[perl #37230] Regexp stack overflow in 5.8.7

via RT Thu, 22 Sep 2005 03:22:38 -0700

# New Ticket Created by  Brian Candler 
# Please include the string:  [perl #37230]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/rt3/Ticket/Display.html?id=37230 >



Summary: regular expression overflows stack in 5.8.7 (but same test case
works in 5.8.6).

A program which replicates this problem is attached, as a gzip file to
prevent it being split by E-mail, as it contains one very long line (~32K)

Output of perl -v, perl -V and perlbug -d on the target system is also
attached.

The regular expression is:

    ^"(?:[^"\\]|\\.)*"\s+\d+\s+(\d+)

(aside: it is used to parse a double-quoted string in an Apache log file; if
the string contains a double quote it appears as \" and if it contains a
backslash it appears as \\)

It was a real Apache log entry which made Perl bomb out, and this is what
the attached test program contains.

I don't see any reason for deep recursion in this regexp: at each stage it
has two options to match, { any character other than " or \ } or
{ \ followed by any character }, and if it cannot chomp one or the other
then the regexp should fail. If it _can_ match either of those then there is
no ambiguity and possibility of backtracking, as far as I can see.

Regards,

Brian Candler.

chomplogs-test2.pl.gz
Description: application/gunzip

-bash-2.05b$ perl -v

This is perl, v5.8.7 built for i386-freebsd-64int
(with 1 registered patch, see perl -V for more detail)

Copyright 1987-2005, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using `man perl' or `perldoc perl'.  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.

-bash-2.05b$ perl -V
Summary of my perl5 (revision 5 version 8 subversion 7) configuration:
  Platform:
    osname=freebsd, osvers=4.11-release, archname=i386-freebsd-64int
    uname='freebsd ch-adm01.uk.clara.net 4.11-release freebsd 4.11-release #0: 
fri jan 21 17:21:22 gmt 2005 [EMAIL PROTECTED]:usrobjusrsrcsysgeneric i386 '
    config_args='-sde -Dprefix=/usr/local 
-Darchlib=/usr/local/lib/perl5/5.8.7/mach -Dprivlib=/usr/local/lib/perl5/5.8.7 
-Dman3dir=/usr/local/lib/perl5/5.8.7/perl/man/man3 
-Dman1dir=/usr/local/man/man1 
-Dsitearch=/usr/local/lib/perl5/site_perl/5.8.7/mach 
-Dsitelib=/usr/local/lib/perl5/site_perl/5.8.7 -Dscriptdir=/usr/local/bin 
-Dsiteman3dir=/usr/local/lib/perl5/5.8.7/man/man3 
-Dsiteman1dir=/usr/local/man/man1 -Ui_malloc -Ui_iconv -Uinstallusrbinperl 
-Dcc=cc -Duseshrplib 
-Dccflags=-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.7/BSDPAN" -Doptimize=-O -pipe 
 -Ud_dosuid -Ui_gdbm -Dusethreads=n -Dusemymalloc=y -Duse64bitint'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef 
usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=define use64bitall=undef uselongdouble=undef
    usemymalloc=y, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.7/BSDPAN" 
-D_THREAD_SAFE -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe 
-I/usr/local/include',
    optimize='-O -pipe ',
    cppflags='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.7/BSDPAN" -D_THREAD_SAFE 
-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe 
-I/usr/local/include'
    ccversion='', gccversion='2.95.4 20020320 [FreeBSD]', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', 
lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-pthread -Wl,-E -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lm -lcrypt -lutil
    perllibs=-lm -lcrypt -lutil
    libc=, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='  
-Wl,-R/usr/local/lib/perl5/5.8.7/mach/CORE'
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib'


Characteristics of this binary (from libperl): 
  Compile-time options: USE_64_BIT_INT USE_LARGE_FILES
  Locally applied patches:
        defined-or
  Built under freebsd
  Compiled at Sep  8 2005 11:49:14
  @INC:
    /usr/local/lib/perl5/site_perl/5.8.7/mach
    /usr/local/lib/perl5/site_perl/5.8.7
    /usr/local/lib/perl5/site_perl
    /usr/local/lib/perl5/5.8.7/BSDPAN
    /usr/local/lib/perl5/5.8.7/mach
    /usr/local/lib/perl5/5.8.7
    .
-bash-2.05b$ perlbug -d
---
Flags:
    category=
    severity=
---
Site configuration information for perl v5.8.7:

Configured by andym at Thu Sep  8 11:49:00 BST 2005.

Summary of my perl5 (revision 5 version 8 subversion 7) configuration:
  Platform:
    osname=freebsd, osvers=4.11-release, archname=i386-freebsd-64int
    uname='freebsd ch-adm01.uk.clara.net 4.11-release freebsd 4.11-release #0: 
fri jan 21 17:21:22 gmt 2005 [EMAIL PROTECTED]:usrobjusrsrcsysgeneric i386 '
    config_args='-sde -Dprefix=/usr/local 
-Darchlib=/usr/local/lib/perl5/5.8.7/mach -Dprivlib=/usr/local/lib/perl5/5.8.7 
-Dman3dir=/usr/local/lib/perl5/5.8.7/perl/man/man3 
-Dman1dir=/usr/local/man/man1 
-Dsitearch=/usr/local/lib/perl5/site_perl/5.8.7/mach 
-Dsitelib=/usr/local/lib/perl5/site_perl/5.8.7 -Dscriptdir=/usr/local/bin 
-Dsiteman3dir=/usr/local/lib/perl5/5.8.7/man/man3 
-Dsiteman1dir=/usr/local/man/man1 -Ui_malloc -Ui_iconv -Uinstallusrbinperl 
-Dcc=cc -Duseshrplib 
-Dccflags=-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.7/BSDPAN" -Doptimize=-O -pipe 
 -Ud_dosuid -Ui_gdbm -Dusethreads=n -Dusemymalloc=y -Duse64bitint'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef 
usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=define use64bitall=undef uselongdouble=undef
    usemymalloc=y, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.7/BSDPAN" 
-D_THREAD_SAFE -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe 
-I/usr/local/include',
    optimize='-O -pipe ',
    cppflags='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.7/BSDPAN" -D_THREAD_SAFE 
-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe 
-I/usr/local/include'
    ccversion='', gccversion='2.95.4 20020320 [FreeBSD]', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', 
lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-pthread -Wl,-E -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lm -lcrypt -lutil
    perllibs=-lm -lcrypt -lutil
    libc=, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='  
-Wl,-R/usr/local/lib/perl5/5.8.7/mach/CORE'
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib'

Locally applied patches:
    defined-or

---
@INC for perl v5.8.7:
    /usr/local/lib/perl5/site_perl/5.8.7
    /usr/local/lib/perl5/site_perl/5.8.7/mach
    /usr/local/lib/perl5/site_perl
    /usr/local/lib/perl5/5.8.7/BSDPAN
    /usr/local/lib/perl5/5.8.7/mach
    /usr/local/lib/perl5/5.8.7
    .

---
Environment for perl v5.8.7:
    HOME=/home/brian
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/home/brian/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

[perl #37230] Regexp stack overflow in 5.8.7

Reply via email to