Re: [perl #21585] perl -e '$x[2**30]=1' dumps core

Front page | perl.perl5.porters | Postings from March 2003

Re: [perl #21585] perl -e '$x[2**30]=1' dumps core

Thread Previous

From:

Slaven Rezic

Date:

March 16, 2003 15:34

Subject:

Re: [perl #21585] perl -e '$x[2**30]=1' dumps core

Message ID:

87vfyievqw.fsf@vran.herceg.de

"dt@vosat.de (via RT)" <perlbug-followup@perl.org> writes:

> # New Ticket Created by  dt@vosat.de 
> # Please include the string:  [perl #21585]
> # in the subject line of all future correspondence about this issue. 
> # <URL: http://rt.perl.org/rt2/Ticket/Display.html?id=21585 >
> 
> 
> This is a bug report for perl from dt@vosat.de,
> generated with the help of perlbug 1.34 running under perl v5.8.0.
> 
> 
> -----------------------------------------------------------------
> [Please enter your report here]
> 
> 	danielt@knast:~> perl -e '$x[2**29]=1'                
> 	Out of memory!
> 	zsh: exit 1     perl -e '$x[2**29]=1'
> 
> This error is expected.
> 
> 	danielt@knast:~> perl -e '$x[2**30]=1'
> 	zsh: bus error (core dumped)  perl -e '$x[2**30]=1'
> 
> But this isn't.
> 

Neither is

	$ perl -e '$x[2**31]=1'
	Modification of non-creatable array value attempted, subscript -2147483648 at -e line 1.

The reason is that you're reaching the limits of the 32-bit system. An
array with 2**30+1 elements takes at least 2**32+4 bytes of memory
(each element needs a SV*, which is 4 bytes on a 32-bit system).
malloc(2**32+4) translates to malloc(4) (because of int overflow),
which succeeds but allocates too less memory.

The problem could be solved by the patch below, but I'm not sure
whether there should be a patch at all.

--- bleedperl/av.c	Sun Mar  2 17:34:00 2003
+++ bleedperl2/av.c	Mon Mar 17 00:20:16 2003
@@ -77,6 +77,12 @@ Perl_av_extend(pTHX_ AV *av, I32 key)
 	LEAVE;
 	return;
     }
+
+#if PTRSIZE == 4
+    if (key >= (I32)(0xffffffff/sizeof(SV*)))
+	Perl_croak(aTHX_ "Out of memory (I32 overflow)");
+#endif
+
     if (key > AvMAX(av)) {
 	SV** ary;
 	I32 tmp;



> [Please do not change anything below this line]
> -----------------------------------------------------------------
> ---
> Flags:
>     category=core
>     severity=low
> ---
> Site configuration information for perl v5.8.0:
> 
> Configured by danielt at Mon Mar 10 00:25:29 CET 2003.
> 
> Summary of my perl5 (revision 5.0 version 8 subversion 0) configuration:
>   Platform:
>     osname=freebsd, osvers=4.7-release-p2, archname=i386-freebsd
>     uname='freebsd knast 4.7-release-p2 freebsd 4.7-release-p2 #2: fri nov 15 10:24:08 cet 2002 knarf@knast:usrsrcsyscompileklagenfurt i386 '
>     config_args='-Dprefix=/home/danielt/src/perl-5.8.0/test -Dcc=/home/danielt/unix/egcs/bin/gcc'
>     hint=previous, useposix=true, d_sigaction=define
>     usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
>     useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
>     use64bitint=undef use64bitall=undef uselongdouble=undef
>     usemymalloc=n, bincompat5005=undef
>   Compiler:
>     cc='/home/danielt/unix/egcs/bin/gcc', ccflags ='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -I/usr/local/include',
>     optimize='-O',
>     cppflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -I/usr/local/include -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -I/usr/local/include -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -I/usr/local/include -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -I/usr/local/include'
>     ccversion='', gccversion='egcs-2.91.66 19990314 (egcs-1.1.2 release)', gccosandvers='freebsdelf4.7'
>     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
>     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
>     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
>     alignbytes=4, prototype=define
>   Linker and Libraries:
>     ld='cc', ldflags ='-Wl,-E  -L/usr/local/lib'
>     libpth=/usr/lib /usr/local/lib
>     libs=-lgdbm -lm -lc -lcrypt -lutil
>     perllibs=-lm -lc -lcrypt -lutil
>     libc=, so=so, useshrplib=false, libperl=libperl.a
>     gnulibc_version=''
>   Dynamic Linking:
>     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
>     cccdlflags='-DPIC -fpic', lddlflags='-shared  -L/usr/local/lib'
> 
> Locally applied patches:
>     
> 
> ---
> @INC for perl v5.8.0:
>     /home/danielt/unix/perl/i386-freebsd
>     /home/danielt/unix/perl
>     /home/danielt/unix/perl/i386-freebsd
>     /home/danielt/unix/perl58/lib/5.8.0/i386-freebsd
>     /home/danielt/unix/perl58/lib/5.8.0
>     /home/danielt/unix/perl58/lib/site_perl/5.8.0/i386-freebsd
>     /home/danielt/unix/perl58/lib/site_perl/5.8.0
>     /home/danielt/unix/perl58/lib/site_perl
>     .
> 
> ---
> Environment for perl v5.8.0:
>     HOME=/home/danielt
>     LANG=C
>     LANGUAGE (unset)
>     LC_CTYPE=de_DE.ISO_8859-1
>     LD_LIBRARY_PATH (unset)
>     LOGDIR (unset)
>     PATH=/home/danielt/unix/bin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
>     PERL5LIB=/home/danielt/unix/perl:/home/danielt/unix/perl/i386-freebsd
>     PERL_BADLANG (unset)
>     SHELL=/usr/local/bin/zsh
> 
> 

-- 
Slaven Rezic - slaven@rezic.de

    tktimex - project time manager
    http://sourceforge.net/projects/ptktools/

Thread Previous

[perl #21585] perl -e '$x[2**30]=1' dumps core by perlbug-followup

Re: [perl #21585] perl -e '$x[2**30]=1' dumps core by Slaven Rezic

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About