Closed ntyni closed 1 month ago
You don't even need an object:
$ perl -MPOSIX -e 'strftime(1, localtime());'
Out of memory in perl:util:safesysmalloc
$ perl -MPOSIX -e 'strftime(localtime());'
Out of memory in perl:util:safesysmalloc
225 croak_no_mem_ext(STR_WITH_LEN("util:safesysmalloc"));
(gdb) bt
#0 Perl_safesysmalloc (size=size@entry=187649992400162) at util.c:225
#1 0x00005555556ca07d in Perl_sv_grow_fresh (newlen=<optimized out>, sv=0x55555590a758) at sv.c:1488
#2 Perl_newSV (len=187649992400160) at sv.c:5815
#3 Perl_newSV (len=187649992400160) at sv.c:5807
#4 0x00005555555ef359 in S_sv_strftime_common (fmt=fmt@entry=0x55555591cea0, locale=locale@entry=0x5555559232f0 "de_DE.UTF-8", mytm=mytm@entry=0x7fffffffd700) at locale.c:8231
#5 0x00005555555f03e1 in Perl_sv_strftime_ints (fmt=fmt@entry=0x55555591cea0, sec=sec@entry=32, min=min@entry=53, hour=hour@entry=7, mday=mday@entry=11, mon=<optimized out>, year=124, isdst=-1) at locale.c:8194
#6 0x00007ffff7fa7894 in XS_POSIX_strftime (cv=<optimized out>) at /home/mauke/Projects/perl5/ext/POSIX/POSIX.xs:3609
#7 0x000055555564a34d in Perl_rpp_invoke_xs (cv=0x555555a02c80) at /home/mauke/Projects/perl5/inline.h:1177
#8 Perl_pp_entersub () at pp_hot.c:6515
#9 0x00005555556c57e3 in Perl_runops_standard () at run.c:41
#10 0x00005555555c37b5 in S_run_body (oldscope=<optimized out>) at perl.c:2865
#11 perl_run (my_perl=<optimized out>) at perl.c:2780
#12 0x000055555559c272 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:127
The error comes from this line in locale.c:
SV* sv = newSV(MAX(SvCUR(fmt) * 2, 64));
The len=187649992400160
mentioned above is exactly SvCUR(fmt) * 2
. Presumably SvCUR
isn't valid if the SV isn't actually a string.
Also,
$ perl -Ilib -MPOSIX -wE 'say strftime(undef, localtime());'
Segmentation fault
straight up dereferences a null pointer.
This is a bug report for perl from ntyni@debian.org, generated with the help of perlbug 1.43 running under perl 5.41.3.
Description
We're seeing a regression in the Tickit-Console test suite with Perl 5.40.0, tracked as https://bugs.debian.org/1078152 . I got it down to an issue in POSIX::strftime(), which crashes with a blessed format on 5.40.0 and current blead.
Bisection shows it regressed with v5.39.7-73-g1957c60d05:
Steps to Reproduce
On blead with DEBUGGING:
Expected behavior
No crash.
Flags
severity=medium
Perl configuration
Configured by ntyni at Sun Aug 11 06:06:56 BST 2024.
Summary of my perl5 (revision 5 version 41 subversion 3) configuration: Commit id: edf2fff56f98dc54047777f039e24c6d91b56d35 Platform: osname=linux osvers=6.9.7-amd64 archname=x86_64-linux uname='linux carme 6.9.7-amd64 #1 smp preempt_dynamic debian 6.9.7-1 (2024-06-27) x86_64 gnulinux ' config_args='-des -Dusedevel -DDEBUGGING' hint=recommended useposix=true d_sigaction=define useithreads=undef usemultiplicity=undef use64bitint=define use64bitall=define uselongdouble=undef usemymalloc=n default_inc_excludes_dot=define Compiler: cc='cc' ccflags ='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2' optimize='-O2 -g' cppflags='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='' gccversion='13.3.0' gccosandvers='' intsize=4 longsize=8 ptrsize=8 doublesize=8 byteorder=12345678 doublekind=3 d_longlong=define longlongsize=8 d_longdbl=define longdblsize=16 longdblkind=3 ivtype='long' ivsize=8 nvtype='double' nvsize=8 Off_t='off_t' lseeksize=8 alignbytes=8 prototype=define Linker and Libraries: ld='cc' ldflags =' -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/x86_64-linux-gnu /usr/lib /usr/lib64 libs=-lpthread -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -ldl -lm -lcrypt -lutil -lc libc=/lib/x86_64-linux-gnu/libc.so.6 so=so useshrplib=false libperl=libperl.a gnulibc_version='2.38' Dynamic Linking: dlsrc=dl_dlopen.xs dlext=so d_dlsymun=undef ccdlflags='-Wl,-E' cccdlflags='-fPIC' lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector-strong'
@INC for perl 5.41.3: lib /usr/local/lib/perl5/site_perl/5.41.3/x86_64-linux /usr/local/lib/perl5/site_perl/5.41.3 /usr/local/lib/perl5/5.41.3/x86_64-linux /usr/local/lib/perl5/5.41.3
Environment for perl 5.41.3: HOME=/home/ntyni LANG=en_GB.UTF-8 LANGUAGE=en_GB:en LC_CTYPE=fi_FI.UTF-8 LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/local/bin:/usr/bin:/bin:/usr/games PERL_BADLANG (unset) SHELL=/bin/zsh