[perl #54956] crash on binary-or lvalue operation on qr//

# New Ticket Created by  Niko Tyni 
# Please include the string:  [perl #54956]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=54956 >



This is a bug report for perl from Niko Tyni <ntyni@debian.org>,
generated with the help of perlbug 1.36 running under perl 5.10.0.


-----------------------------------------------------------------
As seen in <http://bugs.debian.org/483150>, this one-liner crashes 5.10.0
and blead@33937 but not 5.8.8:

# ./miniperl -e 'my $re = qr/x/; $re |= "y"'
miniperl: doop.c:1259: Perl_do_vop: Assertion `((svtype)((sv)->sv_flags & 0xff)) >= SVt_PV' failed.

#0  0x00002b358c697165 in raise () from /lib/libc.so.6
#1  0x00002b358c698610 in abort () from /lib/libc.so.6
#2  0x00002b358c69060f in __assert_fail () from /lib/libc.so.6
#3  0x000000000062bed6 in Perl_do_vop (my_perl=0x987010, optype=93, sv=0x9a9f28, left=0x9a9f28, 
    right=0x9a9fa0) at doop.c:1259
#4  0x000000000059c4bb in Perl_pp_bit_or (my_perl=0x987010) at pp.c:2385
#5  0x00000000004ada20 in Perl_runops_debug (my_perl=0x987010) at dump.c:1984
#6  0x00000000004f716e in S_run_body (my_perl=0x987010, oldscope=1) at perl.c:2392
#7  0x00000000004f64a0 in perl_run (my_perl=0x987010) at perl.c:2312
#8  0x00000000006b1c4a in main (argc=3, argv=0x7fff1ef33b08, env=0x7fff1ef33b28) at miniperlmain.c:113

On 5.10.0 without -DDEBUGGING this results in 'double free or corruption'.

Bisecting shows it was broken by change 27859:

 commit a39e44f1b8a997f82f02847b565d62c2cd84111f
 Author: Jarkko Hietaniemi <jhi@iki.fi>
 Date:   Mon Apr 17 13:19:37 2006 +0300

    dooop.c: the strong asserts in Sv* macros could cause memory leakage -- move the macro calls earlier (Coverity CID 84)
    Message-Id: <20060417071937.C13346CF2D@aprikoosi.hut.fi>
    
    p4raw-id: //depot/perl@27859

-----------------------------------------------------------------
---
Flags:
    category=core
    severity=medium
---
Site configuration information for perl 5.10.0:

Configured by Debian Project at Thu May  8 11:57:24 UTC 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.6.18-6-xen-amd64, archname=x86_64-linux-gnu-thread-multi
    uname='linux sid 2.6.18-6-xen-amd64 #1 smp thu apr 24 05:10:26 utc 2008 x86_64 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.2.3 (Debian 4.2.3-5)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl 5.10.0:
    /etc/perl
    /usr/local/lib/perl/5.10.0
    /usr/local/share/perl/5.10.0
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.10
    /usr/share/perl/5.10
    /usr/local/lib/site_perl
    .

---
Environment for perl 5.10.0:
    HOME=/home/niko
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LC_CTYPE=fi_FI.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/niko/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/sbin:/usr/sbin
    PERL_BADLANG (unset)
    SHELL=/bin/zsh

• [perl #54956] crash on binary-or lvalue operation on qr// by Steve Peters via RT
• Re: [perl #54956] crash on binary-or lvalue operation on qr// by Steve Peters
• [perl #54956] crash on binary-or lvalue operation on qr// by Niko Tyni