search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.99k stars 557 forks source link

Segmentation fault on return from regex #7166

Closed p5pRT closed 15 years ago

p5pRT commented 20 years ago

Migrated from rt.perl.org#27595 (status was 'resolved')

Searchable as RT27595$

p5pRT commented 20 years ago

From @jlokier

Created by @jlokier

Very simple program​:

$ perl -e 'sub foo { /(?{ return })/ } for (1..8) { foo; }' Segmentation fault

The number of iterations makes a difference. For this program\, with 1..7 I get no segmentation fault. If I put C\ at the start\, I get a segmentation fault with 1..7 but not 1..6.

If you're not seeing the segmentation fault\, try using a large number of iterations like a million.

I think I've seen similar crashes using C\\, which is actually useful for aborting regexes without backtracking\, and for making parsers where the code for actions is embedded in the regex. Unfortunately I don't have a handy test case for C\.

Here's an interesting variant​:

$ perl -le 'sub foo { print scalar (/(?{ return })/) } for (1..8) { foo; }' 81 81 81 81 81 81 81 81 Segmentation fault

Where does the 81 come from?

Another​:

$ perl -le 'sub foo { print scalar (/(?{ return })/)+1 } for (1..20) { foo; }' 202 202 202 202 202 202 202

That one doesn't crash\, but continues running without printing anything.

Another​:

$ perl -le 'sub foo { print 1+scalar (/(?{ return })/) } for (1..20) { foo; }' 201 202 203 204 205 206 207

That also keeps running without printing anything more.

-- Jamie

Perl Info ``` Flags: category=core severity=high Site configuration information for perl v5.8.0: Configured by bhcompile' cf_email='bhcompile at Wed Aug 13 11:45:59 EDT 2003. Summary of my rderl (revision 5.0 version 8 subversion 0) configuration: Platform: osname=linux, osvers=2.4.21-1.1931.2.382.entsmp, archname=i386-linux-thread-multi uname='linux str' config_args='-des -Doptimize=-O2 -g -pipe -march=i386 -mcpu=i686 -Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Dotherlibdirs=/usr/lib/perl5/5.8.0 -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr' hint=recommended, useposix=true, d_sigaction=define usethreads=define use5005threads=undef' useithreads=define usemultiplicity= useperlio= d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=un uselongdouble= usemymalloc=, bincompat5005=undef Compiler: cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm', optimize='', cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -I/usr/include/gdbm' ccversion='', gccversion='3.2.2 20030222 (Red Hat Linux 3.2.2-5)', gccosandvers='' gccversion='3.2.2 200302' intsize=r, longsize=r, ptrsize=5, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long' k', ivsize=4' ivtype='l, nvtype='double' o_nonbl', nvsize=, Off_t='', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='gcc' l', ldflags =' -L/u' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lgdbm -ldb -ldl -lm -lpthread -lc -lcrypt -lutil perllibs= libc=/lib/libc-2.3.2.so, so=so, useshrplib=true, libperl=libper gnulibc_version='2.3.2' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so', d_dlsymun=undef, ccdlflags='-rdynamic -Wl,-rpath,/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE' cccdlflags='-fPIC' ccdlflags='-rdynamic -Wl,-rpath,/usr/lib/perl5', lddlflags='s Unicode/Normalize XS/A' Locally applied patches: MAINT18379 @INC for perl v5.8.0: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 . Environment for perl v5.8.0: HOME=/home/jamie LANG=en_GB.UTF-8 LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/jamie/bin PERL_BADLANG (unset) SHELL=/bin/bash dlflags='-share (unset) ```
p5pRT commented 20 years ago

From philippe.verdret@xps-pro.com

I think I've seen similar crashes using C\\, which is actually useful for aborting regexes without backtracking\, and for making parsers where the code for actions is embedded in the regex. Unfortunately I don't have a handy test case for C\.

Here is a little example of a 'die' crash​:

my $a = qr{A}; my $c = qr{$a }; my $d = qr{B};

"abcd" =~ m{(?{ die })}x;

But the following doesn't crash​:

my $a = qr{A}; my $c = qr{$a}; # \<- my $d = qr{B};

"abcd" =~ m{(?{ die })}x;

Philippe

Summary of my perl5 (revision 5 version 8 subversion 3) configuration​:   Platform​:   osname=MSWin32\, osvers=4.0\, archname=MSWin32-x86-multi-thread   uname=''   config_args='undef'   hint=recommended\, useposix=true\, d_sigaction=undef   usethreads=undef use5005threads=undef useithreads=define usemultiplicity=define   useperlio=define d_sfio=undef uselargefiles=define usesocks=undef   use64bitint=undef use64bitall=undef uselongdouble=undef   usemymalloc=n\, bincompat5005=undef   Compiler​:   cc='cl'\, ccflags ='-nologo -Gf -W3 -MD -Zi -DNDEBUG -O1 -DWIN32 -D_CONSOLE -DNO_STRICT -DHAVE _DES_FCRYPT -DNO_HASH_SEED -DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO -DPERL_MSVCRT_READF IX'\,   optimize='-MD -Zi -DNDEBUG -O1'\,   cppflags='-DWIN32'   ccversion=''\, gccversion=''\, gccosandvers=''   intsize=4\, longsize=4\, ptrsize=4\, doublesize=8\, byteorder=1234   d_longlong=undef\, longlongsize=8\, d_longdbl=define\, longdblsize=10   ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='__int64'\, lseeksize=8   alignbytes=8\, prototype=define   Linker and Libraries​:   ld='link'\, ldflags '-nologo -nodefaultlib -debug -opt​:ref\,icf -libpath​:"C​:\Perl\lib\CORE" -ma chine​:x86'   libpth=C​:\PROGRA~1\MICROS~3\VC98\lib   libs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleau t32.lib netapi32.lib uuid.lib wsock32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib   perllibs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib o leaut32.lib netapi32.lib uuid.lib wsock32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib   libc=msvcrt.lib\, so=dll\, useshrplib=yes\, libperl=perl58.lib   gnulibc_version='undef'   Dynamic Linking​:   dlsrc=dl_win32.xs\, dlext=dll\, d_dlsymun=undef\, ccdlflags=' '   cccdlflags=' '\, lddlflags='-dll -nologo -nodefaultlib -debug -opt​:ref\,icf -libpath​:"C​:\Perl \lib\CORE" -machine​:x86'

Characteristics of this binary (from libperl)​:   Compile-time options​: MULTIPLICITY USE_ITHREADS USE_LARGE_FILES PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS   Locally applied patches​:   ActivePerl Build 809   22218 Remove the caveat about detached threads crashing on Windows   22201 Avoid threads+win32 crash by freeing Perl interpreter slightly later   22169 Display 'out of memeory' errors using low-level I/O   22159 Upgrade to Time​::Hires 1.55   22120 Make 'Configure -Dcf_by=...' work   22051 Upgrade to Time​::HiRes 1.54   21540 Fix backward-compatibility issues in if.pm   Built under MSWin32   Compiled at Feb 3 2004 00​:28​:51   @​INC​:   c​:/Perl/lib   c​:/Perl/site/lib   .

p5pRT commented 20 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 15 years ago

From @obra

I've verified that this is fixed in 5.10.0 and 5.11.0.

p5pRT commented 15 years ago

@obra - Status changed from 'open' to 'resolved'