develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #129868] Assertion Failure: void S_mro_gather_and_rename(mro_core.c:1059)

From:
Brian Carpenter
Date:
October 13, 2016 06:28
Subject:
[perl #129868] Assertion Failure: void S_mro_gather_and_rename(mro_core.c:1059)
Message ID:
rt-4.0.24-26808-1476340093-196.129868-75-0@perl.org
# New Ticket Created by  Brian Carpenter 
# Please include the string:  [perl #129868]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=129868 >


Triggered in Perl v5.25.6 (v5.25.5-76-g91dca83) with AFL+ASAN.

perl: mro_core.c:1059: void S_mro_gather_and_rename(HV *const, HV *const,
HV *, HV *, SV *): Assertion `!oldstash || ((((oldstash)->sv_flags &
0x02000000) && ((struct xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_u.xhvnameu_name && ((struct
xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_count != -1) ? (( ((struct
xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_count > 0 ? ((struct
xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_u.xhvnameu_names[0] : ((struct
xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_count < -1 ? ((struct
xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_u.xhvnameu_names[1] : ((struct
xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_count == -1 ? ((void*)0) :
((struct xpvhv_aux*)&(((oldstash)->sv_u.svu_hash)[((XPVHV*)
(oldstash)->sv_any)->xhv_max+1]))->xhv_name_u.xhvnameu_name ))->hek_key :
((void*)0))' failed.
Aborted

With Valgrind and a non-ASAN Perl v5.25.6 (v5.25.5-76-g91dca83) we get a
segfault:

==10851== Invalid read of size 8
==10851==    at 0x4EE82C: S_mro_gather_and_rename (mro_core.c:930)
==10851==    by 0x4EF08C: S_mro_gather_and_rename (mro_core.c:1186)
==10851==    by 0x4F0B7D: Perl_mro_package_moved (mro_core.c:851)
==10851==    by 0x52EDB1: S_glob_assign_glob (sv.c:3981)
==10851==    by 0x521F77: Perl_sv_setsv_flags (sv.c:4462)
==10851==    by 0x5001B5: Perl_pp_sassign (pp_hot.c:226)
==10851==    by 0x4D7131: Perl_runops_debug (dump.c:2246)
==10851==    by 0x453146: S_run_body (perl.c:2526)
==10851==    by 0x453146: perl_run (perl.c:2449)
==10851==    by 0x421944: main (perlmain.c:123)
==10851==  Address 0x5f82b10 is 32 bytes before a block of size 16 in arena
"client"
==10851==
==10851== Invalid read of size 8
==10851==    at 0x4EE844: S_mro_gather_and_rename (mro_core.c:932)
==10851==    by 0x4EF08C: S_mro_gather_and_rename (mro_core.c:1186)
==10851==    by 0x4F0B7D: Perl_mro_package_moved (mro_core.c:851)
==10851==    by 0x52EDB1: S_glob_assign_glob (sv.c:3981)
==10851==    by 0x521F77: Perl_sv_setsv_flags (sv.c:4462)
==10851==    by 0x5001B5: Perl_pp_sassign (pp_hot.c:226)
==10851==    by 0x4D7131: Perl_runops_debug (dump.c:2246)
==10851==    by 0x453146: S_run_body (perl.c:2526)
==10851==    by 0x453146: perl_run (perl.c:2449)
==10851==    by 0x421944: main (perlmain.c:123)
==10851==  Address 0x78 is not stack'd, malloc'd or (recently) free'd
==10851==
==10851==
==10851== Process terminating with default action of signal 11 (SIGSEGV)
==10851==  Access not within mapped region at address 0x78
==10851==    at 0x4EE844: S_mro_gather_and_rename (mro_core.c:932)
==10851==    by 0x4EF08C: S_mro_gather_and_rename (mro_core.c:1186)
==10851==    by 0x4F0B7D: Perl_mro_package_moved (mro_core.c:851)
==10851==    by 0x52EDB1: S_glob_assign_glob (sv.c:3981)
==10851==    by 0x521F77: Perl_sv_setsv_flags (sv.c:4462)
==10851==    by 0x5001B5: Perl_pp_sassign (pp_hot.c:226)
==10851==    by 0x4D7131: Perl_runops_debug (dump.c:2246)
==10851==    by 0x453146: S_run_body (perl.c:2526)
==10851==    by 0x453146: perl_run (perl.c:2449)
==10851==    by 0x421944: main (perlmain.c:123)
==10851==  If you believe this happened as a result of a stack
==10851==  overflow in your program's main thread (unlikely but
==10851==  possible), you can try to increase the size of the
==10851==  main thread stack using the --main-stacksize= flag.
==10851==  The main thread stack size used in this run was 8388608.
Segmentation fault



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About