develooper Front page | perl.perl5.porters | Postings from February 2015

[perl #123802] Segfault in Perl_yyparse with minimized test case from #123801

Thread Previous | Thread Next
From:
Father Chrysostomos via RT
Date:
February 27, 2015 04:00
Subject:
[perl #123802] Segfault in Perl_yyparse with minimized test case from #123801
Message ID:
rt-4.0.18-10572-1425009597-1677.123802-15-0@perl.org
On Tue Feb 24 11:58:05 2015, hv wrote:
> On Sun Feb 22 16:43:16 2015, sprout wrote:
> > This assertion failure is fixed in f4460c6f7a, but I get another one
> > now:
> >
> > $ echo -n '/$0{}/' | ./miniperl
> > Assertion failed: (SvTYPE(sv) != (svtype)SVTYPEMASK), function
> > Perl_sv_clear, file sv.c, line 6536.
> > Abort trap: 6
> >
> > This seems to have to do with perly.c not reference-counting
> > PL_compcv
> > correctly.  But I could be wrong.
> 
> I think so, I'm seeing similar problems when there's a parse error in
> a double quoted string or glob:
> 
> % cat t1
> "\L\L"
> % ./miniperl -c t1
> Segmentation fault (core dumped)
> % cat t2
> <\U\U>
> % ./miniperl -c t2
> Segmentation fault (core dumped)
>  %
> 
> The first fails during the SvREFCNT_dec here:
> #7  0x00000000004b82a6 in Perl_yyparse (gramtype=258) at perly.c:423
> .. and the second just after grabbing a compcv here:
> #0  0x00000000004b8938 in Perl_yyparse (gramtype=258) at perly.c:528

This seems to have to do with the parser (perly.c) popping scopes on a syntax error, resulting in inner lexing scopes being popped.  But somehow the lexer (toke.c) is confused into thinking the inner lexing scope is still active, so it calls the LEAVE in sublex_done, which tries to free the parser stack when the parser is still active.

The solution here may be to use LEAVE_SCOPE(ix) in sublex_done, and store the index somewhere.  Or maybe sublex_done should be a no-op if there is no inner lexing scope.  I’m still digging.

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=123802

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About