavegiven​: Assertion \`\(\(cx\)\->cx\_u\.cx\_subst\.sbu\_type & 0xf\) == 3' failed\.
    zsh​: abort      /opt/perl/perl\-5\.12\.0\-RC3/bin/perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}

This report triggers vague memories of a tool (not perl related) that generated random code fragments in an attempt to find flaws in a compiler or cpu (I forget which now). Ring a bell for anyone?

Yes\, no one would do this. But perl should not crash\, too.

Exactly.

An interesting project for someone​: a tool that generates random perl code fragments in an attempt to find crashing bugs in perl.

Tim.

p5pRT commented 14 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 14 years ago

From @nwc10

On Fri\, Apr 30\, 2010 at 10​:04​:13AM +0100\, Tim Bunce wrote​:

The following code crashes perl​:

    % perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}'
    Use of "goto" to jump into a construct is deprecated at \-e line 1\.
    perl5\.12\.0​: pp\_ctl\.c​:4005​: Perl\_pp\_leavegiven​: Assertion \`\(\(cx\)\->cx\_u\.cx\_subst\.sbu\_type & 0xf\) == 3' failed\.
    zsh​: abort      /opt/perl/perl\-5\.12\.0\-RC3/bin/perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}

This report triggers vague memories of a tool (not perl related) that generated random code fragments in an attempt to find flaws in a compiler or cpu (I forget which now). Ring a bell for anyone?

ftp​://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz-revisited.ps

Fuzz Revisited​: A Re-examination of the Reliability of UNIX Utilities and Services.

I believe that Ilya Z also did something related by using Markov chains to feed plausible garbage to the perl interpreter\, identifying the cause of the crashes\, and then patching the bugs.

Nicholas Clark

p5pRT commented 14 years ago

From frank.wiegand@gmail.com

Am Donnerstag\, den 29.04.2010\, 01​:36 -0700 schrieb Frank Wiegand​:

The following code crashes perl​:

    % perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}'
    Use of "goto" to jump into a construct is deprecated at \-e line 1\.
    perl5\.12\.0​: pp\_ctl\.c​:4005​: Perl\_pp\_leavegiven​: Assertion \`\(\(cx\)\->cx\_u\.cx\_subst\.sbu\_type & 0xf\) == 3' failed\.
    zsh​: abort      /opt/perl/perl\-5\.12\.0\-RC3/bin/perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}

Yes\, I see the deprecated warning.

This one is without the warning​:

  % perl-5.12.0-RC3 -wE 'given( do { goto f } ) { f​: }'   perl-5.12.0-RC3​: pp_ctl.c​:4005​: Perl_pp_leavegiven​: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed.   zsh​: abort LC_ALL=C perl-5.12.0-RC3 -wE 'given( do { goto f } ) { f​: }'

Yes\, no one would do this. But perl should not crash\, too.

Still true.

Frank

p5pRT commented 6 years ago

From @cpansprout

I’ve fixed this bug in commit a01f464 by forbidding goto-into-given.

--

Father Chrysostomos

p5pRT commented 6 years ago

@cpansprout - Status changed from 'open' to 'resolved'

p5pRT commented 6 years ago

@cpansprout - Status changed from 'resolved' to 'pending release'

p5pRT commented 6 years ago

From @khwilliamson

Thank you for filing this report. You have helped make Perl better.

With the release yesterday of Perl 5.28.0\, this and 185 other issues have been resolved.

Perl 5.28.0 may be downloaded via​: https://metacpan.org/release/XSAWYERX/perl-5.28.0

If you find that the problem persists\, feel free to reopen this ticket.

p5pRT commented 6 years ago

@khwilliamson - Status changed from 'pending release' to 'resolved'