-
Notifications
You must be signed in to change notification settings - Fork 561
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in Perl_grok_infnan #17370
Comments
khwilliamson
added a commit
that referenced
this issue
Dec 17, 2019
Like GH #17367, this was caused by a failure to check that we aren't at the end of the buffer after advancing the ptr to it.
khwilliamson
added a commit
that referenced
this issue
Dec 17, 2019
I only added a test, but not the change in 9f16475. The test passes except when run under address sanitizer or valgrind.
steve-m-hay
pushed a commit
that referenced
this issue
Feb 12, 2020
lightsey
added a commit
to lightsey/perl5
that referenced
this issue
Aug 20, 2020
The grok_infnan() function was walking past the end of the string while skipping over trailing '0' characters. This another variation of Perl#17370.
lightsey
added a commit
to lightsey/perl5
that referenced
this issue
Aug 20, 2020
The grok_infnan() function was walking past the end of the string while skipping over trailing '0' characters. This is another variation of Perl#17370.
lightsey
added a commit
to lightsey/perl5
that referenced
this issue
Aug 21, 2020
The grok_infnan() function was walking past the end of the string while skipping over trailing '0' characters. This is another variation of Perl#17370.
lightsey
added a commit
to lightsey/perl5
that referenced
this issue
Aug 21, 2020
The grok_infnan() function was walking past the end of the string while skipping over trailing '0' characters. This is another variation of Perl#17370.
khwilliamson
pushed a commit
that referenced
this issue
Aug 22, 2020
The grok_infnan() function was walking past the end of the string while skipping over trailing '0' characters. This is another variation of #17370.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a bug report for perl from sergey.aleynikov@gmail.com,
generated with the help of perlbug 1.41 running under perl 5.31.6.
[Please describe your issue here]
While fuzzing perl v5.31.5-213-g9bec17d7c built with afl and run
under libdislocator, I found the following program
0=~/\p{nv=qnan}/
to cause heap-buffer-overflow. ASAN diagnostics are:
This is regression between 5.28 and 5.30, bisect points to
f394a63 is the first bad commit
commit f394a63
Author: Karl Williamson khw@cpan.org
Date: Mon Apr 30 10:39:46 2018 -0600
The text was updated successfully, but these errors were encountered: