[perl #75436] Segfault with lexical $_ and reverse() since e1f795dc

# New Ticket Created by  "Ævar Arnfjörð Bjarmason" 
# Please include the string:  [perl #75436]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=75436 >


This segfaults in everything from 5.10 to blead:

    perl -e 'sub eek { my $_ = $_[0]; reverse } eek(1)'

But these don't segfault:

    perl -e 'sub eek { local $_ = $_[0]; reverse } eek(1)'
    perl -e 'sub { my $_ = $_[0]; reverse }->(1)'
    perl -e 'my $_; sub eek { my $_ = $_[0]; reverse } eek(1)'

This is where it segfaults:

	else {
  =>    sv_setsv(TARG, (SP > MARK)
		    ? *SP
		    : (padoff_du = find_rundefsvoffset(),
			(padoff_du == NOT_IN_PAD
			 || PAD_COMPNAME_FLAGS_isOUR(padoff_du))
			? DEFSV : PAD_SVl(padoff_du)));

That bit of code was introduced in e1f795dc. If I just revert it so
that this line becomes:

    sv_setsv(TARG, (SP > MARK) ? *SP : DEFSV);

It doesn't segfault. But the return value of reverse isn't meaningul
either. The function doesn't return 1 unless I do C<reverse $_>
explicitly. And presumably it breaks whatever e1f795dc was fixing.

Here's the full backtrace, for reference:

    Program received signal SIGSEGV, Segmentation fault.
    0x00000000005c003f in Perl_pp_reverse (my_perl=0x9e4010) at pp.c:5498
    (gdb) bt full
    #0  0x00000000005c003f in Perl_pp_reverse (my_perl=0x9e4010) at pp.c:5498
            down = 0x9e4010 "\250\232\236"
            tmp = 10513552
            targ = 0xa06cc0
            len = 1
            up = 0x9ff9d8 "1"
            padoff_du = 1
            sp = 0x9e9aa8
            mark = 0x9e9aa8
            __PRETTY_FUNCTION__ = "Perl_pp_reverse"
    #1  0x00000000004bd5c8 in Perl_runops_debug (my_perl=0x9e4010) at
dump.c:2096
    No locals.
    #2  0x0000000000705c26 in S_run_body (my_perl=0x9e4010,
oldscope=1) at perl.c:2309
            __PRETTY_FUNCTION__ = "S_run_body"
    #3  0x0000000000704e36 in perl_run (my_perl=0x9e4010) at perl.c:2233
            oldscope = 1
            ret = 0
            cur_env = {je_prev = 0x9e4288, je_buf = {{__jmpbuf = {0,
6741319920363941120, 4215552, 140737488348240, 0, 0,
6741319920447827200, -6741319234744963840}, __mask_was_saved = 0,
__saved_mask = {__val = {10373800, 4215552, 140737488347744, 5645853,
51547755705, 10371088, 10386216, 10371088, 140737488347952, 7334728,
0, 0, 10355416, 10371088, 1, 10386192}}}}, je_ret = 0, je_mustcatch =
0 '\000'}
            __PRETTY_FUNCTION__ = "perl_run"
    #4  0x00000000006d4f51 in main (argc=3, argv=0x7fffffffe458,
env=0x7fffffffe478) at miniperlmain.c:117
            exitstatus = 0
            i = 0

• [perl #75436] Segfault with lexical $_ and reverse() since e1f795dc by Ævar Arnfjörð Bjarmason
• Re: [perl #75436] Segfault with lexical $_ and reverse() since e1f795dc by Rafael Garcia-Suarez
• Re: [perl #75436] Segfault with lexical $_ and reverse() since e1f795dc by Vincent Pit
• Re: [perl #75436] Segfault with lexical $_ and reverse() since e1f795dc by Rafael Garcia-Suarez