Debian Bug report logs -
#689314
perl: segfaults when echoing a very long string [CVE-2012-5195]
Reported by: Thorsten Glaser <tg@mirbsd.de>
Date: Mon, 1 Oct 2012 14:12:01 UTC
Severity: grave
Tags: patch, security, squeeze, upstream
Found in versions perl/5.10.1-17squeeze3, perl/5.14.2-13, perl/5.10.1-17
Fixed in versions perl/5.16.0-1, perl/5.14.2-14, perl/5.10.1-17squeeze4, perl/5.16.2-2
Done: Dominic Hargreaves <dom@earth.li>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, tg@mirbsd.de, Niko Tyni <ntyni@debian.org>
:
Bug#689314
; Package perl
.
(Mon, 01 Oct 2012 14:12:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Thorsten Glaser <tg@mirbsd.de>
:
New Bug report received and forwarded. Copy sent to tg@mirbsd.de, Niko Tyni <ntyni@debian.org>
.
(Mon, 01 Oct 2012 14:12:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: perl
Version: 5.14.2-13
Severity: normal
# perl -le 'print "v"x(2**31+1) ."=1"'
Segmentation fault
Trying to reproduce the error from
http://git.kernel.org/?p=libs/klibc/klibc.git;a=commitdiff;h=127b17bb38dbfc95386a52b2159f059221d33497
on Debian wheezy/amd64.
Interestingly enough, Debian lenny/amd64 works just fine.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh-static
Versions of packages perl depends on:
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-35
ii libdb5.1 5.1.29-5
ii libgdbm3 1.8.3-11
ii perl-base 5.14.2-13
ii perl-modules 5.14.2-13
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages perl recommends:
ii netbase 5.0
Versions of packages perl suggests:
pn libterm-readline-gnu-perl | libterm-readline-perl-perl <none>
ii make 3.81-8.2
pn perl-doc <none>
-- no debconf information
Severity set to 'grave' from 'normal'
Request was from Niko Tyni <ntyni@debian.org>
to control@bugs.debian.org
.
(Wed, 10 Oct 2012 18:39:03 GMT) (full text, mbox, link).
Changed Bug title to 'perl: segfaults when echoing a very long string [CVE-2012-5195]' from 'perl: segfaults when echoing a very long string'
Request was from Niko Tyni <ntyni@debian.org>
to control@bugs.debian.org
.
(Wed, 10 Oct 2012 18:39:04 GMT) (full text, mbox, link).
Added tag(s) upstream, security, and patch.
Request was from Niko Tyni <ntyni@debian.org>
to control@bugs.debian.org
.
(Wed, 10 Oct 2012 18:39:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#689314
; Package perl
.
(Wed, 10 Oct 2012 19:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list.
(Wed, 10 Oct 2012 19:03:03 GMT) (full text, mbox, link).
Message #16 received at 689314@bugs.debian.org (full text, mbox, reply):
severity 689314 grave
retitle 689314 perl: segfaults when echoing a very long string [CVE-2012-5195]
tag 689314 upstream security patch
thanks
On Mon, Oct 01, 2012 at 04:11:00PM +0200, Thorsten Glaser wrote:
> Package: perl
> Version: 5.14.2-13
> Severity: normal
>
> # perl -le 'print "v"x(2**31+1) ."=1"'
> Segmentation fault
This has security impact and has been assigned CVE-2012-5195. See
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
It's not quite clear yet if 5.10.1 (squeeze) is affected.
I'll upload a fix to sid/wheezy shortly.
--
Niko Tyni ntyni@debian.org
Reply sent
to Niko Tyni <ntyni@debian.org>
:
You have taken responsibility.
(Wed, 10 Oct 2012 19:36:05 GMT) (full text, mbox, link).
Notification sent
to Thorsten Glaser <tg@mirbsd.de>
:
Bug acknowledged by developer.
(Wed, 10 Oct 2012 19:36:05 GMT) (full text, mbox, link).
