Description
This is a bug report for perl from sergey.aleynikov@gmail.com,
generated with the help of perlbug 1.41 running under perl 5.31.7.
[Please describe your issue here]
While fuzzing perl v5.31.6-158-gdca9f615c2 built with afl and run
under libdislocator, I found the following program
q0=~/0|\p{__::Is0}/
to trigger heap-buffer-overflow ASAN diagnostic:
==9652==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001457 at pc 0x00000081aca6 bp 0x7fff2e97d890 sp 0x7fff2e97d888
READ of size 1 at 0x602000001457 thread T0
#0 0x81aca5 in match_uniprop /home/afl/afl-runner/./uni_keywords.h:7219:14
#1 0x81aca5 in Perl_parse_uniprop_string /home/afl/afl-runner/regcomp.c:24024
#2 0x80a994 in Perl_handle_user_defined_property /home/afl/afl-runner/regcomp.c:22935:27
#3 0x807f98 in Perl__get_regclass_nonbitmap_data /home/afl/afl-runner/regcomp.c:19744:44
#4 0xcf0d40 in S_reginclass /home/afl/afl-runner/regexec.c:10247:30
#5 0xd0913e in S_regmatch /home/afl/afl-runner/regexec.c
#6 0xcecefa in S_regtry /home/afl/afl-runner/regexec.c:4029:14
#7 0xcad3f0 in Perl_regexec_flags /home/afl/afl-runner/regexec.c:3892:7
#8 0x9d47a8 in Perl_pp_match /home/afl/afl-runner/pp_hot.c:3014:10
#9 0x8e34da in Perl_runops_debug /home/afl/afl-runner/dump.c:2571:23
#10 0x61e34c in S_run_body /home/afl/afl-runner/perl.c
#11 0x61d7b8 in perl_run /home/afl/afl-runner/perl.c:2709:2
#12 0x5352f3 in main /home/afl/afl-runner/perlmain.c:134:9
#13 0x7fac353f309a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
#14 0x43ccb9 in _start (/home/afl/afl-runner/perl+0x43ccb9)
This is a regression in blead, bisect points to
commit 1c2f3d7
Author: Karl Williamson khw@cpan.org
Date: Sun Dec 8 12:16:29 2019 -0700
PATCH GH #17025 \p{user-defined} overrides official Unicode
Prior to this patch, they only sometimes overrode.
[Please do not change anything below this line]
Flags:
category=core
severity=medium
Site configuration information for perl 5.31.7:
Configured by root at Tue Dec 17 21:38:32 MSK 2019.
Summary of my perl5 (revision 5 version 31 subversion 7) configuration:
Derived from: dca9f61
Platform:
osname=linux
osvers=4.19.0-6-amd64
archname=x86_64-linux
uname='linux dorothy 4.19.0-6-amd64 #1 smp debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 gnulinux '
config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-std=c99 -O3 -funroll-loops -g'
hint=previous
useposix=true
d_sigaction=undef
useithreads=undef
usemultiplicity=undef
use64bitint=define
use64bitall=define
uselongdouble=undef
usemymalloc=n
default_inc_excludes_dot=define
bincompat5005=undef
Compiler:
cc='afl-clang-fast'
ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
optimize='-std=c99 -O3 -funroll-loops -g'
cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
ccversion=''
gccversion='4.2.1 Compatible Clang 6.0.1 (tags/RELEASE_601/final)'
gccosandvers=''
intsize=4
longsize=8
ptrsize=8
doublesize=8
byteorder=12345678
doublekind=3
d_longlong=define
longlongsize=8
d_longdbl=define
longdblsize=16
longdblkind=3
ivtype='long'
ivsize=8
nvtype='double'
nvsize=8
Off_t='off_t'
lseeksize=8
alignbytes=8
prototype=define
Linker and Libraries:
ld='afl-clang-fast'
ldflags =' -fstack-protector-strong -L/usr/local/lib'
libpth=/usr/local/lib /usr/lib/llvm-6.0/lib/clang/6.0.1/lib /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/local/lib /usr/lib/llvm-6.0/lib/clang/6.0.1/lib /usr/include/x86_64-linux-gnu /usr/lib
libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
libc=libc-2.28.so
so=so
useshrplib=false
libperl=libperl.a
gnulibc_version='2.28'
Dynamic Linking:
dlsrc=dl_dlopen.xs
dlext=so
d_dlsymun=undef
ccdlflags='-Wl,-E'
cccdlflags='-fPIC'
lddlflags='-shared -std=c99 -O3 -funroll-loops -g -L/usr/local/lib -fstack-protector-strong'
Locally applied patches:
uncommitted-changes
@inc for perl 5.31.7:
lib
/usr/local/lib/perl5/site_perl/5.31.7/x86_64-linux
/usr/local/lib/perl5/site_perl/5.31.7
/usr/local/lib/perl5/5.31.7/x86_64-linux
/usr/local/lib/perl5/5.31.7
Environment for perl 5.31.7:
HOME=/home/afl
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_CTYPE=en_US.UTF-8
LC_TIME=C
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.20.2/bin:/opt/local/bin:/usr/texbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PERLBREW_BASHRC_VERSION=0.78
PERLBREW_HOME=/home/afl/.perlbrew
PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.20.2/man
PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.20.2/bin
PERLBREW_PERL=perl-5.20.2
PERLBREW_ROOT=/home/afl/perlbrew
PERLBREW_VERSION=0.78
PERL_BADLANG (unset)
SHELL=/usr/bin/zsh