Not OK: perl v5.7.0 +SUIDMAIL +DEVEL6855 on i586-linux 2.2.12 (UNINSTA\

[p5pRT]

Migrated from rt.perl.org#3909 (status was 'resolved')

Searchable as RT3909$

[p5pRT]

From @nwc10

Apart from sfio causing op/misc test 48 to fail, bytecode is unhappy​:

nick@​fruitbat [Bytecode]$ bin/perlcc -B -o hw hw.pl
nick@​fruitbat [Bytecode]$ cat hw.pl
#!/usr/local/bin/perl -w
print "hello world\n";
nick@​fruitbat [Bytecode]$ bin/perl hw
Segmentation fault
nick@​fruitbat [139]$
nick@​fruitbat [Bytecode]$ gdb bin/perl
GNU gdb 19990928
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(gdb) run hw
Starting program​: /home/nick/Bytecode/bin/perl hw

Program received signal SIGSEGV, Segmentation fault.
0x400e2b48 in free () from /lib/libc.so.6
(gdb) where
#0 0x400e2b48 in free () from /lib/libc.so.6
#1 0x400e2aed in free () from /lib/libc.so.6
#2 0x80b350c in Perl_safesysfree (where=0x813f600) at util.c​:165
#3 0x806f53c in byterun (bstate=0xbffff4a4) at byterun.c​:62
#4 0x806ee03 in byteloader_filter (idx=0, buf_sv=0x813fedc, maxlen=0)
  at ByteLoader.xs​:96
#5 0x807f753 in Perl_filter_read (idx=0, buf_sv=0x813fedc, maxlen=0)
  at toke.c​:1973
#6 0x807f79b in S_filter_gets (sv=0x813fedc, fp=0x8146368, append=0)
  at toke.c​:1988
#7 0x8080c0b in Perl_yylex () at toke.c​:2485
#8 0x80935d2 in Perl_yyparse () at perly.c​:1432
#9 0x8072fc7 in S_parse_body (env=0x0, xsinit=0x805b608 <xs_init>)
  at perl.c​:1294
#10 0x8072593 in perl_parse (my_perl=0x813fec0, xsinit=0x805b608 <xs_init>,
  argc=2, argv=0xbffffcd4, env=0x0) at perl.c​:875
#11 0x805b5a9 in main (argc=2, argv=0xbffffcd4, env=0xbffffce0)
  at perlmain.c​:50

the free in bytecode.h is extraneous as BGET_strconst uses PL_tokenbuf rather
than a malloc()ed buffer

#define BGET_strconst(arg) STMT_START { \
  for (arg = PL_tokenbuf; (*arg = BGET_FGETC()); arg++) /* nothing */; \
  arg = PL_tokenbuf; \
  } STMT_END

so this patch is needed.

*** ext/ByteLoader/bytecode.h.orig Tue Aug 22 17​:15​:14 2000
--- ext/ByteLoader/bytecode.h Mon Aug 28 15​:43​:55 2000
***************
*** 250,254 ****
  if (strNE(str, STRINGIFY(BYTEORDER))) { \
  HEADER_FAIL("different byteorder", 0, 0); \
  } \
- Safefree(str); \
  } STMT_END
--- 250,253 ----

however, using PL_tokenbuf for gets() emulation seems like a bad plan, as I
(untested, because of the SEGV just fixed) suspect that it will buffer
overflow. I'm about to experiment with an alternative.

Nicholas Clark

Perl Info

Flags:
    category=install
    severity=none

Site configuration information for perl v5.7.0:

Configured by nick at Mon Aug 28 13:45:14 BST 2000.

Summary of my perl5 (revision 5.0 version 7 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.2.12, archname=i586-linux
    uname='linux fruitbat 2.2.16 #6 tue aug 1 12:35:02 bst 2000 i586 unknown '
    config_args=''
    hint=previous, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=define uselargefiles=define 
    use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
  Compiler:
    cc='cc', optimize='-O2', gccversion=2.95.2 20000220 (Debian GNU/Linux), gccosandvers=
    cppflags='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    stdchar='char', d_stdstdio=define, usevfork=false
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lsfio -lnsl -lndbm -lgdbm -ldbm -ldb -ldl -lm -lc -lposix -lcrypt -lutil
    libc=/lib/libc-2.1.3.so, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    SUIDMAIL - fixes for suidperl security
    DEVEL6855


@INC for perl v5.7.0:
    lib
    /usr/local/lib/perl5/5.7.0/i586-linux
    /usr/local/lib/perl5/5.7.0
    /usr/local/lib/perl5/site_perl/5.7.0/i586-linux
    /usr/local/lib/perl5/site_perl/5.7.0
    /usr/local/lib/perl5/site_perl
    .


Environment for perl v5.7.0:
    HOME=/home/nick
    LANG=C
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
    PERL_BADLANG (unset)
    SHELL=/bin/sh