[perl #41653] valgrind reports bad read for a s///g

# New Ticket Created by  Nicholas Clark 
# Please include the string:  [perl #41653]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=41653 >



This is a bug report for perl from nick@ccl4.org,
generated with the help of perlbug 1.35 running under perl 5.9.5.


-----------------------------------------------------------------
[Please enter your report here]

Jarkko found this back in 2005, and it still appears to be an issue:

$ cat badread.pl
$_ = 'a';
s/a/xx/g;
my $f = eval q{ $& };
__END__
$ valgrind --tool=memcheck --num-callers=20 ./perl badread.pl 
==7550== Memcheck, a memory error detector for x86-linux.
==7550== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==7550== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==7550== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==7550== For more details, rerun with: -v
==7550== 
==7550== Invalid read of size 1
==7550==    at 0x1B9F7AFA: memmove (in /lib/tls/libc-2.3.3.so)
==7550==    by 0x808EFB8: Perl_reg_numbered_buff_get (regcomp.c:4769)
==7550==    by 0x80B918B: Perl_magic_get (mg.c:885)
==7550==    by 0x80B72A9: Perl_mg_get (mg.c:174)
==7550==    by 0x80FF796: Perl_sv_setsv_flags (sv.c:3451)
==7550==    by 0x810FFE7: Perl_sv_mortalcopy (sv.c:6838)
==7550==    by 0x815DC23: Perl_pp_leaveeval (pp_ctl.c:3540)
==7550==    by 0x80AB7C9: Perl_runops_debug (dump.c:1902)
==7550==    by 0x80D544A: S_run_body (perl.c:2407)
==7550==    by 0x80D4A94: perl_run (perl.c:2327)
==7550==    by 0x805EAF2: main (perlmain.c:113)
==7550==  Address 0x1BAD2DE0 is 0 bytes inside a block of size 4 free'd
==7550==    at 0x1B903349: free (vg_replace_malloc.c:153)
==7550==    by 0x80AC110: Perl_safesysfree (util.c:250)
==7550==    by 0x80E9CDB: Perl_pp_subst (pp_hot.c:2274)
==7550==    by 0x80AB7C9: Perl_runops_debug (dump.c:1902)
==7550==    by 0x80D544A: S_run_body (perl.c:2407)
==7550==    by 0x80D4A94: perl_run (perl.c:2327)
==7550==    by 0x805EAF2: main (perlmain.c:113)
==7550== 
==7550== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 25 from 1)
==7550== malloc/free: in use at exit: 82871 bytes in 568 blocks.
==7550== malloc/free: 873 allocs, 305 frees, 108641 bytes allocated.
==7550== For a detailed leak analysis,  rerun with: --leak-check=yes
==7550== For counts of detected errors, rerun with: -v


[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=low
---
Site configuration information for perl 5.9.5:

Configured by nick at Thu Mar  1 14:44:38 CET 2007.

Summary of my perl5 (revision 5 version 9 subversion 5) configuration:
  Platform:
    osname=linux, osvers=2.6.8.1-10mdk, archname=i686-linux
    uname='linux fangorn.maddingue.net 2.6.8.1-10mdk #1 wed sep 8 17:00:52 cest 2004 i686 amd athlon(tm) xp 2200+ unknown gnulinux '
    config_args='-Dusedevel=y -Dcc=ccache gcc -Dld=gcc -Ubincompat5005 -Uinstallusrbinperl -Dcf_email=nick@ccl4.org -Dperladmin=nick@ccl4.org -Dinc_version_list=  -Dinc_version_list_init=0 -Doptimize=-g -Uusethreads -Uuse64bitint -Uuselongdouble -Uusemymalloc -Duseperlio -Dprefix=~/Sandpit/snap5.9.x-30437 -Dinstallman1dir=none -Dinstallman3dir=none -de'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='ccache gcc', ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-g',
    cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='3.4.1 (Mandrakelinux 10.1 3.4.1-4mdk)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.3.3.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.3.3'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    DEVEL

---
@INC for perl 5.9.5:
    lib
    /home/nick/Sandpit/snap5.9.x-30437/lib/perl5/5.9.5/i686-linux
    /home/nick/Sandpit/snap5.9.x-30437/lib/perl5/5.9.5
    /home/nick/Sandpit/snap5.9.x-30437/lib/perl5/site_perl/5.9.5/i686-linux
    /home/nick/Sandpit/snap5.9.x-30437/lib/perl5/site_perl/5.9.5
    .

---
Environment for perl 5.9.5:
    HOME=/home/nick
    LANG=fr_FR
    LANGUAGE=fr_FR:fr
    LC_ADDRESS=fr_FR
    LC_COLLATE=fr_FR
    LC_CTYPE=fr_FR
    LC_IDENTIFICATION=fr_FR
    LC_MEASUREMENT=fr_FR
    LC_MESSAGES=fr_FR
    LC_MONETARY=fr_FR
    LC_NAME=fr_FR
    LC_NUMERIC=fr_FR
    LC_PAPER=fr_FR
    LC_SOURCED=1
    LC_TELEPHONE=fr_FR
    LC_TIME=fr_FR
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/nick/bin:/usr/local/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/sbin:/usr/games:/Applications/Java/default/bin:/usr/local/sbin:/sbin:/usr/sbin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

• [perl #41653] valgrind reports bad read for a s///g by Nicholas Clark
• Re: [perl #41653] valgrind reports bad read for a s///g by Nicholas Clark