[ID 20000729.002] segfault with exit in (?{ ... })

Front page | perl.perl5.porters | Postings from July 2000
[ID 20000729.002] segfault with exit in (?{ ... })

Thread Next
From:
Jeffrey Friedl
Date:
July 31, 2000 11:13
Subject:
[ID 20000729.002] segfault with exit in (?{ ... })
Message ID:
200007300358.UAA16660@ventrue.yahoo.com

This is a bug report for perl from jfriedl@yahoo-inc.com,
generated with the help of perlbug 1.28 running under perl v5.6.0.


-----------------------------------------------------------------
[Please enter your report here]

Hiho,
Running this program with 5.6.0 segfaults during the exit() call. I
originally discovered the problem with a backtick `program` call instead of
an exit(), but this test script is smaller.

	#!/usr/local/bin/perl -w
	use strict;
	use re 'eval';
	use re 'debug';

	sub size() {
	    print "BAILING\n";
	    exit(0);
	}

	$_ = "ABC";
	print "STRING: $_\n";
	my $open;

	"ABC" =~ m{
	    A
	    B
	    (?{ size() })
	    C
	}x;


Oddly enough, the print and the declaration of $open are required to trigger
the bug -- removing/moving either causes the segfault to not happen.

Here's a gdb session:

    gdb ./perl
    GNU gdb 4.18
    Copyright 1998 Free Software Foundation, Inc.
    GDB is free software, covered by the GNU General Public License, and you are
    welcome to change it and/or distribute copies of it under certain conditions.
    Type "show copying" to see the conditions.
    There is absolutely no warranty for GDB.  Type "show warranty" for details.
    This GDB was configured as "i386-mandrake-linux"...
    (gdb) run /tmp/foo2
    Starting program: /usr/src/perl-5.6.0/./perl /tmp/foo2
    Compiling REx `
	A
	B
	(?{ size() })
	C
    '
    size 7 first at 1
       1: EXACT <AB>(3)
       3: EVAL(5)
       5: EXACT <C>(7)
       7: END(0)
    anchored `ABC' at 0 (checking anchored) minlen 3 with eval 
    STRING: ABZ
    Guessing start of match, REx `
	A
	B
	(?{ size() })
	C
    ' against `ABC'...
    Found anchored substr `ABC' at offset 0...
    Guessed: match at offset 0
    Matching REx `
	A
	B
	(?{ size() })
	C
    ' against `ABC'
      Setting an EVAL scope, savestack=17
       0 <> <ABC>             |  1:  EXACT <AB>
       2 <AB> <C>             |  3:  EVAL
      re_eval 0x810bf08
    BAILING

    Program received signal SIGSEGV, Segmentation fault.
    Perl_leave_scope (base=0) at scope.c:825
    825                 if (SvREFCNT(sv) <= 1 && !SvOBJECT(sv)) {
    (gdb) print sv
    $1 = (SV *) 0x0
    (gdb) where
    #0  Perl_leave_scope (base=0) at scope.c:825
    #1  0x80aff65 in Perl_pop_scope () at scope.c:144
    #2  0x805ee92 in S_my_exit_jump () at perl.c:3672
    #3  0x805ecf9 in Perl_my_exit (status=0) at perl.c:3622
    #4  0x80b731d in Perl_pp_exit () at pp_ctl.c:2472
    #5  0x80949ed in Perl_runops_standard () at run.c:27
    #6  0x401cc91a in S_regmatch (prog=0x810b4c4) at re_exec.c:2307
    #7  0x401cabe9 in S_regtry (prog=0x810b488, startpos=0x810b3e8 "ABC") at re_exec.c:1715
    #8  0x401ca4ed in my_regexec (prog=0x810b488, stringarg=0x810b3e8 "ABC", strend=0x810b3eb "", 
	strbeg=0x810b3e8 "ABC", minend=0, sv=0x810a3b4, data=0x0, flags=2) at re_exec.c:1509
    #9  0x8096cfd in Perl_pp_match () at pp_hot.c:1027
    #10 0x80949ed in Perl_runops_standard () at run.c:27
    #11 0x805bd4e in S_run_body (oldscope=1) at perl.c:1401
    #12 0x805bad8 in perl_run (my_perl=0x80f0858) at perl.c:1325
    #13 0x8059903 in main (argc=2, argv=0xbffff374, env=0xbffff380) at perlmain.c:52
    (gdb) 



