Bug 821405

Summary: Regular expression compiler miscounts capturing parenthesis
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: perlAssignee: Marcela Mašláňová <mmaslano>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: cweyl, iarnell, kasal, lkundrak, mmaslano, ppisar, psabata, rc040203, tcallawa
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://rt.perl.org/rt3/Public/Bug/Display.html?id=112874
Whiteboard:
Fixed In Version: perl-5.12.4-166.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-31 00:55:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Reproducer
none
Fix ported to 5.12.4 none

Description Petr Pisar 2012-05-14 11:46:58 UTC
perl-5.12.4 exhibits this problem:

#!/usr/bin/perl
use strict; use warnings;
    
$_ = 'aaa x=${ \$x } bbb a=@a=@{ \@a } ccc';
s{
   ([\$\@])
   (?|   # re-use $1, $2 etc in each alternation
     ([^\w\s\{])
     | ( \{
            (
              (?> \\.
                  | [^\{\}\\]++
                  | \{ (?0) \}
              )*
            )
         \}
       )
   )
  }
  {replacement}xgs;

$ rpm -q perl
perl-5.12.4-165.fc15.x86_64
$ ./5_12_heap_corruption 
*** glibc detected *** /usr/bin/perl: free(): invalid next size (fast): 0x0000000000a722d0 ***
Neoprávněný přístup do paměti (SIGSEGV)

This has been fixed in:

commit fd4be6f07df0e6a021290ef721c5d73550e0248c
Author: Father Chrysostomos <sprout>
Date:   Fri Feb 25 20:45:08 2011 -0800

The only affected Fedora release is F15.

Comment 1 Petr Pisar 2012-05-14 11:49:16 UTC
Created attachment 584345 [details]
Reproducer

Comment 2 Petr Pisar 2012-05-14 12:41:26 UTC
Created attachment 584354 [details]
Fix ported to 5.12.4

Comment 3 Fedora Update System 2012-05-14 13:12:27 UTC
perl-5.12.4-166.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/perl-5.12.4-166.fc15

Comment 4 Fedora Update System 2012-05-15 23:26:51 UTC
Package perl-5.12.4-166.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing perl-5.12.4-166.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-7909/perl-5.12.4-166.fc15
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2012-05-31 00:55:22 UTC
perl-5.12.4-166.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.