Message #21 received at 689314-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.14.2-14
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 689314@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 10 Oct 2012 21:17:36 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.14 libperl-dev perl
Architecture: source all amd64
Version: 5.14.2-14
Distribution: unstable
Urgency: high
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.14 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
Closes: 689314
Changes:
perl (5.14.2-14) unstable; urgency=high
.
* [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
the 'x' string repeat operator. (Closes: #689314)
Checksums-Sha1:
0fa0a577774d7edddbcba98f4d893ae6c60071ed 1729 perl_5.14.2-14.dsc
82dcf4e5bd8b2523e5c74389092ed3762e9a9da6 139457 perl_5.14.2-14.debian.tar.gz
a530ee2042eeb76e7ea9238e8c4f0703cda8aee2 75536 libcgi-fast-perl_5.14.2-14_all.deb
0a506dd59b65499cfb307458c56acc4b7e525616 8167364 perl-doc_5.14.2-14_all.deb
a502b2b9452a7e5ccc2f9dc6487ad4c95a694b15 3441550 perl-modules_5.14.2-14_all.deb
1205249b2f0386e0ecb037f191d86a611532b829 1535070 perl-base_5.14.2-14_amd64.deb
f6f8a974387f6f73af686a251810d89664a11a08 8006206 perl-debug_5.14.2-14_amd64.deb
8e0c0b46af1a9f04db1f58b3af3e7aae57a11531 1176 libperl5.14_5.14.2-14_amd64.deb
a14367becba92ad9fbe558879e6e723c8328a0af 3320866 libperl-dev_5.14.2-14_amd64.deb
5decf1dc26e86213cbe6fa6c856f7410952f6069 4424162 perl_5.14.2-14_amd64.deb
Checksums-Sha256:
a9de2518d0a2d66891cd8ec4bd5f0f955eed1a2082b3c3fa3067af737ca200ba 1729 perl_5.14.2-14.dsc
6dc01d6788f2208b794080e77dd6302a2b2af27f2cd67e1a14dcadddcbb7ab1e 139457 perl_5.14.2-14.debian.tar.gz
0907697ac1f5bdbc6c28abffc817dd6ce4fbbc594002baa374b9c5c1051b0d12 75536 libcgi-fast-perl_5.14.2-14_all.deb
2e6a736563187e09996585a6b84d82d4d34272ec6708e6117379844de5d3906c 8167364 perl-doc_5.14.2-14_all.deb
d84ebe4a149b802fccc66eb3f273b65b26c132f0cd717775e2e4764690c10eab 3441550 perl-modules_5.14.2-14_all.deb
1a4abb408c6b728fa0d00471036da9260bebc194277559aef9a6781f14cb4aea 1535070 perl-base_5.14.2-14_amd64.deb
29cb6c4900bf5e6658c35ccef442c781c57a29f131760fdc533429bf6803b945 8006206 perl-debug_5.14.2-14_amd64.deb
2d25dc015dbb729036aa032d7049fe8b685d8ce2e5c2661cdafafbcb6e6d0d18 1176 libperl5.14_5.14.2-14_amd64.deb
133735f02f416bfe7291c791fec5eeadd164253c37cb808ea6e1988ce1a9152e 3320866 libperl-dev_5.14.2-14_amd64.deb
f5a7b2e02b100c07aa3f62bde7286ec67a65a71e516847a0be0b2d49f848d0c2 4424162 perl_5.14.2-14_amd64.deb
Files:
57784b092f7e5f56f69dfc69876ce9c1 1729 perl standard perl_5.14.2-14.dsc
4108bbec738d432b025f6073f00ebea0 139457 perl standard perl_5.14.2-14.debian.tar.gz
4cf4b1974618d3c4bcc32470ebe1fa4b 75536 perl optional libcgi-fast-perl_5.14.2-14_all.deb
62da056bf4c991f2f52cba3b6bd251d1 8167364 doc optional perl-doc_5.14.2-14_all.deb
7e0d99886bd1440d59accd9d7f5846a6 3441550 perl standard perl-modules_5.14.2-14_all.deb
b2975f6a3fae78d15b35c83c4983daee 1535070 perl required perl-base_5.14.2-14_amd64.deb
da71d36c0cf342b054edc28efd14cfac 8006206 debug extra perl-debug_5.14.2-14_amd64.deb
cb4bdf0b66a759ef0accfec948c39d1b 1176 libs optional libperl5.14_5.14.2-14_amd64.deb
9ac0c7825282e182e2d53522313ed894 3320866 libdevel optional libperl-dev_5.14.2-14_amd64.deb
17d5f6c17501562fd8c4002f72ddeeda 4424162 perl standard perl_5.14.2-14_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlB1yIkACgkQiyizGWoHLTk5cwCfQpnuyyo3HdpOUAaAyNXXjYX6
wmoAoIQQ8VLA38qSpwTgAlwtIWWEnjiZ
=DuJm
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 10 Nov 2012 07:25:37 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to control@bugs.debian.org
.
