develooper Front page | perl.perl5.porters | Postings from November 2009

[perl #70934] -Dmad: double free or corruption

Thread Next
From:
Frank Wiegand
Date:
November 30, 2009 05:40
Subject:
[perl #70934] -Dmad: double free or corruption
Message ID:
rt-3.6.HEAD-12359-1259587054-1331.70934-75-0@perl.org
# New Ticket Created by  Frank Wiegand 
# Please include the string:  [perl #70934]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=70934 >



This is a bug report for perl from fw@hal2.(none),
generated with the help of perlbug 1.39 running under perl 5.11.2.


-----------------------------------------------------------------

If your perl has -Dmad, the following program crashes:

$ bleadperl -we '$x="x" x 257; eval "for $x"'                                                
*** glibc detected *** bleadperl: double free or corruption (!prev): 0x0000000001dca670 ***                      
======= Backtrace: =========                                                                                     
/lib/libc.so.6[0x7f26dc388db6]                                                                                   
/lib/libc.so.6(cfree+0x6c)[0x7f26dc38d6fc]                                                                       
bleadperl(Perl_safesysfree+0x89)[0x50d449]                                                                       
bleadperl(Perl_sv_clear+0x204d)[0x597475]                                                                        
bleadperl(Perl_sv_free2+0xa7)[0x597746]                                                                          
bleadperl(Perl_parser_free+0x8d)[0x4733d6]                                                                       
bleadperl(Perl_leave_scope+0x363f)[0x605bac]                                                                     
bleadperl(Perl_pop_scope+0x46)[0x5ff4c7]                                                                         
bleadperl(Perl_die_where+0x24eb)[0x616608]                                                                       
bleadperl(Perl_croak+0x0)[0x5137d6]                                                                              
bleadperl(Perl_vwarn+0x0)[0x5138b2]                                                                              
bleadperl(Perl_yylex+0x1298c)[0x494fac]                                                                          
bleadperl(Perl_yyparse+0x29e)[0x4b6647]                                                                          
bleadperl[0x624ca7]                                                                                              
bleadperl(Perl_pp_entereval+0xf0f)[0x62c43d]                                                                     
bleadperl(Perl_runops_debug+0x153)[0x5064a0]                                                                     
bleadperl[0x44c45e]
bleadperl(perl_run+0x113)[0x44b90d]
bleadperl(main+0xb1)[0x42038d]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f26dc336a8d]
bleadperl[0x420219]
======= Memory map: ========
00400000-007c7000 r-xp 00000000 08:04 11863515                           /opt/perl/perl-1259521325/bin/perl5.11.2
009c6000-009ca000 rw-p 003c6000 08:04 11863515                           /opt/perl/perl-1259521325/bin/perl5.11.2
009ca000-009cb000 rw-p 00000000 00:00 0
01dae000-01dcf000 rw-p 00000000 00:00 0                                  [heap]
7f26d8000000-7f26d8021000 rw-p 00000000 00:00 0
7f26d8021000-7f26dc000000 ---p 00000000 00:00 0
7f26dc102000-7f26dc118000 r-xp 00000000 08:04 13501751                   /lib/libgcc_s.so.1
7f26dc118000-7f26dc317000 ---p 00016000 08:04 13501751                   /lib/libgcc_s.so.1
7f26dc317000-7f26dc318000 rw-p 00015000 08:04 13501751                   /lib/libgcc_s.so.1
7f26dc318000-7f26dc462000 r-xp 00000000 08:04 13500602                   /lib/libc-2.10.1.so
7f26dc462000-7f26dc661000 ---p 0014a000 08:04 13500602                   /lib/libc-2.10.1.so
7f26dc661000-7f26dc665000 r--p 00149000 08:04 13500602                   /lib/libc-2.10.1.so
7f26dc665000-7f26dc666000 rw-p 0014d000 08:04 13500602                   /lib/libc-2.10.1.so
7f26dc666000-7f26dc66b000 rw-p 00000000 00:00 0
7f26dc66b000-7f26dc66d000 r-xp 00000000 08:04 13500611                   /lib/libutil-2.10.1.so
7f26dc66d000-7f26dc86c000 ---p 00002000 08:04 13500611                   /lib/libutil-2.10.1.so
7f26dc86c000-7f26dc86d000 r--p 00001000 08:04 13500611                   /lib/libutil-2.10.1.so
7f26dc86d000-7f26dc86e000 rw-p 00002000 08:04 13500611                   /lib/libutil-2.10.1.so
7f26dc86e000-7f26dc876000 r-xp 00000000 08:04 13500608                   /lib/libcrypt-2.10.1.so
7f26dc876000-7f26dca75000 ---p 00008000 08:04 13500608                   /lib/libcrypt-2.10.1.so
7f26dca75000-7f26dca76000 r--p 00007000 08:04 13500608                   /lib/libcrypt-2.10.1.so
7f26dca76000-7f26dca77000 rw-p 00008000 08:04 13500608                   /lib/libcrypt-2.10.1.so
7f26dca77000-7f26dcaa5000 rw-p 00000000 00:00 0
7f26dcaa5000-7f26dcb26000 r-xp 00000000 08:04 13500617                   /lib/libm-2.10.1.so
7f26dcb26000-7f26dcd25000 ---p 00081000 08:04 13500617                   /lib/libm-2.10.1.so
7f26dcd25000-7f26dcd26000 r--p 00080000 08:04 13500617                   /lib/libm-2.10.1.so
7f26dcd26000-7f26dcd27000 rw-p 00081000 08:04 13500617                   /lib/libm-2.10.1.so
7f26dcd27000-7f26dcd29000 r-xp 00000000 08:04 13500597                   /lib/libdl-2.10.1.so
7f26dcd29000-7f26dcf29000 ---p 00002000 08:04 13500597                   /lib/libdl-2.10.1.so
7f26dcf29000-7f26dcf2a000 r--p 00002000 08:04 13500597                   /lib/libdl-2.10.1.so
7f26dcf2a000-7f26dcf2b000 rw-p 00003000 08:04 13500597                   /lib/libdl-2.10.1.so
7f26dcf2b000-7f26dcf40000 r-xp 00000000 08:04 13500615                   /lib/libnsl-2.10.1.so
7f26dcf40000-7f26dd13f000 ---p 00015000 08:04 13500615                   /lib/libnsl-2.10.1.so
7f26dd13f000-7f26dd140000 r--p 00014000 08:04 13500615                   /lib/libnsl-2.10.1.so
7f26dd140000-7f26dd141000 rw-p 00015000 08:04 13500615                   /lib/libnsl-2.10.1.soAborted


