p5pRT
commented
5 years ago From @dur-randir
Created by @dur-randir
While fuzzing perl v5.29.8-21-gde59f38ed9 built with afl and run under libdislocator\, I found the following program
use strict;END{{{{}}}}{END}END{e}
to cause an assertion failure:
perl: op.c:10342: CV *Perl_newATTRSUB_x(I32\, OP *\, OP *\, OP *\, OP *\, _Bool): Assertion `!cv || evanescent || SvREFCNT((SV*)cv) != 0' failed.
GDB stack trace is following:
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7c25535 in __GI_abort () at abort.c:79 #2 0x00007ffff7c2540f in __assert_fail_base (fmt=0x7ffff7d87ee0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n"\, assertion=0x555555914b58 "!cv || evanescent || SvREFCNT((SV*)cv) != 0"\, file=0x55555590f7ae "op.c"\, line=10342\, function=\<optimized out>) at assert.c:92 #3 0x00007ffff7c330f2 in __GI___assert_fail (assertion=0x555555914b58 "!cv || evanescent || SvREFCNT((SV*)cv) != 0"\, file=0x55555590f7ae "op.c"\, line=10342\, function=0x555555917750 \<__PRETTY_FUNCTION__.21155> "Perl_newATTRSUB_x") at assert.c:101 #4 0x00005555555b981c in Perl_newATTRSUB_x (floor=49\, o=0x555555b51af8\, proto=0x0\, attrs=0x0\, block=0x555555b51ce8\, o_is_gv=false) at op.c:10342 #5 0x0000555555659cd8 in Perl_yyparse (gramtype=258) at perly.y:289 #6 0x00005555555d92ea in S_parse_body (env=0x0\, xsinit=0x55555558e1d8 \<xs_init>) at perl.c:2507 #7 0x00005555555d75bc in perl_parse (my_perl=0x555555b24260\, xsinit=0x55555558e1d8 \<xs_init>\, argc=4\, argv=0x7fffffffe1a8\, env=0x0) at perl.c:1798 #8 0x000055555558e11b in main (argc=4\, argv=0x7fffffffe1a8\, env=0x7fffffffe1d0) at perlmain.c:126
This is a regression between 5.20 and 5.22\, bisect points to
commit a70f21d0d169a526a6bafd2465e01e1ca8d16234 Author: Father Chrysostomos \sprout@​cpan\.org Date: Mon Dec 8 21:59:22 2014 -0800
Fix OUTSIDE for named subs inside predeclared subs
Migrated from rt.perl.org#133887 (status was 'new')
Searchable as RT133887$