[perl #54758] Perl 5.10 memory corruption

# New Ticket Created by  greerga@m-l.org 
# Please include the string:  [perl #54758]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=54758 >



This is a bug report for perl from greerga@m-l.org,
generated with the help of perlbug 1.36 running under perl 5.10.0.


-----------------------------------------------------------------
[Please enter your report here]

Running the following program produces memory corruption in Perl
5.10.0:

	- - - 8< - - - 8< - - -
	#!/usr/bin/perl
	print "1..1\n";
	push @x, 0 for 1 .. 1024; $#x; @x = sort @x;
	print "ok 1\n";
	- - - 8< - - - 8< - - -

Sample of some other interesting values:
(Note that some values crash after it has printed "ok" already, which is why I used a "large" number.)
127 - works
128 - *** glibc detected *** /usr/bin/perl: free(): invalid pointer: 0x099db760 ***
256 - panic: bad free at ./BUG line 4.
1024 -: see below

- - - 8< - - - 8< - - -
$ ./BUG
1..1
*** glibc detected *** /usr/bin/perl: malloc(): memory corruption: 0x08912e7c ***
======= Backtrace: =========
/lib/libc.so.6[0x6f5506]
/lib/libc.so.6(__libc_malloc+0x95)[0x6f6c55]
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so(Perl_safesysmalloc+0x43)[0x923063]
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so(Perl_sv_grow+0x1c0)[0x982ed0]
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so(Perl_sv_2pv_flags+0x7c3)[0x9745a3]
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so(Perl_pp_sort+0x4ae)[0xa5379e]
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so(Perl_runops_debug+0x153)[0x9180b3]
/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so(perl_run+0x4b9)[0x950fe9]
/usr/bin/perl(main+0x116)[0x8048a66]
/lib/libc.so.6(__libc_start_main+0xe6)[0x69b5d6]
/usr/bin/perl[0x80488b1]
======= Memory map: ========
00110000-00111000 r-xp 00110000 00:00 0          [vdso]
00665000-00681000 r-xp 00000000 fd:00 4784130    /lib/ld-2.8.so
00681000-00682000 r-xp 0001c000 fd:00 4784130    /lib/ld-2.8.so
00682000-00683000 rwxp 0001d000 fd:00 4784130    /lib/ld-2.8.so
00685000-007e8000 r-xp 00000000 fd:00 4784160    /lib/libc-2.8.so
007e8000-007ea000 r-xp 00163000 fd:00 4784160    /lib/libc-2.8.so
007ea000-007eb000 rwxp 00165000 fd:00 4784160    /lib/libc-2.8.so
007eb000-007ee000 rwxp 007eb000 00:00 0
007f0000-007f3000 r-xp 00000000 fd:00 4784213    /lib/libdl-2.8.so
007f3000-007f4000 r-xp 00002000 fd:00 4784213    /lib/libdl-2.8.so
007f4000-007f5000 rwxp 00003000 fd:00 4784213    /lib/libdl-2.8.so
007f7000-0081e000 r-xp 00000000 fd:00 4784235    /lib/libm-2.8.so
0081e000-0081f000 r-xp 00026000 fd:00 4784235    /lib/libm-2.8.so
0081f000-00820000 rwxp 00027000 fd:00 4784235    /lib/libm-2.8.so
00822000-00837000 r-xp 00000000 fd:00 4784214    /lib/libpthread-2.8.so
00837000-00838000 r-xp 00014000 fd:00 4784214    /lib/libpthread-2.8.so
00838000-00839000 rwxp 00015000 fd:00 4784214    /lib/libpthread-2.8.so
00839000-0083b000 rwxp 00839000 00:00 0
00879000-00ae3000 r-xp 00000000 fd:00 5933879    /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so
00ae3000-00ae8000 rwxp 0026a000 fd:00 5933879    /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so
00c2d000-00c3a000 r-xp 00000000 fd:00 4785093    /lib/libgcc_s-4.3.0-20080428.so.1
00c3a000-00c3b000 rwxp 0000c000 fd:00 4785093    /lib/libgcc_s-4.3.0-20080428.so.1
00d21000-00d32000 r-xp 00000000 fd:00 4784242    /lib/libresolv-2.8.so
00d32000-00d33000 r-xp 00010000 fd:00 4784242    /lib/libresolv-2.8.so
00d33000-00d34000 rwxp 00011000 fd:00 4784242    /lib/libresolv-2.8.so
00d34000-00d36000 rwxp 00d34000 00:00 0
00df9000-00dfb000 r-xp 00000000 fd:00 4784232    /lib/libutil-2.8.so
00dfb000-00dfc000 r-xp 00001000 fd:00 4784232    /lib/libutil-2.8.so
00dfc000-00dfd000 rwxp 00002000 fd:00 4784232    /lib/libutil-2.8.so
05546000-0555c000 r-xp 00000000 fd:00 4784250    /lib/libnsl-2.8.so
0555c000-0555d000 r-xp 00015000 fd:00 4784250    /lib/libnsl-2.8.so
0555d000-0555e000 rwxp 00016000 fd:00 4784250    /lib/libnsl-2.8.so
0555e000-05560000 rwxp 0555e000 00:00 0
06259000-06262000 r-xp 00000000 fd:00 4784251    /lib/libcrypt-2.8.so
06262000-06263000 r-xp 00009000 fd:00 4784251    /lib/libcrypt-2.8.so
06263000-06264000 rwxp 0000a000 fd:00 4784251    /lib/libcrypt-2.8.so
06264000-0628b000 rwxp 06264000 00:00 0
08048000-08049000 r-xp 00000000 fd:00 2851509    /usr/bin/perl
08049000-0804b000 rw-p 00000000 fd:00 2851509    /usr/bin/perl
088f4000-08936000 rw-p 088f4000 00:00 0
b7c00000-b7c21000 rw-p b7c00000 00:00 0
b7c21000-b7d00000 ---p b7c21000 00:00 0
b7d34000-b7f34000 r--p 00000000 fd:00 2873740    /usr/lib/locale/locale-archive
b7f34000-b7f36000 rw-p b7f34000 00:00 0
b7f57000-b7f58000 rw-p b7f57000 00:00 0
bffda000-bffef000 rw-p bffea000 00:00 0          [stack]
Aborted

