Package: perl
Version: 5.26.1-5
Severity: normal
Tags: upstream
A stack exhaustion issue was discovered in Perl 5.26.1. Stack Exhaustion occurs
in checking regular expression for a "()" pair. When Perl interprets one "(",
it will allocate four stack frames (S_reg, S_regbranch, S_regpiece, S_regatom).
If the next character is still '(' other than ')', it will continue to allocate
four stack frames the stack trace. When there are over 3314 '(', it will
segment fault and crash.
The stack trace for the crash is as follows,
Program received signal SIGSEGV, Segmentation fault.
0x00000000005d005b in S_reg (pRExC_state=0x7fffffffd5c0, paren=2,
flagp=0x7fffff7ff3a0,
depth=<error reading variable: Cannot access memory at address
0x7fffff7feee0>) at regcomp.c:10574
10574 {
(gdb) info stack
#0 0x00000000005d005b in S_reg (pRExC_state=0x7fffffffd5c0, paren=2,
flagp=0x7fffff7ff3a0,
depth=<error reading variable: Cannot access memory at address
0x7fffff7feee0>) at regcomp.c:10574
#1 0x000000000061ebc0 in S_regatom (pRExC_state=0x7fffffffd5c0,
flagp=0x7fffff7ff7a0,
depth=<optimized out>) at regcomp.c:12565
#2 0x00000000005fde20 in S_regpiece (pRExC_state=<optimized out>,
flagp=<error reading variable: access outside bounds of object referenced
via synthetic pointer>,
depth=<optimized out>) at regcomp.c:11669
#3 S_regbranch (pRExC_state=<optimized out>, flagp=0x7fffff7ff9a0,
first=<optimized out>,
depth=<optimized out>) at regcomp.c:11594
#4 0x00000000005d3476 in S_reg (pRExC_state=<optimized out>,
paren=<error reading variable: Cannot access memory at address 0x3a>,
flagp=0x7fffff7ffd80,
depth=<optimized out>) at regcomp.c:11332
#5 0x000000000061ebc0 in S_regatom (pRExC_state=0x7fffffffd5c0,
flagp=0x7fffff800180,
depth=<optimized out>) at regcomp.c:12565
#6 0x00000000005fde20 in S_regpiece (pRExC_state=<optimized out>,
flagp=<error reading variable: access outside bounds of object referenced
via synthetic pointer>,
depth=<optimized out>) at regcomp.c:11669
#7 S_regbranch (pRExC_state=<optimized out>, flagp=0x7fffff800380,
first=<optimized out>,
depth=<optimized out>) at regcomp.c:11594
#8 0x00000000005d3476 in S_reg (pRExC_state=<optimized out>,
paren=<error reading variable: Cannot access memory at address 0x3a>,
flagp=0x7fffff800760,
depth=<optimized out>) at regcomp.c:11332
#9 0x000000000061ebc0 in S_regatom (pRExC_state=0x7fffffffd5c0,
flagp=0x7fffff800b60,
depth=<optimized out>) at regcomp.c:12565
#10 0x00000000005fde20 in S_regpiece (pRExC_state=<optimized out>,
flagp=<error reading variable: access outside bounds of object referenced
via synthetic pointer>,
depth=<optimized out>) at regcomp.c:11669
......
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages perl depends on:
ii dpkg 1.19.0.5
ii libperl5.26 5.26.1-5
ii perl-base 5.26.1-5
ii perl-modules-5.26 5.26.1-5
Versions of packages perl recommends:
ii netbase 5.4
Versions of packages perl suggests:
pn libterm-readline-gnu-perl | libterm-readline-perl-perl <none>
ii make 4.1-9.1
pn perl-doc <none>
-- no debconf information