(Mon, 26 Nov 2012 21:33:05 GMT) (full text, mbox, link).
Marked as found in versions perl/5.10.1-17squeeze3.
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to control@bugs.debian.org
.
(Mon, 26 Nov 2012 21:33:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Niko Tyni <ntyni@debian.org>
:
Bug#689314
; Package perl
.
(Fri, 30 Nov 2012 14:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Dominic Hargreaves <dom@earth.li>
:
Extra info received and forwarded to list. Copy sent to Niko Tyni <ntyni@debian.org>
.
(Fri, 30 Nov 2012 14:27:03 GMT) (full text, mbox, link).
Message #32 received at 689314@bugs.debian.org (full text, mbox, reply):
On Wed, Oct 10, 2012 at 09:35:41PM +0300, Niko Tyni wrote:
> severity 689314 grave
> retitle 689314 perl: segfaults when echoing a very long string [CVE-2012-5195]
> tag 689314 upstream security patch
> thanks
>
> On Mon, Oct 01, 2012 at 04:11:00PM +0200, Thorsten Glaser wrote:
> > Package: perl
> > Version: 5.14.2-13
> > Severity: normal
> >
> > # perl -le 'print "v"x(2**31+1) ."=1"'
> > Segmentation fault
>
> This has security impact and has been assigned CVE-2012-5195. See
>
> http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
> http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
>
> It's not quite clear yet if 5.10.1 (squeeze) is affected.
We are nevertheless planning to upload fix to stable-security shortly.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Bug reopened
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Fri, 30 Nov 2012 14:27:07 GMT) (full text, mbox, link).
No longer marked as fixed in versions perl/5.14.2-14.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Fri, 30 Nov 2012 14:27:07 GMT) (full text, mbox, link).
Marked as fixed in versions perl/5.14.2-14.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Fri, 30 Nov 2012 14:27:08 GMT) (full text, mbox, link).
Added tag(s) squeeze.
Request was from Niko Tyni <ntyni@debian.org>
to control@bugs.debian.org
.
(Mon, 10 Dec 2012 19:36:02 GMT) (full text, mbox, link).
Marked as found in versions perl/5.10.1-17.
Request was from Niko Tyni <ntyni@debian.org>
to control@bugs.debian.org
.
(Mon, 10 Dec 2012 19:36:03 GMT) (full text, mbox, link).
Marked as fixed in versions perl/5.10.1-17squeeze4.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Thu, 13 Dec 2012 14:33:07 GMT) (full text, mbox, link).
Marked as found in versions perl/5.16.1-1.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Thu, 13 Dec 2012 14:36:03 GMT) (full text, mbox, link).
Marked as found in versions perl/5.16.2-1.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Thu, 13 Dec 2012 14:36:05 GMT) (full text, mbox, link).
Reply sent
to Dominic Hargreaves <dom@earth.li>
:
You have taken responsibility.
(Thu, 13 Dec 2012 14:39:06 GMT) (full text, mbox, link).
Notification sent
to Thorsten Glaser <tg@mirbsd.de>
:
Bug acknowledged by developer.
(Thu, 13 Dec 2012 14:39:06 GMT) (full text, mbox, link).
Message #53 received at 689314-done@bugs.debian.org (full text, mbox, reply):
Now fixed in stable.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply sent
to Dominic Hargreaves <dom@earth.li>
:
You have taken responsibility.
