[perl #52740] crash when localizing a symtab entry

Front page | perl.perl5.porters | Postings from April 2008
[perl #52740] crash when localizing a symtab entry

Thread Previous | Thread Next
From:
Niko Tyni
Date:
April 11, 2008 00:56
Subject:
[perl #52740] crash when localizing a symtab entry
Message ID:
rt-3.6.HEAD-25460-1207894422-1006.52740-75-0@perl.org
# New Ticket Created by  Niko Tyni 
# Please include the string:  [perl #52740]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=52740 >


This snippet crashes Perl 5.10.0 and blead (as of change 33541 which
is the last one in the utsl.gen.nz git repository) with a segmentation fault:

 #!/usr/bin/perl -w
 use Compress::Zlib;
 use Devel::Symdump;
 print Devel::Symdump->isa_tree;
 __END__

(The snippet is reduced from the mod_perl2 2.0.4rc1 test suite,
 where Apache crashes on shutdown after the tests.)

This can be reduced to

 #!/usr/bin/perl
 use constant "foo" => "a";
 index("a", foo);
 local(*g) = ${::}{foo};
 __END__

and expanded to this core-only test:

 #!/usr/bin/perl 
 BEGIN {
    $|=1;
    print "1..2\n";
    my $name = "foo";
    my $scalar = "a";
    if ($] > 5.009002) {
        my $symtab = \%{'::'};
        $symtab->{$name} = \$scalar;
    } else {
        *{"::$name"} = sub () { $scalar };
    }
 }
 print "ok 1\n" if index("a", foo) >= 0;
 local(*g) = ${::}{foo};
 END {print "ok 2\n";}
 __END__

Bisecting shows the segfault started with

[ 29544] By: nicholas                              on 2006/12/13  08:35:43
        Log: Eliminate PVBM. Store fast Boyer-Moore tables in PVGV.
             Add the placeholder for new type, temporarily named BIND, for binding
             and aliasing in 6 on 5.
     Branch: perl
           ! dump.c ext/B/B.xs ext/Storable/Storable.xs op.h
           ! pod/perltodo.pod pp_hot.c sv.c sv.h util.c


On blead, change 32708 turns this into an assertion failure with -DDEBUGGING:

 miniperl: sv.c:3231: S_glob_assign_glob: Assertion `((((shplep)->sv_flags & (0x00004000|0x00008000)) == 0x00008000) && (((svtype)((shplep)->sv_flags & 0xff)) == SVt_PVGV || ((svtype)((shplep)->sv_flags & 0xff)) == SVt_PVLV))' failed.
 ../testscript: line 3:  3158 Aborted                 (core dumped) ./miniperl ${HOME}/t.pl


Backtrace of 'miniperl' as of change 33541 without -DDEBUGGING:

Core was generated by `./miniperl /home/niko/t.pl'.
Program terminated with signal 11, Segmentation fault.
[New process 23428]
#0  0x0000000000488f67 in S_unshare_hek_or_pvn (my_perl=0x7c7010, hek=0x31, str=0x0, len=0, hash=0)
    at hv.c:2294
2294        if (he->shared_he_he.he_valu.hent_refcount - 1) {
(gdb) bt
#0  0x0000000000488f67 in S_unshare_hek_or_pvn (my_perl=0x7c7010, hek=0x31, str=0x0, len=0, hash=0)
    at hv.c:2294
#1  0x0000000000488f18 in Perl_unshare_hek (my_perl=0x7c7010, hek=0x31) at hv.c:2263
#2  0x000000000040a776 in Perl_gp_free (my_perl=0x7c7010, gv=0x7e8820) at gv.c:1583
#3  0x00000000004ed305 in Perl_leave_scope (my_perl=0x7c7010, base=0) at scope.c:821
#4  0x00000000004ea2cd in Perl_pop_scope (my_perl=0x7c7010) at scope.c:102
#5  0x00000000004a48a6 in Perl_pp_leave (my_perl=0x7c7010) at pp_hot.c:1882
#6  0x000000000049b9d3 in Perl_runops_standard (my_perl=0x7c7010) at run.c:38
#7  0x0000000000494971 in S_run_body (my_perl=0x7c7010, oldscope=1) at perl.c:2400
#8  0x000000000049437e in perl_run (my_perl=0x7c7010) at perl.c:2320
#9  0x000000000057375e in main (argc=2, argv=0x7fff820a3c88, env=0x7fff820a3ca0) at miniperlmain.c:113

Backtrace with -DDEBUGGING and the assertion failure above:

Core was generated by `./miniperl /home/niko/t.pl'.
Program terminated with signal 6, Aborted.
[New process 14219]
#0  0x00002b50c8c431d5 in raise () from /lib/libc.so.6
(gdb) bt
#0  0x00002b50c8c431d5 in raise () from /lib/libc.so.6
#1  0x00002b50c8c44680 in abort () from /lib/libc.so.6
#2  0x00002b50c8c3c75f in __assert_fail () from /lib/libc.so.6
#3  0x000000000053affd in S_glob_assign_glob (my_perl=0x984010, dstr=0x9a70d8, sstr=0x9a70a8, dtype=9)
    at sv.c:3366
#4  0x0000000000540f07 in Perl_sv_setsv_flags (my_perl=0x984010, dstr=0x9a70d8, sstr=0x9a70a8, 
    flags=1538) at sv.c:3717
#5  0x000000000050cc8a in Perl_pp_aassign (my_perl=0x984010) at pp_hot.c:1074
#6  0x00000000004ad3dc in Perl_runops_debug (my_perl=0x984010) at dump.c:1984
#7  0x00000000004f6ae3 in S_run_body (my_perl=0x984010, oldscope=1) at perl.c:2400
#8  0x00000000004f5e15 in perl_run (my_perl=0x984010) at perl.c:2320
#9  0x00000000006b087e in main (argc=2, argv=0x7fffe2987578, env=0x7fffe2987590) at miniperlmain.c:113


---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.10.0:

Configured by Debian Project at Sun Mar 30 20:28:28 UTC 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.6.18-6-xen-amd64, archname=x86_64-linux-gnu-thread-multi
    uname='linux sid 2.6.18-6-xen-amd64 #1 smp sun feb 10 18:02:52 utc 2008 x86_64 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.2.3 (Debian 4.2.3-3)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl 5.10.0:
    /etc/perl
    /usr/local/lib/perl/5.10.0
    /usr/local/share/perl/5.10.0
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.10
    /usr/share/perl/5.10
    /usr/local/lib/site_perl
    .

---
Environment for perl 5.10.0:
    HOME=/root
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash
Thread Previous | Thread Next
[perl #52740] crash when localizing a symtab entry by Rafael Garcia-Suarez via RT
Re: [perl #52740] crash when localizing a symtab entry by Reini Urban
[perl #52740] crash when localizing a symtab entry by Niko Tyni
Re: [perl #52740] crash when localizing a symtab entry by Rafael Garcia-Suarez
nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About