[perl #113060] Corrupt cx stack in pp_caller threaded

Front page | perl.perl5.porters | Postings from May 2012

[perl #113060] Corrupt cx stack in pp_caller threaded

Thread Previous

From:

rurban @ cpanel . net

Date:

May 23, 2012 08:46

Subject:

[perl #113060] Corrupt cx stack in pp_caller threaded

Message ID:

rt-3.6.HEAD-7788-1337787979-583.113060-75-0@perl.org

# New Ticket Created by  rurban@cpanel.net 
# Please include the string:  [perl #113060]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org:443/rt3/Ticket/Display.html?id=113060 >



This is a bug report for perl from rurban@cpanel.net,
generated with the help of perlbug 1.39 running under perl 5.16.0.


-----------------------------------------------------------------
AddressSanitizer detected a corrupt cx context in pp_caller.

e.g. with ./miniperl -w -Ilib -MExporter -e '<?>'

READ of size 1 at 0x7fa73ab95388 thread T0
    #0 0x6ae785 in Perl_gv_stashpvn
    #/usr/src/perl/build-5.16.0d@asan/gv.c:1335
       Copy(name, tmpbuf, namelen, char); name="main",namelen=9,flags=1

Note: "main" with len 9 is wrong

    #1 0x169920f in Perl_pp_caller
    #/usr/src/perl/build-5.16.0d@asan/pp_ctl.c:1900
       HvNAME_HEK((HV*)CopSTASH(cx->blk_oldcop)) count=7

Note: cx already corrupt here.

    #2 0xd0876e in Perl_runops_debug
    #/usr/src/perl/build-5.16.0d@asan/dump.c:2119
    #3 0x1776d1b in S_docatch /usr/src/perl/build-5.16.0d@asan/pp_ctl.c:3297
    #4 0x175aefc in Perl_pp_require
    #/usr/src/perl/build-5.16.0d@asan/pp_ctl.c:4213
    #5 0xd0876e in Perl_runops_debug
    #/usr/src/perl/build-5.16.0d@asan/dump.c:2119
    #6 0x476341 in Perl_call_sv /usr/src/perl/build-5.16.0d@asan/perl.c:2690
    #7 0x1bdbf2e in Perl__core_swash_init
    #/usr/src/perl/build-5.16.0d@asan/utf8.c:2832
    #8 0x1bbfeac in Perl_swash_init
    #/usr/src/perl/build-5.16.0d@asan/utf8.c:2740
    #9 0x1bbb8a9 in S_is_utf8_common
    #/usr/src/perl/build-5.16.0d@asan/utf8.c:1889
    #10 0x1bbc2f4 in Perl__is_utf8__perl_idstart
    #/usr/src/perl/build-5.16.0d@asan/utf8.c:1939
    #11 0x6e3793 in Perl_gv_fetchpvn_flags
    #/usr/src/perl/build-5.16.0d@asan/gv.c:1524
    #12 0x712271 in Perl_gv_fetchsv
    #/usr/src/perl/build-5.16.0d@asan/gv.c:1390
    #13 0x141ab51 in S_rv2gv /usr/src/perl/build-5.16.0d@asan/pp.c:231
    #14 0x140dd4c in Perl_pp_rv2gv /usr/src/perl/build-5.16.0d@asan/pp.c:250
    #15 0xd0876e in Perl_runops_debug
    #/usr/src/perl/build-5.16.0d@asan/dump.c:2119
    #16 0x477080 in Perl_call_sv
    #/usr/src/perl/build-5.16.0d@asan/perl.c:2705
    #17 0x446033 in Perl_call_list
    #/usr/src/perl/build-5.16.0d@asan/perl.c:4787
    #18 0x5e6283 in S_process_special_blocks
    #/usr/src/perl/build-5.16.0d@asan/op.c:6884

I added the following assertions to narrow it down:

--- ../blead/perl-git/pp_ctl.c	2012-04-27 08:58:31.962299840 -0500
+++ pp_ctl.c	2012-05-23 10:40:42.009392113 -0500
@@ -1897,6 +1897,9 @@
 	RETURN;
     }
 
+    DEBUG_CX("CALLER");
+    assert(CopSTASHPV(cx->blk_oldcop));
+    assert(SvOOK((HV*)CopSTASHPV(cx->blk_oldcop)));
     stash_hek = HvNAME_HEK((HV*)CopSTASH(cx->blk_oldcop));
     if (GIMME != G_ARRAY) {
         EXTEND(SP, 1);

but cx is already corrupt here, so the assert is not foolproof enough.
I'm having trouble to find the wrong cx writer.

