Assertion failure in S_regmatch (regexec.c: 6493)

[p5pRT]

Migrated from rt.perl.org#134083 (status was 'new')

Searchable as RT134083$

[p5pRT]

From @dur-randir

Created by @dur-randir

While fuzzing perl v5.29.10-23-g7c0d7520a3 built with afl and run under libdislocator\, I found the following program

use utf8; eval"\320\200 f'\r\r0'=~'\\R??\r0'"

to cause an assertion failure

perl​: regexec.c​:6493​: S_regmatch​: Assertion `n == REG_INFTY || locinput == li' failed.

GDB stack trace is following

#0 __GI_raise (sig=sig@​entry=6) at ../sysdeps/unix/sysv/linux/raise.c​:50 #1 0x00007ffff7c48535 in __GI_abort () at abort.c​:79 #2 0x00007ffff7c4840f in __assert_fail_base (fmt=0x7ffff7daaee0 "%s%s%s​:%u​: %s%sAssertion `%s' failed.\n%n"\,   assertion=0x555555796fc0 "n == REG_INFTY || locinput == li"\, file=0x555555795f88 "regexec.c"\, line=6493\, function=\) at assert.c​:92 #3 0x00007ffff7c560f2 in __GI___assert_fail (assertion=assertion@​entry=0x555555796fc0 "n == REG_INFTY || locinput == li"\,   file=file@​entry=0x555555795f88 "regexec.c"\, line=line@​entry=6493\, function=function@​entry=0x555555798b08 \<__PRETTY_FUNCTION__.14818> "S_regmatch")   at assert.c​:101 #4 0x000055555570670c in S_regmatch (prog=\\, startpos=0x555555a00a10 "\r\r0"\, reginfo=0x7fffffffddb0) at regexec.c​:6493 #5 S_regtry (reginfo=reginfo@​entry=0x7fffffffddb0\, startposp=startposp@​entry=0x7fffffffdd98) at regexec.c​:3200 #6 0x0000555555711530 in Perl_regexec_flags (rx=0x5555559f4c20\, stringarg=0x555555a00a10 "\r\r0"\, strend=0x555555a00a13 ""\, strbeg=0x555555a00a10 "\r\r0"\,   minend=\\, sv=0x5555559f4b60\, data=0x0\, flags=97) at regexec.c​:2917 #7 0x0000555555656e29 in Perl_pp_match () at pp_hot.c​:1446 #8 0x000055555562aa8a in Perl_runops_debug () at dump.c​:2427 #9 0x00005555555ae109 in S_run_body (oldscope=1) at perl.c​:2456 #10 perl_run (my_perl=\) at perl.c​:2372 #11 0x0000555555582b1f in main (argc=\\, argv=\<optimized out>\, env=\) at perlmain.c​:114

This is a regression between 5.18 and 5.20\, bisect points to

commit b24b43f7631ee39f0260fc7bba01dd65715f5aff (HEAD\, refs/bisect/bad) Author​: Karl Williamson \public@&#8203;khwilliamson\.com Date​: Mon Jan 6 13​:41​:46 2014 -0700

  IDStart and IDCont no longer go out to disk

  These are the base names for various macros used in parsing identifiers.   Prior to this patch\, parsing a code point above Latin1 caused loading   disk files. This patch causes all the information to be compiled into   the Perl binary.

Perl Info

``` Flags: category=core severity=medium Site configuration information for perl 5.29.9: Configured by dur-randir at Wed Feb 27 14:51:01 MSK 2019. Summary of my perl5 (revision 5 version 29 subversion 9) configuration: Commit id: c1e47bad34ce1d9c84ed57c9b8978bcbd5a02e98 Platform: osname=darwin osvers=13.4.0 archname=darwin-thread-multi-2level uname='darwin isengard.local 13.4.0 darwin kernel version 13.4.0: mon jan 11 18:17:34 pst 2016; root:xnu-2422.115.15~1release_x86_64 x86_64 ' config_args='-de -Dusedevel -DDEBUGGING -Dusethreads' hint=recommended useposix=true d_sigaction=define useithreads=define usemultiplicity=define use64bitint=define use64bitall=define uselongdouble=undef usemymalloc=n default_inc_excludes_dot=define bincompat5005=undef Compiler: cc='cc' ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -DPERL_USE_SAFE_PUTENV' optimize='-O3 -g' cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion='' gccversion='4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)' gccosandvers='' intsize=4 longsize=8 ptrsize=8 doublesize=8 byteorder=12345678 doublekind=3 d_longlong=define longlongsize=8 d_longdbl=define longdblsize=16 longdblkind=3 ivtype='long' ivsize=8 nvtype='double' nvsize=8 Off_t='off_t' lseeksize=8 alignbytes=8 prototype=define Linker and Libraries: ld='cc' ldflags =' -mmacosx-version-min=10.9 -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.0/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc perllibs=-lpthread -ldl -lm -lutil -lc libc= so=dylib useshrplib=false libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs dlext=bundle d_dlsymun=undef ccdlflags=' ' cccdlflags=' ' lddlflags=' -mmacosx-version-min=10.9 -bundle -undefined dynamic_lookup -L/usr/local/lib -fstack-protector' @INC for perl 5.29.9: lib /usr/local/lib/perl5/site_perl/5.29.9/darwin-thread-multi-2level /usr/local/lib/perl5/site_perl/5.29.9 /usr/local/lib/perl5/5.29.9/darwin-thread-multi-2level /usr/local/lib/perl5/5.29.9 Environment for perl 5.29.9: DYLD_LIBRARY_PATH (unset) HOME=/Users/dur-randir LANG=en_US.UTF-8 LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin PERLBREW_HOME=/Users/dur-randir/.perlbrew PERLBREW_MANPATH=/Users/dur-randir/perlbrew/perls/perl-5.22.1/man PERLBREW_PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.22.1/bin PERLBREW_PERL=perl-5.22.1 PERLBREW_ROOT=/Users/dur-randir/perlbrew PERLBREW_SHELLRC_VERSION=0.84 PERLBREW_VERSION=0.84 PERL_BADLANG (unset) SHELL=/usr/local/bin/zsh ```