Mailing List Archive

[perl #123782] SEGV on wraparound
# New Ticket Created by Hugo van der Sanden
# Please include the string: [perl #123782]
# in the subject line of all future correspondence about this issue.
# <URL: >

% miniperl -ce '/(?7777777777)/'
Segmentation fault (core dumped)

Found by AFL (<>).

This is caused by integer wraparound on a UV to I32 conversion; will add a fix shortly.
[perl #123782] SEGV on wraparound [ In reply to ]
Now fixed with b3725d49f9:

[perl #123782] regcomp: check for overflow on /(?123)/

AFL (<>) found that the UV to I32 conversion
can evade the necessary range checks on wraparound, leading to bad reads.

Check for it, and force to I32_MAX, expecting that this will usually
yield a "Reference to nonexistent group" error.


via perlbug: queue: perl5 status: new