Front page | perl.perl5.porters |
Postings from March 2003
On Fri, 07 Mar 2003 00:02:04 -0800, sthoenna@efn.org wrote:
>On Mon, 17 Feb 2003 20:52:50 +0000, davem@fdgroup.com wrote:
>>On Mon, Feb 17, 2003 at 12:28:22PM -0800, Yitzchak Scott-Thoennes wrote:
>>> The original bug above (the sv being freed in the middle of a FETCH
>>> call, resulting in a coredump) may be fixed by a refcnt inc in
>>> save_magic and a corresponding dec as the last thing in restore_magic.
>>> My bleadperl isn't up to date...perhaps someone else could give it a
>>> shot.
>>
>>I had a quick try, and make test gave lots of 'scalars leaked', and I
>>haven't the enthusiam to look into further at the moment :-(
>
>:( Lots indeed. Thanks for giving it a try.
>
>Somehow, we are getting lots of calls to save_magic for sv's with a 0
>refcnt (!). Adding a "if (!PL_dirty) " before the _inc and _dec calls
>makes most (but not all) of the errors go away.
>
>But this may be the wrong approach anyway. It keeps the sv around
>until the end of the magic stuff, which solves the coredump for
>something like "print $a", but "$a .= 'foo'" is going to end up
>segfaulting later anyway. A different patch forthcoming.
This uses the same hack as av_fetch, which won't work if the sv is
reallocated for another purpose, but should stop the seg faults even
in that case.
--- perl/mg.c.orig Sat Feb 15 14:33:28 2003
+++ perl/mg.c Thu Mar 6 22:48:04 2003
@@ -131,6 +131,12 @@
if (!(mg->mg_flags & MGf_GSKIP) && vtbl && vtbl->svt_get) {
CALL_FPTR(vtbl->svt_get)(aTHX_ sv, mg);
+
+ /* guard against sv having been freed */
+ if (SvTYPE(sv) == SVTYPEMASK) {
+ Perl_croak(aTHX_ "Tied variable freed while still in use");
+ }
+
/* Don't restore the flags for this entry if it was deleted. */
if (mg->mg_flags & MGf_GSKIP)
(SSPTR(mgs_ix, MGS *))->mgs_flags = 0;
--- perl/pod/perldiag.pod.orig Wed Feb 26 06:33:20 2003
+++ perl/pod/perldiag.pod Thu Mar 6 22:58:18 2003
@@ -3670,6 +3670,12 @@
(F) The entry point function of threads->create() failed for some reason.
+=item Tied variable freed while still in use
+
+(F) An access method for a tied variable (e.g. FETCH) did something to
+free the variable. Since continuing the current operation is likely
+to result in a coredump, Perl is bailing out instead.
+
=item times not implemented
(F) Your version of the C library apparently doesn't do times(). I
--- perl/t/op/tie.t.orig Thu Nov 7 06:31:28 2002
+++ perl/t/op/tie.t Thu Mar 6 23:09:06 2003
@@ -286,3 +286,12 @@
7
8
0
+########
+#
+# FETCH freeing tie'd SV
+sub TIESCALAR { bless [] }
+sub FETCH { *a = \1; 1 }
+tie $a, 'main';
+print $a;
+EXPECT
+Tied variable freed while still in use at - line 6.
Thread Previous
|
Thread Next