Bug 493497 - Perl segfaults in S_regmatch after many recursions
Summary: Perl segfaults in S_regmatch after many recursions
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: perl
Version: 5.3
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: perl-maint-list
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-04-01 23:54 UTC by Bryan Mason
Modified: 2018-10-20 01:50 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-10-05 18:01:20 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Test script that segfaults (339 bytes, text/plain)
2009-04-01 23:54 UTC, Bryan Mason 		no flags Details
View All

Description Bryan Mason 2009-04-01 23:54:01 UTC 
Created attachment 337691 [details]
Test script that segfaults

Description of problem:

    Perl segfaults when processing very long strings.  The root
    problem is that S_regmatch is recursive and will eventually
    exhaust stack space after many recursions.

    The stack trace after the segfault looks like:

    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 48002166805024 (LWP 32224)]
    0x0000003957cde875 in S_regmatch (my_perl=0xdf97010, prog=0xfeae84)
       at regexec.c:2305
    2305   {

    (gdb) bt
    #0  0x0000003957cde875 in S_regmatch (my_perl=0xdf97010, prog=0xfeae84)
        at regexec.c:2305
    #1  0x0000003957cdea87 in S_regmatch (my_perl=0xdf97010,
        prog=<value optimized out>) at regexec.c:3908
    #2  0x0000003957ce16ce in S_regmatch (my_perl=0xdf97010,
        prog=<value optimized out>) at regexec.c:3332
    #3  0x0000003957ce16ce in S_regmatch (my_perl=0xdf97010,
        prog=<value optimized out>) at regexec.c:3332
    #4  0x0000003957ce16ce in S_regmatch (my_perl=0xdf97010,
        prog=<value optimized out>) at regexec.c:3332

    [...]

    #22456 0x0000003957cdfe41 in S_regmatch (my_perl=0xdf97010,
        prog=<value optimized out>) at regexec.c:3160
    #22457 0x0000003957cdfe41 in S_regmatch (my_perl=0xdf97010,
        prog=<value optimized out>) at regexec.c:3160
    #22458 0x0000003957cdfe41 in S_regmatch (my_perl=0xdf97010,
        prog=<value optimized out>) at regexec.c:3160
    #22459 0x0000003957ce2908 in S_regtry (my_perl=0xdf97010,
        prog=0xdfbfdb0, startpos=0xe033b09 "\" word word word word
        word word word word word word word word word word word word
        word word word word word word word word word word word word
        word word word word word word word word word word word
        wor"...) at regexec.c:2204
    #22460 0x0000003957ce6c20 in Perl_regexec_flags (my_perl=0xdf97010,
       prog=0xdfbfdb0, stringarg=<value optimized out>, strend=0xe039cb3 "",
       strbeg=0xe033b09 "\" word word word word word word word word
       word word word word word word word word word word word word
       word word word word word word word word word word word word
       word word word word word word word wor"...,
       minend=<value optimized out>, sv=0xdfe2da0, data=0x0,
       flags=<value optimized out>) at regexec.c:2031
    #22461 0x0000003957c91fdc in Perl_pp_subst (my_perl=0xdf97010) at 
       pp_hot.c:2107
    #22462 0x0000003957c8a0ae in Perl_runops_standard (my_perl=0xdf97010) at
       run.c:37
    #22463 0x0000003957c37f1a in perl_run (my_perl=0xdf97010) at perl.c:2372
    #22464 0x000000000040179c in main (argc=3, argv=0x7fff7927aca8,
       env=<value optimized out>) at perlmain.c:99

Version-Release number of selected component (if applicable):

    perl-5.8.8-40

How reproducible:

    100%

Steps to Reproduce:

    1. run attached sample script: "perl test-it281146.pl 5000"
  
Actual results:

    Segfault

Expected results:

    No segfault

Additional info:

    This issue has been documented in Debian bug 320727[1], and has
    been fixed upstream[2].  This problem does not occur with
    perl-5.10.0-56 in Fedora 10.

    I've been attempting to backport the upstream patch, but would
    like some guidance on whether or not this would be considered too
    invasive a change for a RHEL update.

[1]http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320727
[2]http://perl5.git.perl.org/perl.git/commit/95b244405438253236d34c3edcbd0892a86c2dd1
Comment 1 Marcela Mašláňová 2009-04-14 14:36:08 UTC 
I'm sorry for so long response time.

Does it impact our customers or our servers?

This is invasive change because you can easily overlook some consequence. I didn't look at the differences between upstream version and our version of this file yet, but there would be probably many. The main problem is that you usually need backport also other preceding patches and you can easily miss something important or change something else unintentionally.
Comment 2 Bryan Mason 2009-04-14 20:28:12 UTC 
This is impacting one of our customers.  I've requested additional details.
Comment 7 RHEL Program Management 2010-08-09 19:07:52 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Note You need to log in before you can comment on or make changes to this bug.