[perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896

On Fri Apr 22 08:36:02 2016, zefram@fysh.org wrote:
> Brian Carpenter wrote:
> >perl -e '$0=$.^=*.=$0=0'
> 
> This reduces to
> 
>         perl -e '$z ^= *z=0'
> 
> which looks almost exactly like [perl #127934].  That one used *= and
> asserted, whereas this one uses ^= and segvs.  They're probably the
> same bug underneath.  |= and .= also segv: the pattern seems to be that
> numeric operations assert and string operations segv on handling the
> string buffer.

I am pretty sure these are both stack issues.  The *z=0 frees *z{SCALAR} while the latter is on the stack.

$ perl -le 'print $^V'
v5.12.4
$ perl -e '$z ^= *z=0'
Segmentation fault: 11
$ perl -e '*b=*z; $z ^= *z=0; print "$b\n"' 
*main::0

-- 

Father Chrysostomos


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=127956

• [perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Brian Carpenter
• Re: [perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Zefram
• [perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Father Chrysostomos via RT
• Re: [perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Smylers
• [perl #127956] null pointer dereference in Perl_sv_setpvn atsv.c:4896 by Father Chrysostomos via RT