FAQ
# New Ticket Created by Jeff Lavallee
# Please include the string: [perl #73516]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=73516 >



This is a bug report for perl from jeff@zeroclue.com,
generated with the help of perlbug 1.36 running under perl 5.10.0.

Cc: jeff@zeroclue.com
Subject: regex causes segfault in perl-5.10.1 on OpenBSD
Message-Id: <5.10.1_10844_1268329416@zeroclue.com>
Reply-To: jeff@zeroclue.com
To: perlbug@perl.org


This is a bug report for perl from jeff@zeroclue.com,
generated with the help of perlbug 1.39 running under perl 5.10.1.


-----------------------------------------------------------------
[Please describe your issue here]

The following regex causes perl-5.10.1 to segfault on OpenBSD:

my $msg = "\x{201C}Go figure\x{201D}";
$msg =~ s{((?:ev|b))}{$1}i;


jeff@minimunch:~ $ perl -e 'my $msg = "\x{201C}Go figure\x{201D}"; $msg =~ s{((?:ev|b))}{$1}i;'
Segmentation fault (core dumped)

jeff@minimunch:~ $ uname -a
OpenBSD minimunch.int.zeroclue.org 4.5 GENERIC#1749 i386


This was uncovered by a failing test case in SVN::Notify 2.80. From a debugging session:

DB<1>
SVN::Notify::HTML::output_log_message(lib/SVN/Notify/HTML.pm:382):
382: $url = encode_entities($url, '<>&"');
DB<1>
SVN::Notify::HTML::output_log_message(lib/SVN/Notify/HTML.pm:383):
383: $msg =~ s{\b((?:rev(?:ision)?\s*#?\s*|r)(\d+))\b}{sprintf qq{<a href="$url">$1</a>}, $2}ige;
DB<1>
SVN::Notify::HTML::output_log_message(/usr/local/lib/perl5/5.10.1/Carp.pm:28):
28: sub longmess { goto &longmess_jmp }


It appears to be due to Unicode and the non-capturing grouping.

It can also be triggered with actual UTF-8 characters in the source:

use utf8; my $msg = "“Go figure”";
$msg =~ s{((?:ev|b))}{$1}i;



[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=core
severity=medium
---
Site configuration information for perl 5.10.1:

Configured by jeff at Thu Sep 3 22:05:05 PDT 2009.

Summary of my perl5 (revision 5 version 10 subversion 1) configuration:

Platform:
osname=openbsd, osvers=4.5, archname=OpenBSD.i386-openbsd-64int
uname='openbsd minimunch.int.zeroclue.org 4.5 generic#1749 i386 '
config_args=''
hint=recommended, useposix=true, d_sigaction=define
useithreads=undef, usemultiplicity=undef
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=undef, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include',
optimize='-O2',
cppflags='-fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
ccversion='', gccversion='3.3.5 (propolice)', gccosandvers='openbsd4.5'
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='cc', ldflags ='-Wl,-E -fstack-protector -L/usr/local/lib'
libpth=/usr/local/lib /usr/lib
libs=-lgdbm -lm -lutil -lc
perllibs=-lm -lutil -lc
libc=/usr/lib/libc.so.50.1, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version=''
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
cccdlflags='-DPIC -fPIC ', lddlflags='-shared -fPIC -L/usr/local/lib -fstack-protector'

Locally applied patches:


---
@INC for perl 5.10.1:
/usr/local/lib/perl5/5.10.1/OpenBSD.i386-openbsd-64int
/usr/local/lib/perl5/5.10.1
/usr/local/lib/perl5/site_perl/5.10.1/OpenBSD.i386-openbsd-64int
/usr/local/lib/perl5/site_perl/5.10.1
.

---
Environment for perl 5.10.1:
HOME=/home/jeff
LANG (unset)
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/home/jeff/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
PERL_BADLANG (unset)
SHELL=/usr/local/bin/bash
---
Flags:
category=core
severity=medium
---
Site configuration information for perl 5.10.0:

Configured by jeff at Sat Nov 22 17:09:46 EST 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
Platform:
osname=linux, osvers=2.6.18.8, archname=i686-linux
uname='linux li48-252 2.6.18.8-linode10 #2 smp sat jul 19 20:24:32 edt 2008 i686 gnulinux '
config_args=''
hint=recommended, useposix=true, d_sigaction=define
useithreads=undef, usemultiplicity=undef
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=undef, use64bitall=undef, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2',
cppflags='-fno-strict-aliasing -pipe -I/usr/local/include'
ccversion='', gccversion='4.1.2 20061115 (prerelease) (Debian 4.1.1-21)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.3.6.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.3.6'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib'

Locally applied patches:


---
@INC for perl 5.10.0:
/usr/local/lib/perl5/5.10.0/i686-linux
/usr/local/lib/perl5/5.10.0
/usr/local/lib/perl5/site_perl/5.10.0/i686-linux
/usr/local/lib/perl5/site_perl/5.10.0
.

