develooper Front page | perl.perl5.porters | Postings from August 2012

[perl #114496] win32_getenv and perl_free under PERL_DESTRUCT_LEVEL=1 trys to access freed tmps_stack

Thread Previous
From:
bulk 88
Date:
August 18, 2012 12:12
Subject:
[perl #114496] win32_getenv and perl_free under PERL_DESTRUCT_LEVEL=1 trys to access freed tmps_stack
Message ID:
rt-3.6.HEAD-11172-1345317144-1044.114496-75-0@perl.org
# New Ticket Created by  bulk 88 
# Please include the string:  [perl #114496]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org:443/rt3/Ticket/Display.html?id=114496 >





This is a bug report for perl from bulk88@hotmail.com,
generated with the help of perlbug 1.39 running under perl 5.17.3.


-----------------------------------------------------------------
[Please describe your issue here]

Using a fresh (today's git blead) 5.17 x64 on VC 2008  with DEBUGGING. Extracted the crash from nmake test to these 2 cmd line commands.
_____________________________________________________________
C:\p517\bin>set PERL_DESTRUCT_LEVEL=1

C:\p517\bin>perl "-I../lib" -MSafe -w -e "Safe->new->reval(q(use strict))"
_____________________________________________________________
Also "C:\p517\src\t\perl.exe "-I../lib" -MSafe -w -e "Safe->new->reval(q(BEGIN{$^H{foo}=bar};use strict), 0)" 
hangs the same way with same callstack. Curcop had 0 for line number and null pointer for file name.
Callstack is
_____________________________________________________________
>    perl517.dll!Perl_sv_2mortal(interpreter * my_perl=0x0000000001c1da88, sv * const sv=0x0000000001cd1208)  Line 8330 + 0x54 bytes    C
     perl517.dll!win32_getenv(const char * name=0x000000002832ab50)  Line 1731 + 0x21 bytes    C
     perl517.dll!CPerlHost::Getenv(const char * varname=0x000000002832ab50)  Line 2411    C++
     perl517.dll!PerlEnvGetenv(IPerlEnv * piPerl=0x00000000003bf580, const char * varname=0x000000002832ab50)  Line 464    C++
     perl517.dll!perl_free(interpreter * my_perl=0x0000000001c1da88)  Line 1297 + 0x21 bytes    C
     perl517.dll!RunPerl(int argc=6, char * * argv=0x00000000003b8520, char * * env=0x000000000034b720)  Line 277    C++
     perl.exe!main(int argc=6, char * * argv=0x00000000003b8520, char * * env=0x000000000034b5b0)  Line 24    C
     perl.exe!__tmainCRTStartup()  Line 586 + 0x19 bytes    C
     kernel32.dll!BaseProcessStart()  + 0x2c bytes    
_____________________________________________________________
Watch window days for tmps_stack
_____________________________________________________________
+        my_perl->Itmps_stack    0x0000000001e751e0    sv * *
______________________________________________________________
Full crash error is
______________________________________________________________
Unhandled exception at 0x2823c28d (perl517.dll) in perl.exe: 0xC0000005: Access violation writing location 0x0000000001e751e0.
______________________________________________________________
mem address 0x0000000001E751E0 is
______________________________________________________________
0x0000000001E751E0  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??  ............
0x0000000001E751EC  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??  ............
0x0000000001E751F8  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??  ............
0x0000000001E75204  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??  ............
______________________________________________________________

which is freed.
______________________________________________________________
Also the SV given to sv_2mortal from win32_getenv superficially seems to be allocated (I didn't decode the flags). Should the SV allocator still be working at this point in the runtime life?
_____________________________________________________________
-        sv    0x0000000001cd1208 {sv_any=0x0000000001dcd690 sv_refcnt=1 sv_flags=17412 ...}    sv * const
        sv_any    0x0000000001dcd690    void *
        sv_refcnt    1    unsigned long
        sv_flags    17412    unsigned long
+        sv_u    {svu_pv=0x0000000001bac060 "" svu_iv=29016160 svu_uv=29016160 ...}    <unnamed-tag>
____________________________________________________________
I dont know if this is a leak or not.
____________________________________________________________
DllExport char *
win32_getenv(const char *name)
{
    dTHX;
    DWORD needlen;
    SV *curitem = NULL;
    DWORD last_err;

    needlen = GetEnvironmentVariableA(name,NULL,0);
    if (needlen != 0) {
>>>>>>>>>>>>>>>>>>    curitem = sv_2mortal(newSVpvn("", 0));
_____________________________________________________
is where the sv_2mortal is in the caller. My 1 second guess for the fix is replace all the SVPV allocing with alloca. Not sure if that is the right fix tho.

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
    category=core
    severity=high
---
Site configuration information for perl 5.17.3:

Configured by Administrator at Sat Aug 18 12:58:07 2012.

Summary of my perl5 (revision 5 version 17 subversion 3 patch blead 2012-08-18.13:10:03 29205e9cdf0a179ed7a2e9401a3b19c8ede062db v5.17.2-388-g29205e9) configuration:
  Snapshot of: 29205e9cdf0a179ed7a2e9401a3b19c8ede062db
  Platform:
    osname=MSWin32, osvers=5.2, archname=MSWin32-x64-multi-thread
    uname=''
    config_args='undef'
    hint=recommended, useposix=true, d_sigaction=undef
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cl', ccflags ='-nologo -GF -W3 -Od -MD -Zi -DDEBUGGING -fp:precise -DWIN32 -D_CONSOLE -DNO_STRICT -DWIN64 -DCONSERVATIVE -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE  -DPERL_TEXTMODE_SCRIPTS -DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO',
    optimize='-Od -MD -Zi -DDEBUGGING -fp:precise',
    cppflags='-DWIN32'
    ccversion='15.00.30729.01', gccversion='', gccosandvers=''
    intsize=4, longsize=4, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=undef, longlongsize=8, d_longdbl=define, longdblsize=8
    ivtype='__int64', ivsize=8, nvtype='double', nvsize=8, Off_t='__int64', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='link', ldflags ='-nologo -nodefaultlib -debug  -libpath:"c:\p517\lib\CORE"  -machine:AMD64 "/manifestdependency:type='Win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'"'
    libpth=\lib
    libs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib  comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    perllibs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib  comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    libc=msvcrt.lib, so=dll, useshrplib=true, libperl=perl517.lib
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_win32.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags='-dll -nologo -nodefaultlib -debug  -libpath:"c:\p517\lib\CORE"  -machine:AMD64 "/manifestdependency:type='Win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'"'

Locally applied patches:
    

---
@INC for perl 5.17.3:
    C:/p517/site/lib
    C:/p517/lib
    .

---
Environment for perl 5.17.3:
    CYGWIN=tty
    HOME (unset)
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=C:\Perl\site\bin;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin;C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC;
    PERL_BADLANG (unset)
    PERL_DESTRUCT_LEVEL=1
    PERL_JSON_BACKEND=JSON::XS
    PERL_YAML_BACKEND=YAML
    SHELL (unset)

 		 	   		  


Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About