On Wed May 18 16:59:31 2016, dcollinsn@gmail.com wrote:
Greetings Porters,
I have compiled bleadperl with the afl-gcc compiler using:
./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache
afl-gcc' -Uuselongdouble -Duse64bitall -Doptimize=-g -Uversiononly
-Uman1dir -Uman3dir -Dusequadmath -des
AFL_HARDEN=1 make && make test
And then fuzzed the resulting binary using:
AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@
After reducing testcases using `afl-tmin` and performing additional
minimization by hand, I have located the following testcase that
triggers an assert fail in debugging builds of the perl interpreter.
The testcase is the file below. On normal builds, this exits with the
expected error. On debug builds, this returns an assert fail.
dcollins@nightshade64:~$ cat f3i1
0=\my%u:e=0dcollins@nightshade64:~$
dcollins@nightshade64:~$ od -c f3i1
0000000 0 = \ m y % u : e = 0
0000013
dcollins@nightshade64:~$ ls -l f3i1
-rw-r----- 1 dcollins afl 11 May 18 17:01 f3i1
dcollins@nightshade64:~$ ./perl/perl f3i1
Can't modify reference to subroutine entry in list assignment at f3i1
line 1, at EOF
Execution of f3i1 aborted due to compilation errors.
dcollins@nightshade64:~$ ./perldebug/perl f3i1
perl: op.c:2758: S_lvref: Assertion `(kid->op_flags & 3) != 1' failed.
Aborted
Greetings Porters,
I have compiled bleadperl with the afl-gcc compiler using:
./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache
afl-gcc' -Uuselongdouble -Duse64bitall -Doptimize=-g -Uversiononly
-Uman1dir -Uman3dir -Dusequadmath -des
AFL_HARDEN=1 make && make test
And then fuzzed the resulting binary using:
AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @@
After reducing testcases using `afl-tmin` and performing additional
minimization by hand, I have located the following testcase that
triggers an assert fail in debugging builds of the perl interpreter.
The testcase is the file below. On normal builds, this exits with the
expected error. On debug builds, this returns an assert fail.
dcollins@nightshade64:~$ cat f3i1
0=\my%u:e=0dcollins@nightshade64:~$
dcollins@nightshade64:~$ od -c f3i1
0000000 0 = \ m y % u : e = 0
0000013
dcollins@nightshade64:~$ ls -l f3i1
-rw-r----- 1 dcollins afl 11 May 18 17:01 f3i1
dcollins@nightshade64:~$ ./perl/perl f3i1
Can't modify reference to subroutine entry in list assignment at f3i1
line 1, at EOF
Execution of f3i1 aborted due to compilation errors.
dcollins@nightshade64:~$ ./perldebug/perl f3i1
perl: op.c:2758: S_lvref: Assertion `(kid->op_flags & 3) != 1' failed.
Aborted
$ ./perl -Ilib -e '\my %x:e = 1'
Assertion failed: ((kid->op_flags & OPf_WANT) != OPf_WANT_VOID), function S_lvref, file op.c, line 2758.
Abort trap: 6
$ ./perl -Ilib -e '\CORE::state %x :e = 1'
Assertion failed: ((kid->op_flags & OPf_WANT) != OPf_WANT_VOID), function S_lvref, file op.c, line 2758.
Abort trap: 6
$ ./perl -Ilib -XMfeature=:all -e 'sub MODIFY_HASH_ATTRIBUTES{} \our %x:e = \%a; print "ok\n"'
ok
The last one works, because the attribute does not modify the op tree with ‘our’.
--
Father Chrysostomos
---
via perlbug: queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=128183