Front page | perl.perl5.porters |
Postings from September 2010
# New Ticket Created by Father Chrysostomos
# Please include the string: [perl #77930]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=77930 >
This script crashes:
perl5.13.4 -le' $sub = sub { local $count = $count+1; ()->$sub if $count < 1000; $a cmp $b }; () = sort $sub qw<a b c d e f g>'
This started as a JE test failure (<http://www.cpantesters.org/cpan/report/bf35a6a8-b679-11df-8fbf-ba84984c9764>). Andreas König helped me track it down.
Change 133acf7b:
From: Nicholas Clark <nick at, er, ccl4.org, I think>
Date: Thu, 24 Jun 2010 19:44:07 +0000 (+0100)
Subject: In pp_sort, ensure that @_ is freed correctly.
X-Git-Tag: v5.13.3~329
X-Git-Url: http://perl5.git.perl.org/perl.git/commitdiff_plain/133acf7b389614db651d1ed570d4a0ca0c747999
In pp_sort, ensure that @_ is freed correctly.
Before this, if @_ had become AvREAL(), it retains reference on its elements.
---
diff --git a/pp_sort.c b/pp_sort.c
index 51cf216..48d4273 100644
--- a/pp_sort.c
+++ b/pp_sort.c
@@ -1678,9 +1678,9 @@ PP(pp_sort)
sort_flags);
if (!(flags & OPf_SPECIAL)) {
- LEAVESUB(cv);
- if (!is_xsub)
- CvDEPTH(cv)--;
+ SV *sv;
+ POPSUB(cx, sv);
+ LEAVESUB(sv);
}
POPBLOCK(cx,PL_curpm);
PL_stack_sp = newsp;
... etc. ...
This change does not take into account that cx_stack may have been reallocated, and that cx may be pointing to freed memory.
(This bug bears a striking resemblance to 74170.)