develooper Front page | perl.perl5.porters | Postings from March 2015

[perl #123951] stack underflow from func call

Thread Next
From:
Father Chrysostomos via RT
Date:
March 1, 2015 22:08
Subject:
[perl #123951] stack underflow from func call
Message ID:
rt-4.0.18-25987-1425247688-1894.123951-15-0@perl.org
On Sat Feb 28 03:46:02 2015, hv wrote:
> AFL (<http://lcamtuf.coredump.cx/afl/>) finds this:
> 
> % /miniperl -e '&{0 == &{0 == 0}} * 0'
> Segmentation fault (core dumped)
>  %
> 
> Running with -Ds shows a stack underflow - the multiply is just a way
> to show it:
> 
> % ./miniperl -e '$^D="st"; &{0 == &{0 == 0}}'
>       =>  PVMG("st"\0)
> (-e:1)  nextstate
>       =>
> (-e:1)  pushmark
>       =>  *
> (-e:1)  const(IV(0))
>       =>  *  IV(0)
> (-e:1)  pushmark
>       =>  *  IV(0)  *
> (-e:1)  const(SV_YES)
>       =>  *  IV(0)  *  SV_YES
> (-e:1)  entersub
>       =>  *  IV(0)
> (-e:1)  eq
>     =>   [STACK UNDERFLOW!!!]
>   *
> (-e:1)  entersub
>     =>   [STACK UNDERFLOW!!!]
> 
> (-e:1)  leave
>  %
> 
> I'm unlikely to have time for further debugging on this one any time
> soon.

I find this clearer:

$ ./miniperl -e 'warn 1, 2, 3, &{0 == 0} * 0, 4, 5, 6' 
120456 at -e line 1.

This has something to do with the &PL_sv_yes-as-a-sub hack, which is used to implement missing ->import methods.  That this was ever exposed to Perl space is a bug, IMHO, though we have explicit tests for it.

However, it is not limited to &{0 == 0}:

$ ./miniperl -e 'warn 1, 2, 3, main->import * 0, 4, 5, 6' 
120456 at -e line 1.

I see the same results with 5.8.7 and blead.

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=123951

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About