[perl #51636] segmentation fault with array ties

Front page | perl.perl5.porters | Postings from March 2008

[perl #51636] segmentation fault with array ties

Thread Previous | Thread Next

From:

blino @ mandriva . com

Date:

March 12, 2008 07:50

Subject:

[perl #51636] segmentation fault with array ties

Message ID:

rt-3.6.HEAD-25460-1205315984-377.51636-75-0@perl.org

# New Ticket Created by  blino@mandriva.com 
# Please include the string:  [perl #51636]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=51636 >



This is a bug report for perl from blino@mandriva.com,
generated with the help of perlbug 1.36 running under perl 5.10.0.


-----------------------------------------------------------------
[Please enter your report here]
Perl aborts with a segmentation fault when using array tie in array
ties. The following testcase allows to reproduce it.

#!/usr/bin/perl

my $view;
my @a;
tie @a, 'TiedList';
$view->{data} = \@a;
@{$view->{data}} = (1);

package TiedList;

use strict;
use Carp;

sub TIEARRAY {
	my $class = shift;
	return bless {}, $class;
}

sub FETCH { 0 }

sub STORE { # this, index, value
	warn "store";
	my @row;
	tie @row, 'TiedRow';
        warn "stored";
	return $_[2];
}
sub FETCHSIZE { croak }
sub PUSH { croak }
sub POP { croak }
sub SHIFT { croak }
sub UNSHIFT { croak }
sub DELETE { croak }
sub CLEAR { [] }
sub EXISTS { croak }
sub EXTEND { warn "extend" }
sub STORESIZE { croak }
sub SPLICE { croak }

1;

package TiedRow;

use strict;
use Carp;

sub TIEARRAY {
	my $class = shift;
	return bless {}, $class;
}

sub FETCH { 0 }

sub STORE { $_[2] }

sub FETCHSIZE { croak }
sub EXISTS { croak }

sub EXTEND { croak }
sub CLEAR { croak }

sub POP { croak "pop called on a TiedRow, but you can't change its size"; }
sub PUSH { croak "push called on a TiedRow, but you can't change its size"; }
sub SHIFT { croak "shift called on a TiedRow, but you can't change its size"; }
sub UNSHIFT { croak "unshift called on a TiedRow, but you can't change its size"; }
sub SPLICE { croak "splice called on a TiedRow, but you can't change its size"; }
sub DELETE { croak "delete called on a TiedRow, but you can't change its size"; }
sub STORESIZE { carp "STORESIZE operation not supported"; }


1;

The testcase may look awkward, it has been written starting from
Gtk2::SimpleList (which originally triggered the bug).

The bug does not happen with perl 5.8.8, it looks like the bug has been
introduced by change 31770 ("optimize push @ISA").

This naive patch fixes the issue:
diff -p -up perl-5.10.0/av.c.av_mg perl-5.10.0/av.c
--- perl-5.10.0/av.c.av_mg      2007-12-18 11:47:07.000000000 +0100
+++ perl-5.10.0/av.c    2008-03-12 10:40:56.000000000 +0100
@@ -433,7 +433,7 @@ Perl_av_clear(pTHX_ register AV *av)
     /* Give any tie a chance to cleanup first */
     if (SvRMAGICAL(av)) {
        const MAGIC* const mg = SvMAGIC(av);
-       if (PL_delaymagic && mg->mg_type == PERL_MAGIC_isa)
+       if (PL_delaymagic && mg && mg->mg_type == PERL_MAGIC_isa)
            PL_delaymagic |= DM_ARRAY;
         else
            mg_clear((SV*)av);

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.10.0:

Configured by Mandriva at Mon Mar 10 12:15:15 EDT 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.6.22.12-server-1mdv, archname=i386-linux-thread-multi
    uname='linux n5.mandriva.com 2.6.22.12-server-1mdv #1 smp tue nov 20 09:35:09 est 2007 i686 intel(r) xeon(tm) cpu 2.80ghz gnulinux '
    config_args='-des -Dinc_version_list=5.8.8 5.8.7 5.8.6 5.8.5 5.8.4 5.8.3 5.8.2 5.8.1 5.8.0 5.6.1 5.6.0 -Darchname=i386-linux -Dcc=gcc -Doptimize=-O2  -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dsitebin=/usr/local/bin -Dsiteman1dir=/usr/local/share/man/man1 -Dsiteman3dir=/usr/local/share/man/man3 -Dman3ext=3pm -Dcf_by=Mandriva -Dmyhostname=localhost -Dperladmin=root@localhost -Dcf_email=root@localhost -Dd_dosuid -Ud_csh -Duseshrplib -Duseithreads'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2 -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='4.2.2 20071128 (prerelease) (4.2.2-2mdv2008.1)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lpthread -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fomit-frame-pointer -march=i586 -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib'

Locally applied patches:
    Mandriva Linux patches

---
@INC for perl 5.10.0:
    /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.10.0
    /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.10.0
    /usr/lib/perl5/5.10.0/i386-linux-thread-multi
    /usr/lib/perl5/5.10.0
    /usr/lib/perl5/site_perl/5.8.7
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.8.8
    /usr/lib/perl5/vendor_perl/5.8.7
    /usr/lib/perl5/vendor_perl/5.8.6
    /usr/lib/perl5/vendor_perl/5.8.5
    /usr/lib/perl5/vendor_perl/5.8.4
    /usr/lib/perl5/vendor_perl/5.8.3
    /usr/lib/perl5/vendor_perl
    .

---
Environment for perl 5.10.0:
    HOME=/home/blino
    LANG=fr_FR
    LANGUAGE=fr_FR:fr
    LC_ADDRESS=fr_FR
    LC_COLLATE=fr_FR
    LC_CTYPE=fr_FR
    LC_IDENTIFICATION=fr_FR
    LC_MEASUREMENT=fr_FR
    LC_MESSAGES=fr_FR
    LC_MONETARY=fr_FR
    LC_NAME=fr_FR
    LC_NUMERIC=fr_FR
    LC_PAPER=fr_FR
    LC_SOURCED=1
    LC_TELEPHONE=fr_FR
    LC_TIME=fr_FR
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/games:/usr/lib/qt4/bin:/usr/lib/qt4/bin:/home/blino/bin:/usr/lib/qt4/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

Thread Previous | Thread Next

[perl #51636] segmentation fault with array ties by blino @ mandriva . com

Re: [perl #51636] segmentation fault with array ties by Steve Peters
Re: [perl #51636] segmentation fault with array ties by Rafael Garcia-Suarez

Re: [perl #51636] segmentation fault with array ties by Vincent Pit

Re: [perl #51636] segmentation fault with array ties by Rafael Garcia-Suarez
Re: [perl #51636] segmentation fault with array ties by Nicholas Clark

Re: [perl #51636] segmentation fault with array ties by Vincent Pit

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About