(Thu, 13 Dec 2012 23:51:05 GMT) (full text, mbox, link).
Notification sent
to Thorsten Glaser <tg@mirbsd.de>
:
Bug acknowledged by developer.
(Thu, 13 Dec 2012 23:51:05 GMT) (full text, mbox, link).
Message #58 received at 689314-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.10.1-17squeeze4
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 689314@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 11 Dec 2012 14:07:34 +0000
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: source all i386
Version: 5.10.1-17squeeze4
Distribution: stable-security
Urgency: low
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.10 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
perl-suid - runs setuid Perl scripts
Closes: 689314 693420 695223
Changes:
perl (5.10.1-17squeeze4) stable-security; urgency=low
.
* [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
the 'x' string repeat operator. (Closes: #689314)
* [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
CRLF escaping (Closes: #693420)
* [SECURITY] add warning to Storable documentation that Storable
documents should not be accepted from untrusted sources
(Closes: #695223)
Checksums-Sha1:
859eaf2f93180babbe471fc221ad7cbed6765382 1422 perl_5.10.1-17squeeze4.dsc
3f9e6297d5b811b9022e4778e00d63895e9c8fdb 121727 perl_5.10.1-17squeeze4.debian.tar.gz
e909c107d5e95242442cee143f3b4b1486b403f1 53092 libcgi-fast-perl_5.10.1-17squeeze4_all.deb
f599f67d614f910a8129d93e2c0b378857c4bb87 7187956 perl-doc_5.10.1-17squeeze4_all.deb
f08efb3de41a41faa33d1c138020d17199200cd4 3490686 perl-modules_5.10.1-17squeeze4_all.deb
f3a61584d7a7dc399b27345d336bc61cd2ce4c3f 980544 perl-base_5.10.1-17squeeze4_i386.deb
5ecd9070fecde471241eb02cd23a6240f451fbef 6631116 perl-debug_5.10.1-17squeeze4_i386.deb
80a05d9e5f5d5ca28d290cb3bca1666cbc38f980 33196 perl-suid_5.10.1-17squeeze4_i386.deb
7c1ebe62bd63eaace4b7a7440c556f0a3cc701b6 633086 libperl5.10_5.10.1-17squeeze4_i386.deb
95e7bd5576cbe8a1af5c0defc7b41b4e5d54925e 2344752 libperl-dev_5.10.1-17squeeze4_i386.deb
504bd42009c01d61a153551192b323e995ceab17 3780108 perl_5.10.1-17squeeze4_i386.deb
Checksums-Sha256:
ef099ae048fcee48fe308dc4d4650ba2074a5f90c1a8e9d28d96bfcce317b38f 1422 perl_5.10.1-17squeeze4.dsc
920a1803db226adec97566a75322fc6f4433aec20e3c43039aa2ab3cf31af80e 121727 perl_5.10.1-17squeeze4.debian.tar.gz
962489e03a44003922580fa022b08d0b6554a80eb9e45d9c8ebba8940dc2590a 53092 libcgi-fast-perl_5.10.1-17squeeze4_all.deb
efcd20e8c3193a3813640d3daa2cfde9ae9bdfcce52ccbc32c4787943f58e1c9 7187956 perl-doc_5.10.1-17squeeze4_all.deb
9ead387c134c01dc9f0d725775feab9baed389168f1a333a0e6364f73052759f 3490686 perl-modules_5.10.1-17squeeze4_all.deb
e28423172fc523150bb5c49e18f1787f729d5a4032147f42fe367e1e2f3ca02e 980544 perl-base_5.10.1-17squeeze4_i386.deb
dd38094491bfd651ee5616b9b293ea1d4dbdb6ee745d14f748cca14a372bb379 6631116 perl-debug_5.10.1-17squeeze4_i386.deb
1147d30dbcc33a882e51706a45bc37fc9b538fc8c57b35d97b32b1c389674284 33196 perl-suid_5.10.1-17squeeze4_i386.deb
bd795bdaf678276261b97dc61dffc7a61ff20c011db4ad029e005edd816b7d64 633086 libperl5.10_5.10.1-17squeeze4_i386.deb
