found 454792 5.10.0-7
thanks
On Fri, Dec 07, 2007 at 02:03:25PM -0800, Don Armstrong wrote:
> Package: perl
> Severity: serious
> Version: 5.8.8-7etch1
> Tags: security
>
> A trivial program containing a regex with UTF8 characters causes a
> double free error and segfault:
> *** glibc detected *** debugperl: double free or corruption (!prev):
> 0x081e20e0 ***
There are still problems with 5.10.0, but they only show up for me with
'debugperl -Dm'. Note that '-Dm' crashes anyway when it's done due to
#474613, but we don't get that far here.
(BTW, the '-CSDA' perl option in the original example doesn't affect
this and needs to be removed when testing with 5.10.0.)
5.10.0-7 on amd64:
*** glibc detected *** debugperl: malloc(): memory corruption:
0x000000000077faf8 ***
Backtrace:
#0 0x00002afb031d41d5 in raise () from /lib/libc.so.6
#1 0x00002afb031d5680 in abort () from /lib/libc.so.6
#2 0x00002afb0320cf4b in ?? () from /lib/libc.so.6
#3 0x00002afb0321201d in ?? () from /lib/libc.so.6
#4 0x00002afb032142a6 in ?? () from /lib/libc.so.6
#5 0x00002afb03215266 in ?? () from /lib/libc.so.6
#6 0x00002afb03215e17 in realloc () from /lib/libc.so.6
#7 0x000000000045eb9a in Perl_safesysrealloc (where=0x8b08b0, size=168) at
util.c:178
#8 0x000000000049493f in Perl_sv_grow (my_perl=<value optimized out>,
sv=0x88de88, newlen=144)
at sv.c:1437
#9 0x0000000000495962 in Perl_sv_catpvn_flags (my_perl=0x77f010, dsv=0x88de88,
sstr=0x79b738 "/usr/share/perl5", slen=16, flags=0) at sv.c:4241
#10 0x000000000049b826 in Perl_sv_catsv_flags (my_perl=0x77f010, dsv=0x88de88,
ssv=0x784008, flags=2)
at sv.c:4302
#11 0x00000000004b908a in Perl_pp_require (my_perl=0x77f010) at pp_ctl.c:3457
#12 0x00000000004533f1 in Perl_runops_debug (my_perl=0x77f010) at dump.c:1931
#13 0x0000000000472618 in Perl_call_sv (my_perl=0x77f010, sv=0x7a2610, flags=6)
at perl.c:2646
#14 0x0000000000472b50 in Perl_call_list (my_perl=0xc32, oldscope=8,
paramList=0x7a2400) at perl.c:5195
#15 0x000000000042239b in S_process_special_blocks (my_perl=0x77f010,
fullname=<value optimized out>,
gv=0x7a26d0, cv=0x7a2610) at op.c:5631
#16 0x000000000042defe in Perl_newATTRSUB (my_perl=0x77f010, floor=166,
o=<value optimized out>,
proto=<value optimized out>, attrs=0x0, block=0x7b2040) at op.c:5604
#17 0x000000000042cbe8 in Perl_utilize (my_perl=0x77f010, aver=1, floor=166,
version=0x0, idop=0x7b1b50,
arg=0x0) at op.c:3757
#18 0x00000000005391ed in Perl_yyparse (my_perl=0x77f010) at perly.y:654
#19 0x00000000004b5f9c in S_doeval (my_perl=0x77f010, gimme=0, startop=0x0,
outside=0x0, seq=0)
at pp_ctl.c:2916
#20 0x00000000004b8c1b in Perl_pp_require (my_perl=0x77f010) at pp_ctl.c:3520
#21 0x00000000004533f1 in Perl_runops_debug (my_perl=0x77f010) at dump.c:1931
#22 0x0000000000472618 in Perl_call_sv (my_perl=0x77f010, sv=0x7a2208, flags=6)
at perl.c:2646
#23 0x0000000000472b50 in Perl_call_list (my_perl=0xc32, oldscope=2,
paramList=0x7a2310) at perl.c:5195
#24 0x000000000042239b in S_process_special_blocks (my_perl=0x77f010,
fullname=<value optimized out>,
gv=0x7a22e0, cv=0x7a2208) at op.c:5631
#25 0x000000000042defe in Perl_newATTRSUB (my_perl=0x77f010, floor=27, o=<value
optimized out>,
proto=<value optimized out>, attrs=0x0, block=0x7a8000) at op.c:5604
#26 0x000000000042cbe8 in Perl_utilize (my_perl=0x77f010, aver=1, floor=27,
version=0x0, idop=0x7a98f0,
arg=0x7a8b60) at op.c:3757
#27 0x00000000005391ed in Perl_yyparse (my_perl=0x77f010) at perly.y:654
#28 0x0000000000474ac1 in S_parse_body (my_perl=0x77f010, env=0x0,
xsinit=0x4214c0 <xs_init>)
at perl.c:2230
#29 0x0000000000475a83 in perl_parse (my_perl=0x77f010, xsinit=0x4214c0
<xs_init>, argc=3,
argv=0x7fffa81bde88, env=0x0) at perl.c:1650
#30 0x000000000042146b in main (argc=3, argv=0x7fffa81bde88,
env=0x7fffa81bdea8) at perlmain.c:111
Cheers,
--
Niko Tyni [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
