develooper Front page | perl.perl5.porters | Postings from March 2015

[perl #123802] Segfault in Perl_yyparse with minimized test case from #123801

Thread Previous | Thread Next
From:
Father Chrysostomos via RT
Date:
March 1, 2015 02:29
Subject:
[perl #123802] Segfault in Perl_yyparse with minimized test case from #123801
Message ID:
rt-4.0.18-23347-1425176961-831.123802-15-0@perl.org
On Thu Feb 26 19:59:57 2015, sprout wrote:
> On Tue Feb 24 11:58:05 2015, hv wrote:
> > On Sun Feb 22 16:43:16 2015, sprout wrote:
> > > This assertion failure is fixed in f4460c6f7a, but I get another
> > > one
> > > now:
> > >
> > > $ echo -n '/$0{}/' | ./miniperl
> > > Assertion failed: (SvTYPE(sv) != (svtype)SVTYPEMASK), function
> > > Perl_sv_clear, file sv.c, line 6536.
> > > Abort trap: 6
> > >
> > > This seems to have to do with perly.c not reference-counting
> > > PL_compcv
> > > correctly.  But I could be wrong.
> >
> > I think so, I'm seeing similar problems when there's a parse error in
> > a double quoted string or glob:
> >
> > % cat t1
> > "\L\L"
> > % ./miniperl -c t1
> > Segmentation fault (core dumped)
> > % cat t2
> > <\U\U>
> > % ./miniperl -c t2
> > Segmentation fault (core dumped)
> >  %
> >
> > The first fails during the SvREFCNT_dec here:
> > #7  0x00000000004b82a6 in Perl_yyparse (gramtype=258) at perly.c:423
> > .. and the second just after grabbing a compcv here:
> > #0  0x00000000004b8938 in Perl_yyparse (gramtype=258) at perly.c:528
> 
> This seems to have to do with the parser (perly.c) popping scopes on a
> syntax error, resulting in inner lexing scopes being popped.  But
> somehow the lexer (toke.c) is confused into thinking the inner lexing
> scope is still active, so it calls the LEAVE in sublex_done, which
> tries to free the parser stack when the parser is still active.
> 
> The solution here may be to use LEAVE_SCOPE(ix) in sublex_done, and
> store the index somewhere.  Or maybe sublex_done should be a no-op if
> there is no inner lexing scope.  I’m still digging.

I finally finished tracking this down.  It’s PL_lex_defer again.  So the fix is nearly identical to #123801.  See commit 479ae48.

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=123802

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About