Bug#894140: perl: Stack Exhaustion in current perl stable

Dongliang Mu mudongliangabcd at outlook.com
Mon Mar 26 18:29:20 UTC 2018 

Package: perl
Version: 5.26.1-5
Severity: normal
Tags: upstream

A stack exhaustion issue was discovered in Perl 5.26.1. Stack Exhaustion occurs
in checking regular expression for a "()" pair. When Perl interprets one "(",
it will allocate four stack frames (S_reg, S_regbranch, S_regpiece, S_regatom).
If the next character is still '(' other than ')', it will continue to allocate
four stack frames the stack trace. When there are over 3314 '(', it will
segment fault and crash.

The stack trace for the crash is as follows,

Program received signal SIGSEGV, Segmentation fault.
0x00000000005d005b in S_reg (pRExC_state=0x7fffffffd5c0, paren=2,
flagp=0x7fffff7ff3a0,
    depth=<error reading variable: Cannot access memory at address
0x7fffff7feee0>) at regcomp.c:10574
10574   {
(gdb) info stack
#0  0x00000000005d005b in S_reg (pRExC_state=0x7fffffffd5c0, paren=2,
flagp=0x7fffff7ff3a0,
    depth=<error reading variable: Cannot access memory at address
0x7fffff7feee0>) at regcomp.c:10574
#1  0x000000000061ebc0 in S_regatom (pRExC_state=0x7fffffffd5c0,
flagp=0x7fffff7ff7a0,
    depth=<optimized out>) at regcomp.c:12565
#2  0x00000000005fde20 in S_regpiece (pRExC_state=<optimized out>,
    flagp=<error reading variable: access outside bounds of object referenced
via synthetic pointer>,
    depth=<optimized out>) at regcomp.c:11669
#3  S_regbranch (pRExC_state=<optimized out>, flagp=0x7fffff7ff9a0,
first=<optimized out>,
    depth=<optimized out>) at regcomp.c:11594
#4  0x00000000005d3476 in S_reg (pRExC_state=<optimized out>,
    paren=<error reading variable: Cannot access memory at address 0x3a>,
flagp=0x7fffff7ffd80,
    depth=<optimized out>) at regcomp.c:11332
#5  0x000000000061ebc0 in S_regatom (pRExC_state=0x7fffffffd5c0,
flagp=0x7fffff800180,
    depth=<optimized out>) at regcomp.c:12565
#6  0x00000000005fde20 in S_regpiece (pRExC_state=<optimized out>,
    flagp=<error reading variable: access outside bounds of object referenced
via synthetic pointer>,
    depth=<optimized out>) at regcomp.c:11669
#7  S_regbranch (pRExC_state=<optimized out>, flagp=0x7fffff800380,
first=<optimized out>,
    depth=<optimized out>) at regcomp.c:11594
#8  0x00000000005d3476 in S_reg (pRExC_state=<optimized out>,
    paren=<error reading variable: Cannot access memory at address 0x3a>,
flagp=0x7fffff800760,
    depth=<optimized out>) at regcomp.c:11332
#9  0x000000000061ebc0 in S_regatom (pRExC_state=0x7fffffffd5c0,
flagp=0x7fffff800b60,
    depth=<optimized out>) at regcomp.c:12565
#10 0x00000000005fde20 in S_regpiece (pRExC_state=<optimized out>,
    flagp=<error reading variable: access outside bounds of object referenced
via synthetic pointer>,
    depth=<optimized out>) at regcomp.c:11669
......



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages perl depends on:
ii  dpkg               1.19.0.5
ii  libperl5.26        5.26.1-5
ii  perl-base          5.26.1-5
ii  perl-modules-5.26  5.26.1-5

Versions of packages perl recommends:
ii  netbase  5.4

Versions of packages perl suggests:
pn  libterm-readline-gnu-perl | libterm-readline-perl-perl  <none>
ii  make                                                    4.1-9.1
pn  perl-doc                                                <none>

-- no debconf information

More information about the Perl-maintainers mailing list