git bisect says:

1f0c31d794e9bf22a4693a68132831645e77e84d is the first bad commit
commit 1f0c31d794e9bf22a4693a68132831645e77e84d
Author: Nicholas Clark <nick@ccl4.org>
Date:   Mon Jul 16 22:20:26 2007 +0000

    Re-order struct yy_parser to save space on most systems.
    Re-order struct yy_stack_frame to save space on LP64 systems.

    p4raw-id: //depot/perl@31618

:100644 100644 a7866915c6d20ee8a7fcdf27339742f64e29d7f5 3cb31355fa623a9dc7a53d26a7c232d05260a5b8 M      parser.h


Frank

-----------------------------------------------------------------
---
Flags:
    category=core
    severity=low
---
Site configuration information for perl 5.11.2:

Configured by fw at Sun Nov 29 20:11:13 CET 2009.

Summary of my perl5 (revision 5 version 11 subversion 2) configuration:
  Commit id: dfd167e94af611f6248e804cb228b35ca4123bd6
  Platform:
    osname=linux, osvers=2.6.30-2-amd64, archname=x86_64-linux
    uname='linux hal2 2.6.30-2-amd64 #1 smp fri sep 25 22:16:56 utc 2009 x86_64 gnulinux '
    config_args='-de -Dusedevel -DDEBUGGING=both -Doptimize=-g -Dcc=ccache gcc -Dld=gcc -Dprefix=/opt/perl/perl-1259521325/ -Dmad'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='ccache gcc', ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-g',
    cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.3.4', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.10.1.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.10.1'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -g -L/usr/local/lib -fstack-protector'

Locally applied patches:
    

---
@INC for perl 5.11.2:
    /opt/perl/perl-1259521325/lib/site_perl/5.11.2/x86_64-linux
    /opt/perl/perl-1259521325/lib/site_perl/5.11.2
    /opt/perl/perl-1259521325/lib/5.11.2/x86_64-linux
    /opt/perl/perl-1259521325/lib/5.11.2
    .

---
Environment for perl 5.11.2:
    HOME=/home/fw
    LANG=de_DE.UTF-8
    LANGUAGE=
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/sbin:/usr/sbin:/home/fw/bin:/home/fw/bin:/usr/local/bin:/usr/bin:/bin:/usr/games
    PERL_AUTOINSTALL=--defaultdeps
    PERL_BADLANG (unset)
    PERL_EXTUTILS_AUTOINSTALL=--defaultdeps
    PERL_MM_USE_DEFAULT=1
    SHELL=/bin/zsh
Thread Next

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About