47ed2ca6e446abab2510543e372b449ad150f4b992caba9e2cd5997184849ea3 2344752 libperl-dev_5.10.1-17squeeze4_i386.deb
0d0baf300ba3245754b279307f9170837f02fe14df6b2ca9490954976f610214 3780108 perl_5.10.1-17squeeze4_i386.deb
Files:
1814a2f123994932b3e80bf6cd40b4a3 1422 perl standard perl_5.10.1-17squeeze4.dsc
15d60b4e815aacf4ac0b78abe6d8a707 121727 perl standard perl_5.10.1-17squeeze4.debian.tar.gz
383f48282b4f667eee14a8d5beceb82d 53092 perl optional libcgi-fast-perl_5.10.1-17squeeze4_all.deb
2fe68c20002b408dfb5b71edd83e11a0 7187956 doc optional perl-doc_5.10.1-17squeeze4_all.deb
37a799d9de5accc7c855d7d26a83b441 3490686 perl standard perl-modules_5.10.1-17squeeze4_all.deb
a77dccb405afd3f0163cb85a8580fc50 980544 perl required perl-base_5.10.1-17squeeze4_i386.deb
e4bd3eda2a0eab46732e4f626420b46f 6631116 debug extra perl-debug_5.10.1-17squeeze4_i386.deb
7ce01abf61f476552be095f178c57db8 33196 perl optional perl-suid_5.10.1-17squeeze4_i386.deb
2eb4e5e556a49a04a5b5bc395634f4b5 633086 libs optional libperl5.10_5.10.1-17squeeze4_i386.deb
f2a39a143757c6a693e010f70a3fb42c 2344752 libdevel optional libperl-dev_5.10.1-17squeeze4_i386.deb
b1b0e225809e1e9458aa313e932b555d 3780108 perl standard perl_5.10.1-17squeeze4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFQx1qIYzuFKFF44qURApn+AKCZfVcM25yRNryeFhW+CsUDDQBWngCcCoJa
StA9P/+fCayFF1GHmZnzXdw=
=1igm
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Niko Tyni <ntyni@debian.org>
:
Bug#689314
; Package perl
.
(Fri, 04 Jan 2013 13:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Alexander Kudrevatykh <kudrevatykh@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Niko Tyni <ntyni@debian.org>
.
(Fri, 04 Jan 2013 13:03:04 GMT) (full text, mbox, link).
Message #63 received at 689314@bugs.debian.org (full text, mbox, reply):
Package: perl
Version: 5.14.2-16
Followup-For: Bug #689314
perl still segfaults with command # perl -e 'print "x"x(2**31)'
but not segfaults with original command
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.7-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages perl depends on:
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-37
ii libdb5.1 5.1.29-5
ii libgdbm3 1.8.3-11
ii perl-base 5.14.2-16
ii perl-modules 5.14.2-16
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages perl recommends:
ii netbase 5.0
Versions of packages perl suggests:
ii libterm-readline-perl-perl 1.0303-1
ii make 3.81-8.2
pn perl-doc <none>
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Niko Tyni <ntyni@debian.org>
:
Bug#689314
; Package perl
.
(Sat, 05 Jan 2013 16:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Dominic Hargreaves <dom@earth.li>
:
Extra info received and forwarded to list. Copy sent to Niko Tyni <ntyni@debian.org>
.
(Sat, 05 Jan 2013 16:48:03 GMT) (full text, mbox, link).
Message #68 received at 689314@bugs.debian.org (full text, mbox, reply):
On Fri, Jan 04, 2013 at 05:00:24PM +0400, Alexander Kudrevatykh wrote:
> perl still segfaults with command # perl -e 'print "x"x(2**31)'
> but not segfaults with original command
I can reproduce this on i386, but not amd64.
$ perl -le 'print "v"x(2**31+1) ."=1"'
panic: memory wrap at -e line 1.
