develooper Front page | perl.perl5.porters | Postings from August 2011

[perl #98092] "Attempt to free unreferenced scalar" from dist/threads-shared/t/clone.t

Thread Previous | Thread Next
From:
Father Chrysostomos via RT
Date:
August 31, 2011 20:41
Subject:
[perl #98092] "Attempt to free unreferenced scalar" from dist/threads-shared/t/clone.t
Message ID:
rt-3.6.HEAD-31297-1314848499-66.98092-15-0@perl.org
On Wed Aug 31 09:34:05 2011, sprout wrote:
> > So far I’ve ascertained that:
> > 1) The first unreferenced scalar is an entry in @DB::args that has
> > already been used as an AV by the time the thread is started.
> > 2) It gets cloned by sv_dup (not _inc) when the thread starts, so it
> > ends up in param->unreferenced, and hence on the temps stack in the
> thread.
> > 3) When the thread exits, cv_undef ends up freeing it, because it is
> > somehow reused as a padlist, even though it’s on the temps stack still
> > with a refcount of one. I don’t know which cv it is.
> > 4) When the temps are freed, we get ‘Attempt to freed unreferenced
> scalar’.
> > 
> > Any ideas where to look now?
> > 
> 
> Aha!
> 
> In pad.c:Perl_padlist_dup:
> 
> 	/* look for it in the table first.
> 	   I *think* that it shouldn't be possible to find it there.
> 	   Well, except for how Perl_sv_compile_2op() "works" :-(   */
> 	dstpad = (AV*)ptr_table_fetch(PL_ptr_table, srcpad);
> 
> 	if (dstpad)
> 	    return dstpad;
> 
> No SvREFCNT_inc!
> 
> commit 6de654a5795b6f7915432ff16bcdac0688492a9b
> Author: Nicholas Clark <nick@ccl4.org>
> Date:   Thu Feb 25 14:21:18 2010 +0000
> 
>     In Perl_padlist_dup() don't duplicate @_ or pads caused by recursion.
>     
>     CvDEPTH() is 0 in a new thread, so duplicating pads beyond the
> always-present
>     first level is a waste of effort and memory.
> 
> Adding SvREFCNT_inc makes one warning go away.

The other warnings are also the result of padlists in @DB::args.  If
they get cloned through @DB::args, their refcounts are not incremented
(except for that held by param->unreferenced), hence the double free.

Is there any reason padlists can’t be marked AvREAL (so sv_dup_common
knows to use sv_dup_*inc* on the elems)? In cv_undef, we could turn off
the REAL flag just before:

	SvREFCNT_dec(MUTABLE_SV(CvPADLIST(cv)));
	CvPADLIST(cv) = NULL;


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About