search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.91k stars 542 forks source link

Assertion failure in S_maybe_multiconcat (op.c:3323) #16863

Open p5pRT opened 5 years ago

p5pRT commented 5 years ago

Migrated from rt.perl.org#133881 (status was 'new')

Searchable as RT133881$

p5pRT commented 5 years ago

From @dur-randir

Created by @dur-randir

While fuzzing perl v5.29.8-21-gde59f38ed9 built with afl and run under libdislocator\, I found the following program

00.=my$0=00.0

to cause an assertion failure​:

perl​: op.c​:3323​: void S_maybe_multiconcat(OP *)​: Assertion `!targmyop' failed.

GDB stack trace is following​:

#1 0x00007ffff7c25535 in __GI_abort () at abort.c​:79 #2 0x00007ffff7c2540f in __assert_fail_base (fmt=0x7ffff7d87ee0 "%s%s%s​:%u​: %s%sAssertion `%s' failed.\n%n"\, assertion=0x555555911678 "!targmyop"\,   file=0x55555590f7ae "op.c"\, line=3323\, function=\) at assert.c​:92 #3 0x00007ffff7c330f2 in __GI___assert_fail (assertion=0x555555911678 "!targmyop"\, file=0x55555590f7ae "op.c"\, line=3323\,   function=0x555555917080 \<__PRETTY_FUNCTION__.18940> "S_maybe_multiconcat") at assert.c​:101 #4 0x0000555555598b5b in S_maybe_multiconcat (o=0x555555b51400) at op.c​:3323 #5 0x0000555555599217 in S_optimize_op (o=0x555555b51400) at op.c​:3495 #6 0x00005555555990dd in Perl_optimize_optree (o=0x555555b513b0) at op.c​:3465 #7 0x0000555555598fca in S_process_optree (cv=0x0\, optree=0x555555b513b0\, start=0x555555b51510) at op.c​:3433 #8 0x00005555555a0dca in Perl_newPROG (o=0x555555b513b0) at op.c​:5388 #9 0x0000555555659589 in Perl_yyparse (gramtype=258) at perly.y​:125 #10 0x00005555555d92ea in S_parse_body (env=0x0\, xsinit=0x55555558e1d8 \<xs_init>) at perl.c​:2507 #11 0x00005555555d75bc in perl_parse (my_perl=0x555555b24260\, xsinit=0x55555558e1d8 \<xs_init>\, argc=2\, argv=0x7fffffffe1e8\, env=0x0) at perl.c​:1798 #12 0x000055555558e11b in main (argc=2\, argv=0x7fffffffe1e8\, env=0x7fffffffe200) at perlmain.c​:126

This is a regression in blead\, bisect points to

commit 0fe04e1dc741a43190e79a985fb0cec0493ebfe9 Author​: David Mitchell \davem@&#8203;iabyn\.com Date​: Wed Aug 29 14​:32​:24 2018 +0100

  multiconcat​: mutator not seen in (lex = ...) .= ...

  RT #133441

  TL;DR​:   (($lex = expr1.expr2) .= expr3) was being misinterpreted as   (expr1 . expr2 . expr3) when the ($lex = expr1) subtree had had the   assign op optimised away by the OPpTARGET_MY optimisation.

Perl Info ``` Flags: category=core severity=high Site configuration information for perl 5.29.9: Configured by dur-randir at Wed Feb 27 14:51:01 MSK 2019. Summary of my perl5 (revision 5 version 29 subversion 9) configuration: Commit id: c1e47bad34ce1d9c84ed57c9b8978bcbd5a02e98 Platform: osname=darwin osvers=13.4.0 archname=darwin-thread-multi-2level uname='darwin isengard.local 13.4.0 darwin kernel version 13.4.0: mon jan 11 18:17:34 pst 2016; root:xnu-2422.115.15~1release_x86_64 x86_64 ' config_args='-de -Dusedevel -DDEBUGGING -Dusethreads' hint=recommended useposix=true d_sigaction=define useithreads=define usemultiplicity=define use64bitint=define use64bitall=define uselongdouble=undef usemymalloc=n default_inc_excludes_dot=define bincompat5005=undef Compiler: cc='cc' ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -DPERL_USE_SAFE_PUTENV' optimize='-O3 -g' cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion='' gccversion='4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)' gccosandvers='' intsize=4 longsize=8 ptrsize=8 doublesize=8 byteorder=12345678 doublekind=3 d_longlong=define longlongsize=8 d_longdbl=define longdblsize=16 longdblkind=3 ivtype='long' ivsize=8 nvtype='double' nvsize=8 Off_t='off_t' lseeksize=8 alignbytes=8 prototype=define Linker and Libraries: ld='cc' ldflags =' -mmacosx-version-min=10.9 -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.0/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc perllibs=-lpthread -ldl -lm -lutil -lc libc= so=dylib useshrplib=false libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs dlext=bundle d_dlsymun=undef ccdlflags=' ' cccdlflags=' ' lddlflags=' -mmacosx-version-min=10.9 -bundle -undefined dynamic_lookup -L/usr/local/lib -fstack-protector' @INC for perl 5.29.9: lib /usr/local/lib/perl5/site_perl/5.29.9/darwin-thread-multi-2level /usr/local/lib/perl5/site_perl/5.29.9 /usr/local/lib/perl5/5.29.9/darwin-thread-multi-2level /usr/local/lib/perl5/5.29.9 Environment for perl 5.29.9: DYLD_LIBRARY_PATH (unset) HOME=/Users/dur-randir LANG=en_US.UTF-8 LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin PERLBREW_HOME=/Users/dur-randir/.perlbrew PERLBREW_MANPATH=/Users/dur-randir/perlbrew/perls/perl-5.22.1/man PERLBREW_PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin PERLBREW_PERL=perl-5.22.1 PERLBREW_ROOT=/Users/dur-randir/perlbrew PERLBREW_SHELLRC_VERSION=0.84 PERLBREW_VERSION=0.84 PERL_BADLANG (unset) SHELL=/usr/local/bin/zsh ```