pkg/38092: perl5.8.8nb6 regexp coredump

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/38092: perl5.8.8nb6 regexp coredump
From: aniou%smutek.pl@localhost
Date: Sat, 23 Feb 2008 10:40:00 +0000 (UTC)

>Number:         38092
>Category:       pkg
>Synopsis:       perl5.8.8nb6 regexp coredump
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 23 10:40:00 +0000 2008
>Originator:     Piotr Meyer
>Release:        NetBSD 4.0
>Organization:
>Environment:
NetBSD drozd.smutek.pl 4.0_STABLE NetBSD 4.0_STABLE (DROZD) #0: Tue Dec 18 
09:14:16 CET 2007 
root%drozd.smutek.pl@localhost:/usr/obj/sys/arch/i386/compile/DROZD i386
>Description:
Some days ago i found mail message with mailformed From: header that cause 
core-dumps in my amavisd-new. After short investigation I extracted header and 
problematic code from amavisd-new.  It's looks like a variation of old "utf and 
regexp" bug. I tested some versions of perl and found, that affected are RedHat 
(native, 64bit), CentoOS native and pkgsrc (both 64bit), NetBSD (pkgsrc with RH 
patch, 32bit), Debian stable (native,32bit) - all with perl5.8.8. 

Some peoples reported that FreeBSD 6.3-RELEASE with perl5.8.8, 64bit is safe. 

Trace:

$ gdb perl perl.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsdelf"...(no debugging symbols found)

Reading symbols from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so...(no 
debugging symbols found)...done.
Loaded symbols for 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
Reading symbols from /usr/lib/libm387.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib/libm387.so.0
Reading symbols from /usr/lib/libm.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libcrypt.so.0...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib/libcrypt.so.0
Reading symbols from /usr/lib/libpthread.so.0...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpthread.so.0
Reading symbols from /usr/lib/libc.so.12...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/lib/i18n/libUTF8.so.4.4...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib/i18n/libUTF8.so.4.4
Reading symbols from /usr/libexec/ld.elf_so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/libexec/ld.elf_so

Core was generated by `perl'.
Program terminated with signal 11, Segmentation fault.
#0  0xbbb883c6 in S_reginclass () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
(gdb) bt
#0  0xbbb883c6 in S_reginclass () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#1  0xbbb8d61d in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#2  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#3  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#5  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#6  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#7  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#8  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#9  0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#10 0xbbb8d7ed in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so

...

#4197 0xbbb8cb1d in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4198 0xbbb8bae1 in S_regmatch () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4199 0xbbb8ede3 in S_regtry () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4200 0xbbb9305f in Perl_regexec_flags () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4201 0xbbb382f2 in Perl_pp_match () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4202 0xbbb320b9 in Perl_runops_standard () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4203 0xbbad6ee0 in perl_run () from 
/usr/pkg/lib/perl5/5.8.0/i386-netbsd-thread-multi/CORE/libperl.so
#4204 0x0804950e in main ()
(gdb)


>How-To-Repeat:
Take extracted header and code from into same directory

http://smutek.pl/~aniou/kill_amavis.pl.txt
http://smutek.pl/~aniou/kill_header.bin

And run 'perl kill_amavis.pl.txt', but I don't take responsibility for side 
effects :(
>Fix:

Prev by Date: Re: pkg/36853
Next by Date: Re: pkg/33499 (net/ipw: patch to fix local variable conflict with global)
Previous by Thread: PR/38089 CVS commit: pkgsrc/wm/mlvwm
Next by Thread: Re: pkg/38092: perl5.8.8nb6 regexp coredump
Indexes:

Home | Main Index | Thread Index | Old Index