Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion `cur_pos + lengths[index_of_longest] <= C_ARRAY_LENGTH(m->matches)' failed. #18451

Closed
geeknik opened this issue Dec 30, 2020 · 2 comments
Closed

Assertion `cur_pos + lengths[index_of_longest] <= C_ARRAY_LENGTH(m->matches)' failed. #18451

geeknik opened this issue Dec 30, 2020 · 2 comments
Labels
Needs Triage

Comments

@geeknik
Copy link

geeknik commented Dec 30, 2020

perl -e $(echo "cy0tXDYwMC0tLzA/39/f33NcNTAwfC9p" | base64 -d)

perl: regexec.c:4986: _Bool S_setup_EXACTISH_ST(const regnode *const, struct next_matchable_info *, regmatch_info *): Assertion `cur_pos + lengths[index_of_longest] <= C_ARRAY_LENGTH(m->matches)' failed.
Aborted

perl -V:

Summary of my perl5 (revision 5 version 33 subversion 6) configuration:
  Commit id: 3e793456f290720aae56fa4de27535046ea3f467
  Platform:
    osname=linux
    osvers=5.4.0-51-generic
    archname=x86_64-linux
    uname='linux ams3-01 5.4.0-51-generic #56-ubuntu smp mon oct 5 14:28:49 utc 2020 x86_64 x86_64 x86_64 gnulinux '
    config_args='-des -Dusedevel -DDEBUGGING -Dcc=afl-clang-fast -Doptimize=-O2 -g3 -Accflags=-fsanitize=address -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp -fno-omit-frame-pointer -fno-inline-functions -Aldflags=-fsanitize=address -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp -fno-omit-frame-pointer -fno-inline-functions'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
  Compiler:
    cc='afl-clang-fast'
    ccflags ='-fsanitize=address -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp -fno-omit-frame-pointer -fno-inline-functions -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    optimize='-O2 -g3'
    cppflags='-fsanitize=address -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp -fno-omit-frame-pointer -fno-inline-functions -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
    ccversion=''
    gccversion='Clang 10.0.0 '
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='afl-clang-fast'
    ldflags =' -fsanitize=address -fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp -fno-omit-frame-pointer -fno-inline-functions -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/llvm-10/lib/clang/10.0.0/lib /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /lib64 /usr/lib64
    libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.31.so
    so=so
    useshrplib=false
    libperl=libperl.a
    gnulibc_version='2.31'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -O2 -g3 -L/usr/local/lib -fstack-protector-strong'


Characteristics of this binary (from libperl):
  Compile-time options:
    DEBUGGING
    HAS_TIMES
    PERLIO_LAYERS
    PERL_COPY_ON_WRITE
    PERL_DONT_CREATE_GVSV
    PERL_MALLOC_WRAP
    PERL_OP_PARENT
    PERL_PRESERVE_IVUV
    PERL_USE_DEVEL
    USE_64_BIT_ALL
    USE_64_BIT_INT
    USE_LARGE_FILES
    USE_LOCALE
    USE_LOCALE_COLLATE
    USE_LOCALE_CTYPE
    USE_LOCALE_NUMERIC
    USE_LOCALE_TIME
    USE_PERLIO
    USE_PERL_ATOF
  Built under linux
  Compiled at Dec 26 2020 19:10:13
  @INC:
    /root/perl5/lib
    /usr/local/lib/perl5/site_perl/5.33.6/x86_64-linux
    /usr/local/lib/perl5/site_perl/5.33.6
    /usr/local/lib/perl5/5.33.6/x86_64-linux
    /usr/local/lib/perl5/5.33.6
@hvds
Copy link
Contributor

hvds commented Jan 1, 2021

@geeknik thanks for the report; the test case is equivalent to perl -e '$_="\600"; /0?\xdf\xdf\xdf\xdfs\500|/i'.

@khwilliamson in this case we hit this chunk at regexec.c:4697:

     * Everything generally matches at least itself.  But if there is a
     * UTF8ness mismatch, we have to convert to that of the target string. */
    if (utf8_pat == utf8_target || UTF8_IS_INVARIANT(*pat)) {
        lengths[0] = MIN(pat_len, C_ARRAY_LENGTH(matches[0]));
        Copy(pat, matches[0], lengths[0], U8);
        m->count++;
    }

.. which sets lengths[0] to 11, is that intentional? I would have expected it to want only the first character.

We end up with:

(gdb) p /x lengths[0]@6
$1 = {0xb, 0x1, 0x2, 0x2, 0x3, 0x0}

.. which adds up to 19.

khwilliamson added a commit that referenced this issue Jan 3, 2021
@khwilliamson
regexec.c: Fix assertion failure GH #18451
46033c9 
This was caused by copying too many characters for the size of the
buffer.  Only one character is needed.
@khwilliamson
Copy link
Contributor

Indeed, @hvds is correct. that only one character should have been copied

Corion pushed a commit to Corion/perl5 that referenced this issue Jun 20, 2021
@khwilliamson
regexec.c: Fix assertion failure GH Perl#18451
419d3f5 
This was caused by copying too many characters for the size of the
buffer.  Only one character is needed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@khwilliamson @geeknik @hvds