$ perl -e 'print "x"x(2**31)'
Segmentation fault
Strangely, when I try and reproduce with a vanilla 5.14.3 build, I
get:
$ ./perl -e 'print "x"x(2**31)'
$ echo $?
0
which seems wrong in a different way...
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Information forwarded
to debian-bugs-dist@lists.debian.org, Niko Tyni <ntyni@debian.org>
:
Bug#689314
; Package perl
.
(Sat, 05 Jan 2013 16:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "Alexander V. Kudrevatykh" <kudrevatykh@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Niko Tyni <ntyni@debian.org>
.
(Sat, 05 Jan 2013 16:57:03 GMT) (full text, mbox, link).
Message #73 received at 689314@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, I have i386 system and perl with amd64 kernel, may be this confused
you?
With amd64 system and perl I cannot reproduce it too.
В Сб., 05/01/2013 в 16:44 +0000, Dominic Hargreaves пишет:
> On Fri, Jan 04, 2013 at 05:00:24PM +0400, Alexander Kudrevatykh wrote:
> > perl still segfaults with command # perl -e 'print "x"x(2**31)'
> > but not segfaults with original command
>
> I can reproduce this on i386, but not amd64.
>
> $ perl -le 'print "v"x(2**31+1) ."=1"'
> panic: memory wrap at -e line 1.
>
> $ perl -e 'print "x"x(2**31)'
> Segmentation fault
>
> Strangely, when I try and reproduce with a vanilla 5.14.3 build, I
> get:
>
> $ ./perl -e 'print "x"x(2**31)'
> $ echo $?
> 0
>
> which seems wrong in a different way...
>
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#689314
; Package perl
.
(Fri, 11 Jan 2013 08:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list.
(Fri, 11 Jan 2013 08:27:03 GMT) (full text, mbox, link).
Message #78 received at 689314@bugs.debian.org (full text, mbox, reply):
On Sat, Jan 05, 2013 at 04:44:48PM +0000, Dominic Hargreaves wrote:
> Strangely, when I try and reproduce with a vanilla 5.14.3 build, I
> get:
>
> $ ./perl -e 'print "x"x(2**31)'
> $ echo $?
> 0
>
> which seems wrong in a different way...
FWIW, I can reproduce it with an unpatched 5.14.3 on current sid i386
(a personality=linux32 chroot on an amd64 kernel to be precise).
I copied config.over from the Debian package and then called its
'config.debian --static'. I haven't bisected which Configure options
actually count.
My guess is it's just going out of memory but doesn't handle it too
gracefully.
Core was generated by `./perl -e print "x"x(2**31)'.
Program terminated with signal 11, Segmentation fault.
#0 0xf75a2b4f in memcpy () from /lib/i386-linux-gnu/libc.so.6
(gdb) bt
#0 0xf75a2b4f in memcpy () from /lib/i386-linux-gnu/libc.so.6
#1 0x08162f9d in memcpy (__len=2002024496, __src=<optimized out>, __dest=<optimized out>)
at /usr/include/i386-linux-gnu/bits/string3.h:52
#2 PerlIOBuf_write (my_perl=0x8df0008, f=0x8e07d70, vbuf=0x77525008, count=<optimized out>)
at perlio.c:4184
#3 0x0813fefd in Perl_do_print (my_perl=my_perl@entry=0x8df0008, sv=0x8e0c13c, fp=fp@entry=0x8e07d70)
at doio.c:1257
#4 0x080e4ab3 in Perl_pp_print (my_perl=0x8df0008) at pp_hot.c:773
#5 0x080e2878 in Perl_runops_standard (my_perl=0x8df0008) at run.c:41
#6 0x0807eef0 in S_run_body (oldscope=0, my_perl=0x8df0008) at perl.c:2365
#7 perl_run (my_perl=0x8df0008) at perl.c:2283
#8 0x0806125f in main (argc=3, argv=0xffdefe94, env=0xffdefea4) at perlmain.c:120
Summary of my perl5 (revision 5 version 14 subversion 3) configuration:
Derived from:
Platform:
osname=linux, osvers=3.2.0-4-amd64, archname=i486-linux-gnu-thread-multi-64int
uname='linux madeleine 3.2.0-4-amd64 #1 smp debian 3.2.32-1 i686 gnulinux '