Without the assert only Carp in make -c cpan/Archive-Extract/ caused the
bug to appear with asan. But with the assert I see that it is a general
problem.

-----------------------------------------------------------------
---
Flags:
    category=core
    severity=critical
---
Site configuration information for perl 5.16.0:

Configured by rurban at Mon May 21 12:07:22 CDT 2012.

Summary of my perl5 (revision 5 version 16 subversion 0) configuration:
   
  Platform:
    osname=linux, osvers=3.2.0-2-amd64, archname=x86_64-linux-debug
    uname='linux reini 3.2.0-2-amd64 #1 smp tue mar 20 18:36:37 utc 2012 x86_64 gnulinux '
    config_args='-de -Dusedevel -Dinstallman1dir=none -Dinstallman3dir=none -Dinstallsiteman1dir=none -Dinstallsiteman3dir=none -DEBUGGING -Doptimize=-g3 -Uuseithreads -D'cc=/home/rurban/Software/llvm/build/Release+Asserts/bin/clang' -A'ccflags=-faddress-sanitizer' -Aldflags=-faddress-sanitizer -Alddlflags=-faddress-sanitizer -Dcf_email='rurban@cpanel.net' -Dperladmin='rurban@cpanel.net' -Duseshrplib'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='/home/rurban/Software/llvm/build/Release+Asserts/bin/clang', ccflags ='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-g3',
    cppflags='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.2.1 Compatible Clang 3.1 ((trunk 153453))', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='/home/rurban/Software/llvm/build/Release+Asserts/bin/clang', ldflags ='-g3 -faddress-sanitizer -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib
    libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.13'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/local/lib/perl5/5.16.0/x86_64-linux-debug/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -g3 -faddress-sanitizer -L/usr/local/lib -fstack-protector'

Locally applied patches:
    

---
@INC for perl 5.16.0:
    /usr/local/lib/perl5/site_perl/5.16.0/x86_64-linux-debug
    /usr/local/lib/perl5/site_perl/5.16.0
    /usr/local/lib/perl5/5.16.0/x86_64-linux-debug
    /usr/local/lib/perl5/5.16.0
    /usr/local/lib/perl5/site_perl
    .

---
Environment for perl 5.16.0:
    HOME=/home/rurban
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/rurban/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
    PERL_BADLANG (unset)
    SHELL=/bin/bash

Thread Previous

[perl #113060] Corrupt cx stack in pp_caller threaded by Reini Urban via RT

Re: [perl #113060] Corrupt cx stack in pp_caller threaded by Reini Urban

Re: [perl #113060] Corrupt cx stack in pp_caller threaded by Dave Mitchell

[perl #113060] Corrupt cx stack in pp_caller threaded by Father Chrysostomos via RT

[PATCH] Re: [perl #113060] Corrupt cx stack in pp_caller threaded by Reini Urban

Re: [PATCH] Re: [perl #113060] Corrupt cx stack in pp_caller threaded by Reini Urban
[perl #113060] Corrupt cx stack in pp_caller threaded by Father Chrysostomos via RT

Re: [perl #113060] Corrupt cx stack in pp_caller threaded by Reini Urban

[perl #113060] Corrupt cx stack in pp_caller threaded by Father Chrysostomos via RT

[perl #113060] Corrupt cx stack in pp_caller threaded by Father Chrysostomos via RT

[perl #113060] Corrupt cx stack in pp_caller threaded by Father Chrysostomos via RT

[perl #113060] Corrupt cx stack in pp_caller threaded by rurban @ cpanel . net

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About