develooper Front page | perl.perl5.porters | Postings from May 2013

[perl #117941] CopSTASH is not reference counted, and hence can become corrupt

Thread Next
From:
Father Chrysostomos via RT
Date:
May 26, 2013 18:14
Subject:
[perl #117941] CopSTASH is not reference counted, and hence can become corrupt
Message ID:
rt-3.6.HEAD-2650-1369592043-41.117941-15-0@perl.org
On Fri May 10 04:36:11 2013, nicholas wrote:
> $ ~/Sandpit/5000/bin/perl -e 'sub B {package A; reset}; delete
> $::{"A::"}; B()'
> Segmentation fault: 11 (core dumped)
> $ ~/Sandpit/5000/bin/perl -v
> 
> This is perl, version 5.000
...

> The bug isn't in reset - that's just the easiest way I found to write
> code
> which accesses CopSTASH()

The other place that accesses CopSTASH is pp_caller, which checks to
make sure that it is an HV first to avoid such a crash.  Maybe reset
needs to do the same thing.

That would prevent crashing, but still not solve the underlying problem,
which is the subject of #113486.


> The correct solution is not immediately obvious, as just "bumping" the
> reference count when creating the COP would create a lot of loops
> (stash -> GV -> CV -> stash).
> 
> It might be appropriate to optimise the usual case of the COP's
> package being
> the same as the package of the PVCV, and indirecting via the PVCV in
> that
> case (as CvSTASH is already correctly implemented as a weak
> reference),
> and hold a proper reference if CopSTASH is not the same as
> CvSTASH(PL_compiling). In that case, loops, if they exist, will leak.

I assume you mean they will *not* leak.

> 
> Whilst that will work for the default build,

Actually, I don’t think it would for clonable subs.  I believe the clone
can easily outlive its prototype (now, not in 5.16 or whenever).  So
that greatly reduces the scope of the fix.

> it's not clear to me how
> how to
> make this work efficiently under ithreads, as the OP isn't allowed to
> directly hold a pointer to the CV. (In a cloned child thread, the
> cloned
> CV will be at a different address, but the OP is shared)

PL_cvpad? :-)

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=117941

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About