Red Hat Bugzilla – Bug 694166
CVE-2010-4777 perl: assertion failure with certain regular expressions
Last modified: 2011-04-07 14:17:35 EDT
It was reported  that perl suffers from an assertion failure in certain regular expressions. This could cause crashes in certain programs, such as OCSInventory  and SpamAssassin .
I am unable to reproduce this on Fedora 14, RHEL6, RHEL5, or RHEL4. Using the reproducer from http://rt.perl.org/rt3/Ticket/Attachment/548804/260938/ I get no crashes:
% perl sample3.pl
Our versions look like they _should_ be affected, but for some reason we're not seeing the assertion failures at all. I've tried with all three samples.
We do not build perl with -g, so I do not believe assertion checks are enabled. Can someone comment as to why we are not seeing these assertion failures? I do believe this is a non-issue for us, but would like to understand why.
We do not see assertions because they are disabled. The Configure -DDEBUGGING=-g option switches compiler debugging data generation on but does not define DEBUGGING symbol needed to enable asserts (perl.h:3880).
If you want to enable asserts, you need to Configure -DDEBUGGING=both (Configure:5080). Then I get assertion abort with second case from :
$ LANG=en_US.UTF-8 LD_LIBRARY_PATH=$PWD ./perl ~petr/perl/assertion_bug-CVE-2010-4777/case1
perl: regcomp.c:5199: Perl_reg_numbered_buff_fetch: Assertion `rx->sublen >= (s - rx->subbeg) + i' failed.
Neúspěšně ukončen (SIGABRT) (core dumped [obraz paměti uložen])
Asserts are not enabled because of performance penalty.
Thanks for that explanation, Petr.
Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not have asserts enabled.