develooper Front page | perl.perl5.porters | Postings from June 2016

Re: [perl #127774] segfault in caller()

Thread Previous
From:
Dave Mitchell
Date:
June 17, 2016 11:06
Subject:
Re: [perl #127774] segfault in caller()
Message ID:
20160617110644.GB3840@iabyn.com
On Thu, Mar 24, 2016 at 01:04:52PM +0000, Dave Mitchell wrote:
> On Wed, Mar 23, 2016 at 05:25:11PM -0700, l.mai@web.de wrote:
> > This seems to be fixed in blead (probably due to the context stack overhaul?).
> 
> Well it bisects to this, but it's not immediately obvious to me why that
> fixed it:
> 
> commit b042e3289b4fb004aeb597fff6026d9df30aee80
> Author: David Mitchell <davem@iabyn.com>
> Date:   Thu Oct 15 11:34:41 2015 +0100
> 
>     do PL_tmps_floor restore in POPBLOCK
>     
>     Currently every individual POPFOO type does
>     
>         PL_tmps_floor = cx->cx_u.cx_blk.blku_old_tmpsfloor
>     
>     as its last action.
>     
>     Move all these into POPBLOCK instead, which always immediately follows
>     the  POPFOO.

Having now looked this in more depth, that commit fixed it by a chance
side-effect; however this later commit in the context stack overhaul work
properly fixed it:

    commit fc6e609e613c36ececcd37d4c7f023be35a36578
    Author:     David Mitchell <davem@iabyn.com>
    AuthorDate: Thu Dec 24 19:44:05 2015 +0000

    dounwind(): do a POPBLOCK for final cx frame.

The issue was that when code dies without being trapped by an eval,
all savestack and context stack frames are popped, but the saved
variables in the context stack (PL_curpm, PL_tmps_floor etc) weren't
necessarily getting restored (or restored at the right time).
This meant that in this:

    END { caller 1 } eval("sub { die }")->()

the temporary anon sub was getting freed while PL_curcop still pointed
at the OP_NEXTSTATE within the sub. When freeing the optree associated
with the sub, it sets PL_curcop to NULL if points to an op that's
about to be freed.

Later, caller() is called and it expects PL_curcop to be non-null.

-- 
Monto Blanco... scorchio!

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About