Description
This is a bug report for perl from sergey.aleynikov@gmail.com,
generated with the help of perlbug 1.41 running under perl 5.31.10.
[Please describe your issue here]
While fuzzing perl v5.31.9-70-g0c96aa4b7b built with afl and run
under libdislocator, I found the following program
x c t{}sort{my
sub p}0
to cause an assertion failure
perl: op.c:14484: Perl_rpeep: Assertion `(kid->op_type == OP_NULL && ( kid->op_targ == OP_NEXTSTATE || kid->op_targ == OP_DBSTATE )) || kid->op_type == OP_STUB || kid->op_type == OP_ENTER || (PL_parser && PL_parser->error_count)' failed.
GDB stack trace is:
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7c24535 in __GI_abort () at abort.c:79
#2 0x00007ffff7c2440f in __assert_fail_base (fmt=0x7ffff7d86ee0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x555555951df8 "(kid->op_type == OP_NULL && ( kid->op_targ == OP_NEXTSTATE || kid->op_targ == OP_DBSTATE )) || kid->op_type == OP_STUB || kid->op_type == OP_ENTER || (PL_parser && PL_parser->error_count)", file=0x555555949b51 "op.c", line=17672, function=) at assert.c:92
#3 0x00007ffff7c32102 in __GI___assert_fail (
assertion=0x555555951df8 "(kid->op_type == OP_NULL && ( kid->op_targ == OP_NEXTSTATE || kid->op_targ == OP_DBSTATE )) || kid->op_type == OP_STUB || kid->op_type == OP_ENTER || (PL_parser && PL_parser->error_count)", file=0x555555949b51 "op.c", line=17672,
function=0x555555953d68 <PRETTY_FUNCTION.23623> "Perl_rpeep") at assert.c:101
#4 0x00005555555e569a in Perl_rpeep (o=0x555555c44d58) at op.c:17666
#5 0x00005555555e64c1 in Perl_peep (o=0x555555c44b88) at op.c:18024
#6 0x00005555555ae3db in S_process_optree (cv=0x0, optree=0x555555c44bb8, start=0x555555c44b88) at op.c:3670
#7 0x00005555555b673c in Perl_newPROG (o=0x555555c44bb8) at op.c:5895
#8 0x000055555566ec71 in Perl_yyparse (gramtype=258) at perly.y:127
#9 0x00005555555efa04 in S_parse_body (env=0x0, xsinit=0x5555555a21ff <xs_init>) at perl.c:2574
#10 0x00005555555eddf0 in perl_parse (my_perl=0x555555c15260, xsinit=0x5555555a21ff <xs_init>, argc=2, argv=0x7fffffffe1b8, env=0x0) at perl.c:1869
#11 0x00005555555a213d in main (argc=2, argv=0x7fffffffe1b8, env=0x7fffffffe1d0) at perlmain.c:132
This is a regression between 5.24 and 5.26, bisect points to 60e04ba is the first bad commit
commit 60e04ba1a34f784612d20e526a0ce38e47a53cf1
Author: Father Chrysostomos <sprout@cpan.org>
Date: Fri May 20 12:45:10 2016 -0700
Enable lex subs everywhere; suppress warning
Adjust tests, too.
[Please do not change anything below this line]
Flags:
category=core
severity=low
Site configuration information for perl 5.31.10:
Configured by root at Fri Mar 13 17:15:02 MSK 2020.
Summary of my perl5 (revision 5 version 31 subversion 10) configuration:
Commit id: 0c96aa4
Platform:
osname=linux
osvers=4.19.0-8-amd64
archname=x86_64-linux
uname='linux dorothy 4.19.0-8-amd64 #1 smp debian 4.19.98-1 (2020-01-26) x86_64 gnulinux '
config_args='-de -Dusedevel -Doptimize=-O2'
hint=recommended
useposix=true
d_sigaction=define
useithreads=undef
usemultiplicity=undef
use64bitint=define
use64bitall=define
uselongdouble=undef
usemymalloc=n
default_inc_excludes_dot=define
bincompat5005=undef
Compiler:
cc='cc'
ccflags ='-fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
optimize='-O2'
cppflags='-fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
ccversion=''
gccversion='8.3.0'
gccosandvers=''
intsize=4
longsize=8
ptrsize=8
doublesize=8
byteorder=12345678
doublekind=3
d_longlong=define
longlongsize=8
d_longdbl=define
longdblsize=16
longdblkind=3
ivtype='long'
ivsize=8
nvtype='double'
nvsize=8
Off_t='off_t'
lseeksize=8
alignbytes=8
prototype=define
Linker and Libraries:
ld='cc'
ldflags =' -fstack-protector-strong -L/usr/local/lib'
libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
libc=libc-2.28.so
so=so
useshrplib=false
libperl=libperl.a
gnulibc_version='2.28'
Dynamic Linking:
dlsrc=dl_dlopen.xs
dlext=so
d_dlsymun=undef
ccdlflags='-Wl,-E'
cccdlflags='-fPIC'
lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector-strong'
@inc for perl 5.31.10:
lib
/usr/local/lib/perl5/site_perl/5.31.10/x86_64-linux
/usr/local/lib/perl5/site_perl/5.31.10
/usr/local/lib/perl5/5.31.10/x86_64-linux
/usr/local/lib/perl5/5.31.10
Environment for perl 5.31.10:
HOME=/home/afl
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_CTYPE=en_US.UTF-8
LC_TIME=C
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.30.0-dbg/bin:/opt/local/bin:/usr/texbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PERLBREW_HOME=/home/afl/.perlbrew
PERLBREW_MANPATH=/home/afl/perlbrew/perls/perl-5.30.0-dbg/man
PERLBREW_PATH=/home/afl/perlbrew/bin:/home/afl/perlbrew/perls/perl-5.30.0-dbg/bin
PERLBREW_PERL=perl-5.30.0-dbg
PERLBREW_ROOT=/home/afl/perlbrew
PERLBREW_SHELLRC_VERSION=0.88
PERLBREW_VERSION=0.88
PERL_BADLANG (unset)