Description
This is a bug report for perl from sergey.aleynikov@gmail.com,
generated with the help of perlbug 1.41 running under perl 5.31.6.
[Please describe your issue here]
While fuzzing perl v5.31.5-213-g9bec17d7c built with afl and run
under libdislocator, I found the following program
0=~/(?iaa)ss\337(?0)|/
to cause an assertion failure on debugging builds
perl: regcomp.c:2837: S_make_trie: Assertion `*uc != LATIN_SMALL_LETTER_SHARP_S' failed.
GDB stack strace is
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7c24535 in __GI_abort () at abort.c:79
#2 0x00007ffff7c2440f in __assert_fail_base (fmt=0x7ffff7d86ee0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x555555ad8820 "*uc != LATIN_SMALL_LETTER_SHARP_S", file=0x555555ad7fd0 "regcomp.c", line=2837, function=) at assert.c:92
#3 0x00007ffff7c32102 in __GI___assert_fail (assertion=0x555555ad8820 "*uc != LATIN_SMALL_LETTER_SHARP_S", file=0x555555ad7fd0 "regcomp.c", line=2837,
function=0x555555afb2a0 <PRETTY_FUNCTION.21458> "S_make_trie") at assert.c:101
#4 0x0000555555685ed4 in S_make_trie (pRExC_state=0x7fffffffd620, startbranch=0x555555c121ec, first=0x555555c121ec, last=0x555555c1220c,
tail=0x555555c1220c, word_count=2, flags=45, depth=3) at regcomp.c:2837
#5 0x0000555555695962 in S_study_chunk (pRExC_state=0x7fffffffd620, scanp=0x7fffffffce68, minlenp=0x7fffffffd398, deltap=0x7fffffffce88,
last=0x555555c1220c, data=0x7fffffffd1f0, stopparen=0, recursed_depth=1, and_withp=0x0, flags=8192, depth=2) at regcomp.c:5059
#6 0x000055555569480b in S_study_chunk (pRExC_state=0x7fffffffd620, scanp=0x7fffffffd390, minlenp=0x7fffffffd398, deltap=0x7fffffffd3b8,
last=0x555555c12210, data=0x7fffffffd9b0, stopparen=-1, recursed_depth=0, and_withp=0x0, flags=10240, depth=0) at regcomp.c:4696
#7 0x00005555556a61c6 in Perl_re_op_compile (patternp=0x0, pat_count=1, expr=0x555555c10840, eng=0x555555bd8d20 <PL_core_reg_engine>, old_re=0x0,
is_bare_re=0x0, orig_rx_flags=0, pm_flags=0) at regcomp.c:8253
#8 0x00005555555bd043 in Perl_pmruntime (o=0x555555c10878, expr=0x555555c10840, repl=0x0, flags=1, floor=0) at op.c:8168
#9 0x0000555555672b09 in Perl_yyparse (gramtype=258) at perly.y:1260
#10 0x00005555555f0088 in S_parse_body (env=0x0, xsinit=0x5555555a120f <xs_init>) at perl.c:2601
#11 0x00005555555ee34c in perl_parse (my_perl=0x555555be3260, xsinit=0x5555555a120f <xs_init>, argc=3, argv=0x7fffffffe1b8, env=0x0) at perl.c:1892
#12 0x00005555555a114d in main (argc=3, argv=0x7fffffffe1b8, env=0x7fffffffe1d8) at perlmain.c:132
This is a regression between 5.18 and 5.20, bisect points to
098b07d5cb1d6aa13b81a0f43ea5e151829ad26c is the first bad commit
commit 098b07d5cb1d6aa13b81a0f43ea5e151829ad26c
Author: Karl Williamson <public@khwilliamson.com>
Date: Tue Aug 20 21:51:23 2013 -0600
Allow trie use for /iaa matching
This adds code so that tries can be formed under /iaa, which formerly
weren't handled. A problem occurs when the string contains the LATIN
SMALL LETTER SHARP S when the regex pattern is not UTF-8 encoded. I
tried several ways to get this to work easily, but ended up deciding it
was too hard, to in this one situation, a new regnode is created to
prevent the trie code from even trying to turn it into a trie.
