Front page | perl.perl5.porters |
Postings from October 2008
On Thu, Sep 25, 2008 at 05:53:14PM +0200, Vincent Pit wrote: > On maint-5.8, valgrind reports an invalid read of total size 4 (the size > of a regnode) in regcomp.c:Perl_regdupe:4845 when creating threads > (testcase attached). Compared to what is allocated in pregcomp, it seems > that the computed len is one regnode too long. The patch attached fixes > the error and passes all tests with 34415. > > Vincent. > --- regcomp.c 2008-09-19 23:03:55.000000000 +0200 > +++ regcomp.c 2008-09-25 17:30:56.000000000 +0200 > @@ -4840,7 +4840,7 @@ > len = r->offsets[0]; > npar = r->nparens+1; > > - size = sizeof(regexp) + (len+1)*sizeof(regnode); > + size = sizeof(regexp) + len*sizeof(regnode); > Newxc(ret, size, char, regexp); > Copy(r, ret, size, char); > I can recreate the problem. But there are two things I don't understand. 1: Why does exactly one regexp trigger the warning from valgrind? Specifically, /.*::/ There are lots of regexps being duplicated, off-by-one, and only this pattern generates an error. If I tweak the test case to have an explicit qr/.*::/ (as well as the one I infer is somewhere in threads.pm) then I get exactly two errors from valgrind 2: Why can't I get errors from valgrind in blead? It seems to be the same code, with the same off-by-one error in the allocation. It feels like this bug is more general than maint-5.8, yet I can neither reproduce it on blead (or maint-5.10) nor satisfy myself that the code is different and there is no bug there. Nicholas ClarkThread Previous | Thread Next