develooper Front page | perl.perl5.porters | Postings from December 2012

[perl #41948] Combination of tie() and loop aliasing can cause perl to crash.

Thread Next
From:
bulk88 via RT
Date:
December 26, 2012 21:20
Subject:
[perl #41948] Combination of tie() and loop aliasing can cause perl to crash.
Message ID:
rt-3.6.HEAD-17500-1356556805-239.41948-15-0@perl.org
On Wed Mar 21 09:18:15 2007, mjcarman@mchsi.com wrote:
> This is a bug report for perl from mjcarman@mchsi.com,
> generated with the help of perlbug 1.35 running under perl v5.8.4.
> 
> 
> -----------------------------------------------------------------
> It's possible to cause a crash in perl by using a combination of tie()
>    and the
> implicit aliasing of loop variables. I have observed this on both
>    v5.8.4 and
> v5.8.7. The following example reproduces the problem.
> 
> #!perl
> use strict;
> use warnings;
> 
> package Death;
> sub TIEARRAY  { bless [], __PACKAGE__ }
> sub FETCH     { { a => 1, b => 2} }
> sub FETCHSIZE { 1 }
> 
> package main;
> 
> tie my @array, 'Death';
> 
> foreach my $p (@array) {
>   my %h = (a => $p->{a}, b => $p->{b}); # Aaaghh!
> }
> 
> __END__



The following
__________________________________________________________________
use strict;
use warnings;

package Death;
sub TIEARRAY { bless [], __PACKAGE__ }
sub FETCH { { a => 1, b => 2} }
sub FETCHSIZE { 1 }

package main;

tie my @array, 'Death';

foreach my $p (@array) {
my %h = (a => $p->{a}, b => $p->{b}); # Aaaghh!
}
________________________________________________________________

with threaded win32 perls,

5.10
__________________________________________________________________
panic: attempt to copy freed scalar 1839704 to 1839724 at n11.pl line 24.
__________________________________________________________________

5.12
___________________________________________________________________
panic: attempt to copy freed scalar 83b28c to 829ef4 at n11.pl line 24.
___________________________________________________________________

5.14.2 win64
-empty console (no panic)

5.17.6 win32
-empty console (no panic)

I think this has been fixed by now, last discussion was in 2007, which
was 5.8/5.8/early 5.10 era. I would guess without looking at any code a
savetmps and freetmps around the tied/magic method call would fix the
problem.

-- 
bulk88 ~ bulk88 at hotmail.com

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=41948
Thread Next

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About