Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144)

On Sun, Dec 11, 2016 at 01:40:31PM -0800, Brian Carpenter wrote:
> od -tx1 test332
> 0000000 6d 61 70 25 5e 48 20 3d 0c 44 2e 2e 00 20 46 54
> 0000020 2c 25 5f 3d 44 2e 2e 46 54 2c 25 5f 3d 44 2e 2e
> 0000040 00 20 2b 54 2c 6d 61 70 20 5c 2d 41 74 76 2c 2d
> 0000060 4f 5e 4d 2c 6d 61 70 20 5c 2d 41 1a 53 42 55 c0
> 0000100 63 4d 4f 73 59 74 8a 2c 2d 4f 04 22 2c 90 21 00
> 0000120 00 00 6e 21 0a
> 0000125
> 
> ASAN:SIGSEGV
> =================================================================
> ==32602==ERROR: AddressSanitizer: SEGV on unknown address 0x00205fff8001
> (pc 0x0000008233b8 bp 0x0c42000037e4 sp 0x7ffc5bfd7060 T0)
>     #0 0x8233b7 in Perl_mg_magical /root/perl/mg.c:144:6
>     #1 0x9476f8 in Perl_sv_magicext /root/perl/sv.c:5767:5
>     #2 0x8fbf03 in Perl_sv_magic /root/perl/sv.c:5856:10
>     #3 0x827b18 in Perl_mg_copy /root/perl/mg.c:471:3
>     #4 0x87b54d in Perl_hv_common /root/perl/hv.c:542:7
>     #5 0x8c030a in Perl_pp_aassign /root/perl/pp_hot.c:1646:25
>     #6 0x7f81fb in Perl_runops_debug /root/perl/dump.c:2260:23
>     #7 0x5a0ab3 in S_run_body /root/perl/perl.c:2526:2
>     #8 0x5a0ab3 in perl_run /root/perl/perl.c:2449
>     #9 0x4de6dd in main /root/perl/perlmain.c:123:9
>     #10 0x7f3dbd687b44 in __libc_start_main
> /build/glibc-daoqzt/glibc-2.19/csu/libc-start.c:287
>     #11 0x4de34c in _start (/root/perl/perl+0x4de34c)

Looks like another stack-not-refcounted issue. Reduces to:


map(
    ((%^H) = ('D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N',
    'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'AA',
    'AB', 'AC', 'AD', 'AE', 'AF', 'AG', 'AH', 'AI', 'AJ', 'AK', 'AL',
    'AM', 'AN', 'AO', 'AP', 'AQ', 'AR', 'AS', 'AT', 'AU', 'AV', 'AW',
    'AX', 'AY', 'AZ', 'BA', 'BB', 'BC', 'BD', 'BE', 'BF', 'BG', 'BH',
    'BI', 'BJ', 'BK', 'BL', 'BM', 'BN', 'BO', 'BP', 'BQ', 'BR', 'BS',
    'BT', 'BU', 'BV', 'BW', 'BX', 'BY', 'BZ', 'CA', 'CB', 'CC', 'CD',
    'CE', 'CF', 'CG', 'CH', 'CI', 'CJ', 'CK', 'CL', 'CM', 'CN', 'CO',
    'CP', 'CQ', 'CR', 'CS', 'CT', 'CU', 'CV', 'CW', 'CX', 'CY', 'CZ',
    'DA', 'DB', 'DC', 'DD', 'DE', 'DF', 'DG', 'DH', 'DI', 'DJ', 'DK',
    'DL', 'DM', 'DN', 'DO', 'DP', 'DQ', 'DR', 'DS', 'DT', 'DU', 'DV',
    'DW', 'DX', 'DY', 'DZ', 'EA', 'EB', 'EC', 'ED', 'EE', 'EF', 'EG',
    'EH', 'EI', 'EJ', 'EK', 'EL', 'EM', 'EN', 'EO', 'EP', 'EQ', 'ER',
    'ES', 'ET', 'EU', 'EV', 'EW', 'EX', 'EY', 'EZ', 'FA', 'FB', 'FC',
    'FD', 'FE', 'FF', 'FG', 'FH', 'FI', 'FJ', 'FK', 'FL', 'FM', 'FN',
    'FO', 'FP', 'FQ', 'FR', 'FS', 'FT')),
    
    (%_) = ('D', 'E', 'F', 'G'),
    (%_) = (),

);



-- 
But Pity stayed his hand. "It's a pity I've run out of bullets",
he thought. -- "Bored of the Rings"

• [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Brian Carpenter
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Leon Timmermans
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Sawyer X
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Sawyer X
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by demerphq
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Zefram
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by demerphq
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Leon Timmermans
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by demerphq
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Dave Mitchell
• Re: [perl #130318] segfault in Perl_mg_magical (mg.c:144) by Leon Timmermans