Re: [perl #127902] [BUG] segmentation fault when defining multi sub cross

Fri, 15 Apr 2016 12:37:37 -0700 

On Thu, Apr 14, 2016 at 03:22:37PM -0700, Caligo Wall wrote:

> This causes segmentation fault:
> 
> perl6 -e "multi sub cross() { }"

Thanks for the report.

It's an interesting failure - ASAN reports an out of bounds read:

$ ./perl6-m -e "multi sub cross() { }"
=================================================================
==10839==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x60300026c138 at pc 0x7f4e04aa7545 bp 0x7fffc486d790 sp 0x7fffc486d788
READ of size 8 at 0x60300026c138 thread T0
    #0 0x7f4e04aa7544 in get_attribute src/6model/reprs/P6opaque.c:227
    #1 0x7f4e0495789f in MVM_interp_run src/core/interp.c:1955
    #2 0x7f4e04c33519 in MVM_vm_run_file src/moar.c:303
    #3 0x401a4f in main src/main.c:191
    #4 0x7f4e0417ed5c in __libc_start_main (/lib64/libc.so.6+0x1ed5c)
    #5 0x401058 (/home/nicholas/Sandpit/moar-san/bin/moar+0x401058)

0x60300026c138 is located 8 bytes to the left of 24-byte region 
[0x60300026c140,0x60300026c158)
allocated by thread T0 here:
    #0 0x7f4e0555562f in __interceptor_malloc 
../../.././libsanitizer/asan/asan_malloc_linux.cc:72
    #1 0x7f4e04b36799 in MVM_malloc src/core/alloc.h:2
    #2 0x7f4e04b4a09d in deserialize_stable src/6model/serialization.c:2436
    #3 0x7f4e04b4be9d in work_loop src/6model/serialization.c:2597
    #4 0x7f4e04b4c72f in MVM_serialization_demand_stable 
src/6model/serialization.c:2667
    #5 0x7f4e04b33be1 in MVM_sc_get_stable src/6model/sc.c:244
    #6 0x7f4e04b4815d in read_object_table_entry src/6model/serialization.c:2145
    #7 0x7f4e04b4da96 in repossess src/6model/serialization.c:2828
    #8 0x7f4e04b4ed51 in MVM_serialization_deserialize 
src/6model/serialization.c:2986
    #9 0x7f4e0496e8ea in MVM_interp_run src/core/interp.c:3003
    #10 0x7f4e04c33519 in MVM_vm_run_file src/moar.c:303
    #11 0x401a4f in main src/main.c:191
    #12 0x7f4e0417ed5c in __libc_start_main (/lib64/libc.so.6+0x1ed5c)

SUMMARY: AddressSanitizer: heap-buffer-overflow src/6model/reprs/P6opaque.c:227 
get_attribute
Shadow bytes around the buggy address:
  0x0c06800457d0: 00 fa fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa
  0x0c06800457e0: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 04 fa
  0x0c06800457f0: fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa 00 00
  0x0c0680045800: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa
  0x0c0680045810: 00 00 00 00 fa fa 00 00 00 fa fa fa 00 00 00 fa
=>0x0c0680045820: fa fa 00 00 00 fa fa[fa]00 00 00 fa fa fa 00 00
  0x0c0680045830: 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
  0x0c0680045840: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa
  0x0c0680045850: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00
  0x0c0680045860: 00 fa fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
  0x0c0680045870: 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==10839==ABORTING

[hopefully with formatting fixed]

Nicholas Clark

Reply via email to