[Please do not change anything below this line]
Flags:
category=core
severity=medium
Site configuration information for perl 5.31.6:
Configured by dur-randir at Fri Nov 8 05:18:19 MSK 2019.
Summary of my perl5 (revision 5 version 31 subversion 6) configuration:
Commit id: 1462134
Platform:
osname=darwin
osvers=13.4.0
archname=darwin-2level
uname='darwin isengard.local 13.4.0 darwin kernel version 13.4.0: mon jan 11 18:17:34 pst 2016; root:xnu-2422.115.15~1release_x86_64 x86_64 '
config_args='-de -Dusedevel -DDEBUGGING'
hint=recommended
useposix=true
d_sigaction=define
useithreads=undef
usemultiplicity=undef
use64bitint=define
use64bitall=define
uselongdouble=undef
usemymalloc=n
default_inc_excludes_dot=define
bincompat5005=undef
Compiler:
cc='cc'
ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -I/opt/local/include -DPERL_USE_SAFE_PUTENV'
optimize='-O3 -g'
cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=10.9 -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -I/opt/local/include'
ccversion=''
gccversion='4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)'
gccosandvers=''
intsize=4
longsize=8
ptrsize=8
doublesize=8
byteorder=12345678
doublekind=3
d_longlong=define
longlongsize=8
d_longdbl=define
longdblsize=16
longdblkind=3
ivtype='long'
ivsize=8
nvtype='double'
nvsize=8
Off_t='off_t'
lseeksize=8
alignbytes=8
prototype=define
Linker and Libraries:
ld='cc'
ldflags =' -mmacosx-version-min=10.9 -fstack-protector -L/usr/local/lib -L/opt/local/lib'
libpth=/usr/local/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/6.0/lib /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib /usr/lib /opt/local/lib
libs=-lpthread -lgdbm -ldbm -ldl -lm -lutil -lc
perllibs=-lpthread -ldl -lm -lutil -lc
libc=
so=dylib
useshrplib=false
libperl=libperl.a
gnulibc_version=''
Dynamic Linking:
dlsrc=dl_dlopen.xs
dlext=bundle
d_dlsymun=undef
ccdlflags=' '
cccdlflags=' '
lddlflags=' -mmacosx-version-min=10.9 -bundle -undefined dynamic_lookup -L/usr/local/lib -L/opt/local/lib -fstack-protector'
@inc for perl 5.31.6:
lib
/usr/local/lib/perl5/site_perl/5.31.6/darwin-2level
/usr/local/lib/perl5/site_perl/5.31.6
/usr/local/lib/perl5/5.31.6/darwin-2level
/usr/local/lib/perl5/5.31.6
Environment for perl 5.31.6:
DYLD_LIBRARY_PATH (unset)
HOME=/Users/dur-randir
LANG=en_US.UTF-8
LANGUAGE (unset)
LC_CTYPE=en_US.UTF-8
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.26.0/bin:/opt/local/bin:/usr/texbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/Library/TeX/texbin
PERLBREW_HOME=/Users/dur-randir/.perlbrew
PERLBREW_MANPATH=/Users/dur-randir/perlbrew/perls/perl-5.26.0/man
PERLBREW_PATH=/Users/dur-randir/perlbrew/bin:/Users/dur-randir/perlbrew/perls/perl-5.26.0/bin
PERLBREW_PERL=perl-5.26.0
PERLBREW_ROOT=/Users/dur-randir/perlbrew
PERLBREW_SHELLRC_VERSION=0.86
PERLBREW_VERSION=0.86
PERL_BADLANG (unset)
SHELL=/opt/local/bin/zsh