develooper Front page | perl.perl5.porters | Postings from February 2015

[perl #123677] 31 byte one liner crashes Perl5.21.9

Thread Previous | Thread Next
Matthew Horsfall via RT
February 8, 2015 20:54
[perl #123677] 31 byte one liner crashes Perl5.21.9
Message ID:
On Sat Feb 07 17:39:18 2015, sprout wrote:

> > Test case:
> > s)$0{0h());qx(@0);qx(@0);qx(@0)
> This is a case where a syntax error causes scopes to be popped when
> the lexing state is LEX_KNOWNEXT, and it changes to LEX_NORMAL,
> somehow corrupting the pending token stack.  I suspect the fix will be
> to eliminate the LEX_KNOWNEXT state and check the number of items on
> the pending token stack instead.

For what it's worth, I bisected this test case to:

   eae48c8938e50ebb341a72c2886c5ae8587092a5 is the first bad commit
   commit eae48c8938e50ebb341a72c2886c5ae8587092a5
   Author: Zefram <>
   Date:   Tue Oct 19 21:16:11 2010 +0100
    refactor and regularise label/statement grammar

which is what the '$1=eval{a:}' case bisected to -

The bisect was...

  mhorsfall@dory:~/p5/perl$ cat ~/runner 
  my $cmd = 's)$0{0h());qx(@0);qx(@0);qx[-]';
  my $what = system("./perl -Ilib -e '$cmd'");
  my $res = ($? >> 8) & 127;
  if ($res == 11) {
    die "Segfault!\n";
  } else {
    print "Okay!\n";

  mhorfall@dory:~/p5/perl$ /home/mhorsfall/perl-1/Porting/ --start=v5.13.6 --end=v5.13.7 -j 8 -- ./perl -Ilib /home/mhorsfall/runner

I had to hack /home/mhorsfall/perl-1/Porting/ to comment out:
  #     optimize => '-g',

I can't get this bug to trigger if I compile with -D optimize=-g. It triggers with

  ./Configure -des -Dusedevel

though. Also, I can't trigger it with threads:

  ./Configure -des -Dusedevel -Dusethreads

-- Matthew Horsfall (alh)

via perlbug:  queue: perl5 status: open

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About