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Dldflags= -Wl,-z,relro -Dlddlflags=-shared -Wl,-z,relro -Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.14 -Darchlib=/usr/lib/perl/5.14 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.14.3 -Dsitearch=/usr/local/lib/perl/5.14.3 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -Ui_libutil -DDEBUGGING=-g -Doptimize=-O2 -Uuseshrplib -des'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=undef, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2 -g',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -fno-strict-aliasing -pipe -I/usr/local/include'
ccversion='', gccversion='4.7.2', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -Wl,-z,relro -fstack-protector -L/usr/local/lib'
libpth=/usr/local/lib /lib/i386-linux-gnu /lib/../lib /usr/lib/i386-linux-gnu /usr/lib/../lib /lib /usr/lib
libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
libc=, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.13'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -Wl,-z,relro -L/usr/local/lib -fstack-protector'
Characteristics of this binary (from libperl):
Compile-time options: MULTIPLICITY PERL_DONT_CREATE_GVSV
PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP
PERL_PRESERVE_IVUV USE_64_BIT_INT USE_ITHREADS
USE_LARGE_FILES USE_PERLIO USE_PERL_ATOF
USE_REENTRANT_API
Locally applied patches:
uncommitted-changes
Built under linux
Compiled at Jan 11 2013 08:10:08
@INC:
lib
/usr/local/lib/perl/5.14.3
/usr/local/share/perl/5.14.3
/usr/lib/perl5
/usr/share/perl5
/usr/lib/perl/5.14
/usr/share/perl/5.14
.
Information forwarded
to debian-bugs-dist@lists.debian.org, Niko Tyni <ntyni@debian.org>
:
Bug#689314
; Package perl
.
(Thu, 17 Jan 2013 00:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Dominic Hargreaves <dom@earth.li>
:
Extra info received and forwarded to list. Copy sent to Niko Tyni <ntyni@debian.org>
.
(Thu, 17 Jan 2013 00:42:03 GMT) (full text, mbox, link).
Message #83 received at 689314@bugs.debian.org (full text, mbox, reply):
Control: notfound -1 5.14.2-16
On Fri, Jan 11, 2013 at 10:24:58AM +0200, Niko Tyni wrote:
> On Sat, Jan 05, 2013 at 04:44:48PM +0000, Dominic Hargreaves wrote:
>
> > Strangely, when I try and reproduce with a vanilla 5.14.3 build, I
> > get:
> >
> > $ ./perl -e 'print "x"x(2**31)'
> > $ echo $?
> > 0
> >
> > which seems wrong in a different way...
>
> FWIW, I can reproduce it with an unpatched 5.14.3 on current sid i386
> (a personality=linux32 chroot on an amd64 kernel to be precise).
>
> I copied config.over from the Debian package and then called its
> 'config.debian --static'. I haven't bisected which Configure options
> actually count.
>
> My guess is it's just going out of memory but doesn't handle it too
> gracefully.
Upstream (the perl5 security team) has investigated and think it's
not a security bug. I'm therefore adjusting the version info on this
bug and opening a new one (#698320).
Thanks both for the report and investigation!
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
No longer marked as found in versions perl/5.14.2-16.
Request was from Dominic Hargreaves <dom@earth.li>
to 689314-submit@bugs.debian.org
.
(Thu, 17 Jan 2013 00:42:04 GMT) (full text, mbox, link).
Marked as fixed in versions perl/5.16.2-2.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Thu, 17 Jan 2013 00:42:10 GMT) (full text, mbox, link).
Marked as fixed in versions perl/5.16.0-1.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Thu, 17 Jan 2013 00:42:12 GMT) (full text, mbox, link).
No longer marked as found in versions perl/5.16.1-1.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Thu, 17 Jan 2013 00:45:06 GMT) (full text, mbox, link).
No longer marked as found in versions perl/5.16.2-1.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Thu, 17 Jan 2013 00:45:08 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 24 Mar 2013 07:26:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:31:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.