develooper Front page | perl.perl5.porters | Postings from June 2008

Re: [perl #54934] Attempt to free unreferenced scalar fiddling with the symbol table

Thread Previous | Thread Next
From:
Niko Tyni
Date:
June 6, 2008 06:37
Subject:
Re: [perl #54934] Attempt to free unreferenced scalar fiddling with the symbol table
Message ID:
20080606113430.GA5286@rebekka
On Fri, May 30, 2008 at 02:55:22PM +0200, Rafael Garcia-Suarez wrote:
> 2008/5/27 via RT Niko Tyni <perlbug-followup@perl.org>:
> > As seen in <http://cpantesters.perl.org/show/PerlIO-via-dynamic.html>,
> > the test suite of the PerlIO::via::dynamic CPAN module generates
> > 'Attempt to free unreferenced scalar' warnings with recent perl versions,
> > including 5.10.0 but not 5.8.8.

> Good catch. I've traced the double-freed scalar; the patch below fixes
> the error. However I'm not sure at all it creates no leak.
> 
> --- ext/PerlIO/via/via.xs.orig	2008-01-25 10:00:53.000000000 +0100
> +++ ext/PerlIO/via/via.xs	2008-05-30 14:43:11.000000000 +0200
> @@ -89,7 +89,7 @@ PerlIOVia_method(pTHX_ PerlIO * f, const
>  	    if (!s->fh) {
>  		GV *gv = newGVgen(HvNAME_get(s->stash));
>  		GvIOp(gv) = newIO();
> -		s->fh = newRV_noinc((SV *) gv);
> +		s->fh = newRV((SV *) gv);
>  		s->io = GvIOp(gv);
>  	    }
>  	    IoIFP(s->io) = PerlIONext(f);
> End of Patch.
> 
> So what leaks is a gv generated to hold the "FOO" reference. (Its name
> is "_GEN_0".)

Hi,

I don't see this applied yet, hope it isn't falling through the cracks.
While PerlIO-via-dynamic-0.13 now has a workaround for 5.10.0, Bastian
Blank raised concerns about possible security implications of the double
frees in <http://bugs.debian.org/479698> (Cc'd).

Again, many thanks for looking at this.
-- 
Niko Tyni   ntyni@debian.org

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About