develooper Front page | perl.perl5.porters | Postings from March 2006

[perl #32332] Perl segfaults; test case available

Thread Next
From:
Steve Peters via RT
Date:
March 30, 2006 19:34
Subject:
[perl #32332] Perl segfaults; test case available
Message ID:
rt-3.0.11-32332-131758.2.69654910720142@perl.org
> [timwi - Thu Nov 04 16:53:40 2004]:
> 
> This is a bug report for perl from timwi@gmx.net,
> generated with the help of perlbug 1.35 running under perl v5.8.4.
> (Though I had to mail it manually. Hope that's OK.)
> 
> -----------------------------------------------------------------
> 
> Perl segfaults upon the execution of the following 26-line script.
> 
> If you don't get the segfault, try duplicating lines 14-16 (the
> contents of the 'starthere' string). The more you put in, the
> more likely you are to get the segfault.
> 
> I am aware that line 19 (my $ac = '';) seems pointless, because
> $ac is never used again anywhere. However, if I remove that line,
> then instead of a segfault it gets stuck in an endless loop...
> 
> I have a suspicion that line 22 is the actual culprit.
> 
> Here is the script.
> 
> #!/usr/bin/perl
> use strict;
> SegFaultFunction ('starthere');
> 
> sub SegFaultFunction {
>      my $variable = shift;
>      my $params = shift;
>      my $cns =   {   'abcdefg' => sub {
>                          return (shift)->{'x'};
>                      },
>                      starthere => "
>                          <?abcdefg <?xy xy?> abcdefg?>
>                          <?abcdefg <?xy xy?> abcdefg?>
>                          <?abcdefg <?xy xy?> abcdefg?>
>                      ",
>                  }->{$variable};
>      $cns = $cns->($params) if ref $cns eq 'CODE';
>      while ($cns =~ s/^(.*?)(?=<\?)//os) {
>          my $ac = '';
>          if ($cns =~ /^<\?([a-zA-Z0-9_]+)(\s|$)/os) {
>              my $var = $1;
>              ($cns =~ s/^.*?$var\?>/ $_=$&; s!^.*<\?$var\s*(.*?)\s*$var\?>!
>                  SegFaultFunction ($var, { x => $1 }); !es; $_ /es);
>          }
>      }
> }
> 

Welcome to a completely different problem!

steve@kirk:~/smoke/perl-current$ ./perl -Ilib rt_32332.pl 
*** glibc detected *** double free or corruption (fasttop): 0x08297730 ***
Aborted (core dumped)

I get the following backtrace from the core dump.

#0  0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7d939a1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7d952b9 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7dc787a in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4  0xb7dcdfd4 in malloc_usable_size () from /lib/tls/i686/cmov/libc.so.6
#5  0xb7dce34a in free () from /lib/tls/i686/cmov/libc.so.6
#6  0x0808c669 in Perl_safesysfree (where=0x8297730) at util.c:250
#7  0x0823d0b9 in Perl_pregfree (r=0x82976c0) at regcomp.c:6034
#8  0x081362b8 in Perl_pp_regcomp () at pp_ctl.c:135
#9  0x0808bc02 in Perl_runops_debug () at dump.c:1695
#10 0x080b7f0d in S_run_body (oldscope=1) at perl.c:2366
#11 0x080b74d9 in perl_run (my_perl=0x826b008) at perl.c:2286
#12 0x0805ea60 in main (argc=3, argv=0xbfa28c84, env=0xbfa28c94)
    at perlmain.c:103

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About