Affected:
  Fedora 9: perl-5.10.0-20.fc9.i386 (used for above report)
  ActiveState Perl 5.10 under Windows XP (original discovery)
  Cygwin 5.10

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=high
---
This perlbug was built using Perl 5.10.0 in the Fedora build system.
It is being executed now by Perl 5.10.0 - Tue Mar 18 15:46:25 EDT 2008.

Site configuration information for perl 5.10.0:

Configured by Red Hat, Inc. at Tue Mar 18 15:46:25 EDT 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.6.18-53.1.6.el5xen, archname=i386-linux-thread-multi
    uname='linux xenbuilder2.fedora.redhat.com 2.6.18-53.1.6.el5xen #1 smp wed jan 16 04:10:44 est 2008 i686 i686 i386 gnulinux '
    config_args='-des -Doptimize=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Dversion=5.10.0 -Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto -Dscriptdir=/usr/bin'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBUGGING -fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='4.3.0 20080314 (Red Hat 4.3.0-3)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
    perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.7.90.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.7.90'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl 5.10.0:
    /usr/lib/perl5/5.10.0/i386-linux-thread-multi
    /usr/lib/perl5/5.10.0
    /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.10.0
    /usr/lib/perl5/site_perl/5.8.8
    /usr/lib/perl5/site_perl/5.8.7
    /usr/lib/perl5/site_perl/5.8.6
    /usr/lib/perl5/site_perl/5.8.5
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.10.0
    /usr/lib/perl5/vendor_perl/5.8.8
    /usr/lib/perl5/vendor_perl/5.8.7
    /usr/lib/perl5/vendor_perl/5.8.6
    /usr/lib/perl5/vendor_perl/5.8.5
    /usr/lib/perl5/vendor_perl
    .

---
Environment for perl 5.10.0:
    HOME=/home/greerga
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LC_COLLATE=C
    LC_TIME=C
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=~/bin:/usr/local/bin:/usr/local/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/X11R6/bin:/usr/local/games:/usr/games
    PERL_BADLANG (unset)
    SHELL=/bin/bash

• [perl #54758] Perl 5.10 memory corruption by greerga @ m-l . org
• Re: [perl #54758] Perl 5.10 memory corruption by Rafael Garcia-Suarez
• Re: [perl #54758] Perl 5.10 memory corruption by Moritz Lenz
• Re: [perl #54758] Perl 5.10 memory corruption by Rafael Garcia-Suarez
• Re: [perl #54758] Perl 5.10 memory corruption by Dave Mitchell
• Re: [perl #54758] Perl 5.10 memory corruption by Jerry D. Hedden