[perl #92264] Freeing $a or $b during sort causes a double free

Front page | perl.perl5.porters | Postings from January 2012

[perl #92264] Freeing $a or $b during sort causes a double free

Thread Next

From:

Father Chrysostomos via RT

Date:

January 14, 2012 22:53

Subject:

[perl #92264] Freeing $a or $b during sort causes a double free

Message ID:

rt-3.6.HEAD-14510-1326610385-1689.92264-14-0@perl.org

On Sun Jun 05 15:51:34 2011, sprout wrote:
> $ perl5.14.0 -e '@_ = sort { *a = \1 } 1, 2'
> Attempt to free unreferenced scalar: SV 0x826480, Perl interpreter:
> 0x800000.
> 
> I think pp_sort is misusing SAVESPTR.

Attached is a test case.  I don’t know how to fix this efficiently. 
Currently GvSV(*a) and GvSV(*b) are not reference-counted during sort. 
But no other code knows about that.

Making them reference-counted is the obvious fix, but I presume it was
not done originally for efficency’s sake.

-- 

Father Chrysostomos

Thread Next

[perl #92264] Freeing $a or $b during sort causes a double free by Father Chrysostomos via RT

[perl #92264] Freeing $a or $b during sort causes a double free by Father Chrysostomos via RT

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About