Closed p5pRT closed 6 years ago
This is a bug report for perl from frank.wiegand@gmail.com\, generated with the help of perlbug 1.39 running under perl 5.12.0.
The following code crashes perl:
% perl5.12.0 -E 'given ( goto f ) { f: }' Use of "goto" to jump into a construct is deprecated at -e line 1. perl5.12.0: pp_ctl.c:4005: Perl_pp_leavegiven: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed. zsh: abort /opt/perl/perl-5.12.0-RC3/bin/perl5.12.0 -E 'given ( goto f ) { f: }
Yes\, I see the deprecated warning. Yes\, no one would do this.
But perl should not crash\, too.
Thanks\, Frank
Flags: category=core severity=low
Site configuration information for perl 5.12.0:
Configured by fw at Sat Apr 3 09:18:00 CEST 2010.
Summary of my perl5 (revision 5 version 12 subversion 0) configuration:
Platform:
osname=linux\, osvers=2.6.32-trunk-amd64\, archname=x86_64-linux
uname='linux hal2 2.6.32-trunk-amd64 #1 smp sun jan 10 22:40:40 utc 2010 x86_64 gnulinux '
config_args='-de -Dusedevel -DDEBUGGING=both -Doptimize=-g -Dcc=ccache gcc -Dld=gcc -Dprefix=/opt/perl/perl-5.12.0-RC3/ -Dmad'
hint=recommended\, useposix=true\, d_sigaction=define
useithreads=undef\, usemultiplicity=undef
useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef
use64bitint=define\, use64bitall=define\, uselongdouble=undef
usemymalloc=n\, bincompat5005=undef
Compiler:
cc='ccache gcc'\, ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'\,
optimize='-g'\,
cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
ccversion=''\, gccversion='4.4.3 20100108 (prerelease)'\, gccosandvers=''
intsize=4\, longsize=8\, ptrsize=8\, doublesize=8\, byteorder=12345678
d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=16
ivtype='long'\, ivsize=8\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8
alignbytes=8\, prototype=define
Linker and Libraries:
ld='gcc'\, ldflags =' -fstack-protector -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.10.2.so\, so=so\, useshrplib=false\, libperl=libperl.a
gnulibc_version='2.10.2'
Dynamic Linking:
dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-Wl\,-E'
cccdlflags='-fPIC'\, lddlflags='-shared -g -L/usr/local/lib -fstack-protector'
Locally applied patches: RC3
@INC for perl 5.12.0: /opt/perl/perl-5.12.0-RC3/lib/site_perl/5.12.0/x86_64-linux /opt/perl/perl-5.12.0-RC3/lib/site_perl/5.12.0 /opt/perl/perl-5.12.0-RC3/lib/5.12.0/x86_64-linux /opt/perl/perl-5.12.0-RC3/lib/5.12.0 .
Environment for perl 5.12.0: HOME=/home/fw LANG=de_DE.UTF-8 LANGUAGE= LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/sbin:/usr/sbin:/home/fw/bin:/home/fw/bin:/usr/local/bin:/usr/bin:/bin:/usr/games PERL_AUTOINSTALL=--defaultdeps PERL_BADLANG (unset) PERL_EXTUTILS_AUTOINSTALL=--defaultdeps PERL_MM_USE_DEFAULT=1 SHELL=/bin/zsh
The following code crashes perl:
% perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}' Use of "goto" to jump into a construct is deprecated at \-e line 1\. perl5\.12\.0​: pp\_ctl\.c​:4005​: Perl\_pp\_leavegiven​: Assertion \`\(\(cx\)\->cx\_u\.cx\_subst\.sbu\_type & 0xf\) == 3' failed\. zsh​: abort /opt/perl/perl\-5\.12\.0\-RC3/bin/perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}
This report triggers vague memories of a tool (not perl related) that generated random code fragments in an attempt to find flaws in a compiler or cpu (I forget which now). Ring a bell for anyone?
Yes\, no one would do this. But perl should not crash\, too.
Exactly.
An interesting project for someone: a tool that generates random perl code fragments in an attempt to find crashing bugs in perl.
Tim.
The RT System itself - Status changed from 'new' to 'open'
On Fri\, Apr 30\, 2010 at 10:04:13AM +0100\, Tim Bunce wrote:
The following code crashes perl:
% perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}' Use of "goto" to jump into a construct is deprecated at \-e line 1\. perl5\.12\.0​: pp\_ctl\.c​:4005​: Perl\_pp\_leavegiven​: Assertion \`\(\(cx\)\->cx\_u\.cx\_subst\.sbu\_type & 0xf\) == 3' failed\. zsh​: abort /opt/perl/perl\-5\.12\.0\-RC3/bin/perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}
This report triggers vague memories of a tool (not perl related) that generated random code fragments in an attempt to find flaws in a compiler or cpu (I forget which now). Ring a bell for anyone?
ftp://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz-revisited.ps
Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services.
I believe that Ilya Z also did something related by using Markov chains to feed plausible garbage to the perl interpreter\, identifying the cause of the crashes\, and then patching the bugs.
Nicholas Clark
Am Donnerstag\, den 29.04.2010\, 01:36 -0700 schrieb Frank Wiegand:
The following code crashes perl:
% perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}' Use of "goto" to jump into a construct is deprecated at \-e line 1\. perl5\.12\.0​: pp\_ctl\.c​:4005​: Perl\_pp\_leavegiven​: Assertion \`\(\(cx\)\->cx\_u\.cx\_subst\.sbu\_type & 0xf\) == 3' failed\. zsh​: abort /opt/perl/perl\-5\.12\.0\-RC3/bin/perl5\.12\.0 \-E 'given \( goto f \) \{ f​: \}
Yes\, I see the deprecated warning.
This one is without the warning:
% perl-5.12.0-RC3 -wE 'given( do { goto f } ) { f: }' perl-5.12.0-RC3: pp_ctl.c:4005: Perl_pp_leavegiven: Assertion `((cx)->cx_u.cx_subst.sbu_type & 0xf) == 3' failed. zsh: abort LC_ALL=C perl-5.12.0-RC3 -wE 'given( do { goto f } ) { f: }'
Yes\, no one would do this. But perl should not crash\, too.
Still true.
Frank
I’ve fixed this bug in commit a01f464 by forbidding goto-into-given.
--
Father Chrysostomos
@cpansprout - Status changed from 'open' to 'resolved'
@cpansprout - Status changed from 'resolved' to 'pending release'
Thank you for filing this report. You have helped make Perl better.
With the release yesterday of Perl 5.28.0\, this and 185 other issues have been resolved.
Perl 5.28.0 may be downloaded via: https://metacpan.org/release/XSAWYERX/perl-5.28.0
If you find that the problem persists\, feel free to reopen this ticket.
@khwilliamson - Status changed from 'pending release' to 'resolved'
Migrated from rt.perl.org#74764 (status was 'resolved')
Searchable as RT74764$