Front page | perl.perl5.porters |
Postings from December 2013
Jim Keenan wrote:
> As expected, the OP's code sample now gives an error, rather than a segfault:
>
> #####
> $ ./perl -Ilib -le 'do{print("foobar");}until(1)}'
> Unmatched right curly bracket at -e line 1, at end of line
> syntax error at -e line 1, near ")}"
> Execution of -e aborted due to compilation errors.
> #####
>
> I then re-ran that command under valgrind:
>
> #####
> $ valgrind ./perl -Ilib -le 'do{print("foobar");}until(1)}'
...
> #####
> Are your concerns addressed? If so, then we can close this RT.
This line, which back then (I checked 8350df422c) was 4905, but is now
(4cb2d3f84a) 6493,
o->op_next = ((LOGOP*)cUNOPo->op_first)->op_other;
tries to read the op_other field of a const op. const ops are not big
enough to have op_other fields. The op_other field is just past the
end of the svop struct (const ops are svops). So there is still a bug
here. With the slab allocator that I added in 5.18, this will end up
pointing to zeroed memory on the slab (if the op slot was reused), or
to the next slot's slab pointer. So there is no read of unallocated
memory, but still a type of bad read.
I do not know newLOOPOP well enough to say immediately what is
going wrong.
Thread Previous