develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #129770] null ptr deref, segfault Perl_mess_sv (util.c:1534)

From:
Brian Carpenter via RT
Date:
October 12, 2016 22:46
Subject:
[perl #129770] null ptr deref, segfault Perl_mess_sv (util.c:1534)
Message ID:
rt-4.0.24-31084-1476312378-749.129770-15-0@perl.org
v5.25.6 (v5.25.5-76-g91dca83)

valgrind -q perl -e 'k$~$^D=$^'
Scalar found where operator expected at -e line 1, near "$~$^D"
        (Missing operator before $^D?)
invalid option -DO, use -D'' to see choices
invalid option -D_, use -D'' to see choices
invalid option -DO, use -D'' to see choices
### 1:LEX_NORMAL/XSTATE "require q"
### <== REQUIRE

### 1:LEX_NORMAL/XTERM "q"
allocating op at 5f85298, slab 5f850d0 at (eval 1) line 1.
### <== THING(opval=op_const) PV("IO/File.pm"\0)

### 1:LEX_NORMAL/XOPERATOR "\n;"
### <== ';'

allocating op at 5f85258, slab 5f850d0 at (eval 1) line 1.
allocating op at 5f851f8, slab 5f850d0 at (eval 1) line 1.
allocating op at 5f851b0, slab 5f850d0 at (eval 1) line 1.
### 1:LEX_NORMAL/XSTATE ""
### Tokener got EOF
### <== EOF

allocating op at 5f85170, slab 5f850d0 at (eval 1) line 1.
free op at 5f85170, recorded in slab 5f850d0 at (eval 1) line 1.
==30738== Invalid read of size 1
==30738==    at 0x4DA2DA: Perl_mess_sv (util.c:1534)
==30738==    by 0x4DA98D: Perl_mess (util.c:1417)
==30738==    by 0x424C59: Perl_Slab_Free (op.c:442)
==30738==    by 0x425785: Perl_op_free (op.c:855)
==30738==    by 0x4258BB: Perl_op_free (op.c:837)
==30738==    by 0x568070: Perl_leave_scope (scope.c:1109)
==30738==    by 0x56ADA4: S_pop_eval_context_maybe_croak (pp_ctl.c:1593)
==30738==    by 0x579A15: Perl_die_unwind (pp_ctl.c:1721)
==30738==    by 0x4D9297: Perl_vcroak (util.c:1817)
==30738==    by 0x4D93C8: Perl_die (util.c:1748)
==30738==    by 0x580DB6: S_require_file (pp_ctl.c:4050)
==30738==    by 0x580DB6: Perl_pp_require (pp_ctl.c:4126)
==30738==    by 0x4D7131: Perl_runops_debug (dump.c:2246)
==30738==  Address 0x21 is not stack'd, malloc'd or (recently) free'd
==30738==
==30738==
==30738== Process terminating with default action of signal 11 (SIGSEGV)
==30738==  Access not within mapped region at address 0x21
==30738==    at 0x4DA2DA: Perl_mess_sv (util.c:1534)
==30738==    by 0x4DA98D: Perl_mess (util.c:1417)
==30738==    by 0x424C59: Perl_Slab_Free (op.c:442)
==30738==    by 0x425785: Perl_op_free (op.c:855)
==30738==    by 0x4258BB: Perl_op_free (op.c:837)
==30738==    by 0x568070: Perl_leave_scope (scope.c:1109)
==30738==    by 0x56ADA4: S_pop_eval_context_maybe_croak (pp_ctl.c:1593)
==30738==    by 0x579A15: Perl_die_unwind (pp_ctl.c:1721)
==30738==    by 0x4D9297: Perl_vcroak (util.c:1817)
==30738==    by 0x4D93C8: Perl_die (util.c:1748)
==30738==    by 0x580DB6: S_require_file (pp_ctl.c:4050)
==30738==    by 0x580DB6: Perl_pp_require (pp_ctl.c:4126)
==30738==    by 0x4D7131: Perl_runops_debug (dump.c:2246)
==30738==  If you believe this happened as a result of a stack
==30738==  overflow in your program's main thread (unlikely but
==30738==  possible), you can try to increase the size of the
==30738==  main thread stack using the --main-stacksize= flag.
==30738==  The main thread stack size used in this run was 8388608.
Segmentation fault

---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=129770



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About