Front page | perl.perl5.porters |
Postings from November 2009
Re: [perl #70934] -Dmad: double free or corruption
Thread Previous
From:
Nicholas Clark
Date:
November 30, 2009 07:05
Subject:
Re: [perl #70934] -Dmad: double free or corruption
Message ID:
20091130150513.GK2582@plum.flirble.org
On Mon, Nov 30, 2009 at 03:16:57PM +0100, Frank Wiegand wrote:
> Am Montag, den 30.11.2009, 13:49 +0000 schrieb Nicholas Clark:
> > > If your perl has -Dmad, the following program crashes:
> > >
> > > $ bleadperl -we '$x="x" x 257; eval "for $x"'
> > Interesting. I can't see how that change *alone* is responsible for it:
> I'd say, it *is* commit 1f0c31d794e. Here's my way, please tell me if
> this is wrong:
>
>
> $ git checkout 1f0c31d794e9bf22a4693a68132831645e77e84d
> ...
> $ sh Configure -des -Dusedevel -DDEBUGGING=both -Dmad -Dcc=ccache\ gcc -Dld=gcc
> ...
> $ make -j4 miniperl
> ...
> $ ./miniperl -we '$x="x" x 257; eval "for $x"'
> *** glibc detected *** ./miniperl: double free or corruption (!prev): 0x0000000001cd4290 ***
>
> $ git clean -dxf
> ...
> $ git checkout 1f0c31d794e9bf22a4693a68132831645e77e84d^
> ...
> $ sh Configure -des -Dusedevel -DDEBUGGING=both -Dmad -Dcc=ccache\ gcc -Dld=gcc
> ...
> $ make -j4 miniperl
> ...
> $ ./miniperl -we '$x="x" x 257; eval "for $x"'
>
> $
It's not wrong, but it's not the whole story:
$ git checkout 1f0c31d794e9bf22a4693a68132831645e77e84d^
HEAD is now at aa185af... fourth attempt to silence S_emulate_eaccess compiler warning
$ make -j3 miniperl
make: `miniperl' is up to date.
$ valgrind ./miniperl -we '$x="x" x 257; eval "for $x"'
==9970== Memcheck, a memory error detector.
==9970== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9970== Using LibVEX rev 1854, a library for dynamic binary translation.
==9970== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9970== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
==9970== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9970== For more details, rerun with: -v
==9970==
==9970== Invalid write of size 1
==9970== at 0x43831D: S_scan_ident (toke.c:10697)
==9970== by 0x429B37: Perl_yylex (toke.c:5973)
==9970== by 0x440C43: Perl_yyparse (perly.c:409)
==9970== by 0x4FEAFD: S_doeval (pp_ctl.c:2929)
==9970== by 0x50187E: Perl_pp_entereval (pp_ctl.c:3513)
==9970== by 0x47981E: Perl_runops_debug (dump.c:1918)
==9970== by 0x49FC4B: S_run_body (perl.c:2429)
==9970== by 0x49F6EC: perl_run (perl.c:2347)
==9970== by 0x56F9FD: main (miniperlmain.c:113)
==9970== Address 0x5c77ef8 is 0 bytes after a block of size 752 alloc'd
==9970== at 0x4C203E4: calloc (vg_replace_malloc.c:397)
==9970== by 0x47CD1F: Perl_safesyscalloc (util.c:294)
==9970== by 0x413977: Perl_lex_start (toke.c:665)
==9970== by 0x501169: Perl_pp_entereval (pp_ctl.c:3456)
==9970== by 0x47981E: Perl_runops_debug (dump.c:1918)
==9970== by 0x49FC4B: S_run_body (perl.c:2429)
==9970== by 0x49F6EC: perl_run (perl.c:2347)
==9970== by 0x56F9FD: main (miniperlmain.c:113)
==9970==
==9970== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==9970== malloc/free: in use at exit: 101,763 bytes in 503 blocks.
==9970== malloc/free: 647 allocs, 144 frees, 128,958 bytes allocated.
==9970== For counts of detected errors, rerun with: -v
==9970== searching for pointers to 503 not-freed blocks.
==9970== checked 405,600 bytes.
==9970==
==9970== LEAK SUMMARY:
==9970== definitely lost: 0 bytes in 0 blocks.
==9970== possibly lost: 0 bytes in 0 blocks.
==9970== still reachable: 101,763 bytes in 503 blocks.
==9970== suppressed: 0 bytes in 0 blocks.
==9970== Rerun with --leak-check=full to see details of leaked memory.
That error, I suspect, is the underlying cause.
It just didn't cause any visible symptoms until the structure changes.
(No, I don't know any more than I've pasted here, and I don't have time
right now to dig further to work out when it started, and whether it's
only -Dmad)
Nicholas Clark
Thread Previous