---
Environment for perl 5.10.0:
HOME=/home/jeff
LANG=en_US.UTF-8
LANGUAGE (unset)
LC_CTYPE=en_US.UTF-8
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/home/jeff/.bin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/local/mysql/bin:/usr/X11R6/bin:/bin:/opt/local/bin:/usr/local/git/bin:/home/jeff/.cabal/bin
PERL_BADLANG (unset)
SHELL=/bin/bash

Search Discussions

  • Michael G Schwern at Mar 12, 2010 at 5:04 pm

    Jeff Lavallee (via RT) wrote:
    jeff@minimunch:~ $ perl -e 'my $msg = "\x{201C}Go figure\x{201D}"; $msg =~ s{((?:ev|b))}{$1}i;'
    Segmentation fault (core dumped)
    As a data point, I cannot reproduce this on OS X 10.6 with 5.11.5, 5.10.1,
    5.10.0 nor 5.8.9. perl -V's attached.

    --
    The past has a vote, but not a veto.
    -- Mordecai M. Kaplan
  • David E. Wheeler at Mar 12, 2010 at 5:46 pm

    On Mar 12, 2010, at 9:03 AM, Michael G Schwern wrote:

    As a data point, I cannot reproduce this on OS X 10.6 with 5.11.5, 5.10.1, 5.10.0 nor 5.8.9. perl -V's attached.
    Yes, it seems specific to OpenBSD, as SVN::Notify passes all tests on other platforms.

    Best,

    David
  • Dave Mitchell at Mar 13, 2010 at 1:21 pm

    On Fri, Mar 12, 2010 at 09:45:48AM -0800, David E. Wheeler wrote:
    On Mar 12, 2010, at 9:03 AM, Michael G Schwern wrote:

    As a data point, I cannot reproduce this on OS X 10.6 with 5.11.5, 5.10.1, 5.10.0 nor 5.8.9. perl -V's attached.
    Yes, it seems specific to OpenBSD, as SVN::Notify passes all tests on other platforms.
    On Linux, I can get valgrind to complain with 5.10.1 and 5.11.0, but not
    5.11.4, 5.11.5 or bleed, so it may have been fixed

    This is perl, v5.10.1 (*) built for i686-linux-thread-multi

    ==8213== Invalid read of size 2
    ==8213== at 0x8292889: S_find_byclass (regexec.c:1629)
    ==8213== by 0x82952C0: Perl_regexec_flags (regexec.c:2087)
    ==8213== by 0x817C8AE: Perl_pp_subst (pp_hot.c:2159)
    ==8213== by 0x8131F19: Perl_runops_debug (dump.c:1968)
    ==8213== by 0x808885F: S_run_body (perl.c:2431)
    ==8213== by 0x8087CD4: perl_run (perl.c:2349)
    ==8213== by 0x80600C1: main (perlmain.c:117)
    ==8213== Address 0x40e00c0 is 1,776 bytes inside a block of size 4,012 free'd
    ==8213== at 0x4005BCA: free (vg_replace_malloc.c:323)
    ==8213== by 0x8132DD2: Perl_safesysfree (util.c:262)
    ==8213== by 0x80ABA46: Perl_parser_free (toke.c:764)
    ==8213== by 0x82116C2: Perl_leave_scope (scope.c:1084)
    ==8213== by 0x820BFCF: Perl_pop_scope (scope.c:104)
    ==8213== by 0x8233072: Perl_pp_leaveeval (pp_ctl.c:3751)
    ==8213== by 0x8131F19: Perl_runops_debug (dump.c:1968)
    ==8213== by 0x8089B3A: Perl_call_sv (perl.c:2717)
    ==8213== by 0x8093AA8: Perl_call_list (perl.c:5264)
    ==8213== by 0x8074BF2: S_process_special_blocks (op.c:5864)
    ==8213== by 0x807492A: Perl_newATTRSUB (op.c:5835)
    ==8213== by 0x806BB9F: Perl_utilize (op.c:3878)

    --
    The Enterprise's efficient long-range scanners detect a temporal vortex
    distortion in good time, allowing it to be safely avoided via a minor
    course correction.
    -- Things That Never Happen in "Star Trek" #21

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupperl5-porters @
categoriesperl
postedMar 11, '10 at 6:07p
activeMar 13, '10 at 1:21p
posts4
users4
websiteperl.org

People

Translate

site design / logo © 2022 Grokbase