(not knowing anything about perl internals, I just issued the following
queries hoping that they'd be helpful)



    (gdb) print PL_savestack_ix 
    3
    (gdb) print PL_savestack@5
    {0x80fda70, 0x80fb3e8, 0x0, 0x0, 0x80f47b0}
    (gdb) print *PL_savestack@5
    {{any_ptr = 0xffffffff, any_i32 = -1, any_iv = -1, any_long = -1, any_dptr = 0xffffffff, 
	any_dxptr = 0xffffffff}, {any_ptr = 0x80ef570, any_i32 = 135198064, any_iv = 135198064, any_long = 135198064, 
	any_dptr = 0x80ef570 <PL_tmps_floor>, any_dxptr = 0x80ef570 <PL_tmps_floor>}, {any_ptr = 0x4, any_i32 = 4, 
	any_iv = 4, any_long = 4, any_dptr = 0x4, any_dxptr = 0x4}, {any_ptr = 0x4, any_i32 = 4, any_iv = 4, 
	any_long = 4, any_dptr = 0x4, any_dxptr = 0x4}, {any_ptr = 0x12, any_i32 = 18, any_iv = 18, any_long = 18, 
	any_dptr = 0x12, any_dxptr = 0x12}}

    (gdb) print PL_savestack[3].any_long
    4
    (gdb) print PL_curpad@10
    {0x810b6e0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0xbffff374, 0x0, 0x80f7c7c, 0x80f0ae4}
    (gdb) print **PL_curpad   
    {sv_any = 0x0, sv_refcnt = 2147483635, sv_flags = 8388608}





[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl v5.6.0:

Configured by jfriedl at Sat Jul 29 20:09:33 PDT 2000.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.2.15, archname=i686-linux
    uname='linux fummy.dsl.yahoo.com 2.2.16 #6 smp sun jul 23 11:26:16 pdt 2000 i686 unknown '
    config_args='-ds -e -A optimize=-g'
    hint=previous, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=undef d_sfio=undef uselargefiles=define 
    use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef
  Compiler:
    cc='cc', optimize='-O2 -g', gccversion=pgcc-2.91.66 19990314 (egcs-1.1.2 release)
    cppflags='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    stdchar='char', d_stdstdio=define, usevfork=false
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lc -lposix -lcrypt
    libc=/lib/libc-2.1.1.so, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl v5.6.0:
    /home/jfriedl/lib/perl
    /home/jfriedl/lib/perl/yahoo
    /usr/local/lib/perl5/5.6.0/i686-linux
    /usr/local/lib/perl5/5.6.0
    /usr/local/lib/perl5/site_perl/5.6.0/i686-linux
    /usr/local/lib/perl5/site_perl/5.6.0
    /usr/local/lib/perl5/site_perl
    .

---
Environment for perl v5.6.0:
    HOME=/home/jfriedl
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH=/usr/local/pgsql/lib:/home/jfriedl/src/rvplayer5.0
    LOGDIR (unset)
    PATH=/home/jfriedl/bin:/home/jfriedl/common/bin:/usr/local/gcc-2.95.2/bin:.:/usr/local/pgsql/bin:/usr/local/bin:/usr/X11R6/bin:/bin:/usr/bin:/usr/sbin:/sbin:/home/jfriedl/src/rvplayer5.0
    PERLLIB=/home/jfriedl/lib/perl:/home/jfriedl/lib/perl/yahoo
    PERL_BADLANG (unset)
    SHELL=/bin/tcsh
Thread Next
[ID 20000729.002] segfault with exit in (?{ ... }) by Jeffrey Friedl
RE: [ID 20000729.002] segfault with exit in (?{ ... }) by Fisher Mark
nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About