On Fri, Jun 14, 2019 at 06:21:16PM +0100, Dominic Hargreaves wrote: > On Sat, Jun 08, 2019 at 02:43:16PM -0700, James E Keenan via RT wrote: > > Unfortunately I have to call your attention to 2 smoke-test failures in ext/POSIX/t/mb.t which were recorded *after* I applied your patch. > > In each case the failures in mb.t occurred when blead was configured as follows: > > > > [stdio] -Dcc=clang -Accflags="-Werror=declaration-after-statement -g -fno-omit-frame-pointer -fsanitize=address -fno-common -fsanitize-blacklist=`pwd`/asan_ignore" -Aldflags="-fsanitize=address" > > > > With and without -DDEBUGGING. > > Very curious, this looks like the original bug that the test was > written for. Niko, do you understand what's happening here? It's a different thing that just happened to get triggered here; this is with non-threaded builds for starters. I can reproduce it on 5.30.0. It seems to be related to version strings and LC_NUMERIC. I reduced it to this: $ LC_NUMERIC=C.UTF-8 ./perl -l -Ilib -e 'require 5.006;' ================================================================= ==21403==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000190 at pc 0x0000004813aa bp 0x7fff4f62ea90 sp 0x7fff4f62e230 READ of size 2 at 0x602000000190 thread T0 #0 0x4813a9 in __interceptor_setlocale (/tmp/perl-5.30.0/perl+0x4813a9) #1 0x6d7feb in Perl_upg_version /tmp/perl-5.30.0/./vutil.c:717:17 #2 0x6d73bf in Perl_new_version /tmp/perl-5.30.0/./vutil.c:551:12 #3 0x8019a4 in S_require_version /tmp/perl-5.30.0/pp_ctl.c:3719:10 #4 0x8019a4 in Perl_pp_require /tmp/perl-5.30.0/pp_ctl.c:4345 #5 0x725bf9 in Perl_runops_standard /tmp/perl-5.30.0/run.c:41:26 #6 0x588f71 in S_run_body /tmp/perl-5.30.0/perl.c #7 0x588381 in perl_run /tmp/perl-5.30.0/perl.c:2639:2 #8 0x516e1c in main /tmp/perl-5.30.0/perlmain.c:127:9 #9 0x7f073082a09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a) #10 0x43fc49 in _start (/tmp/perl-5.30.0/perl+0x43fc49) 0x602000000190 is located 0 bytes inside of 8-byte region [0x602000000190,0x602000000198) freed by thread T0 here: #0 0x4e7712 in __interceptor_free (/tmp/perl-5.30.0/perl+0x4e7712) #1 0x7f0730833963 in setlocale (/lib/x86_64-linux-gnu/libc.so.6+0x2d963) previously allocated by thread T0 here: #0 0x4e7a93 in malloc (/tmp/perl-5.30.0/perl+0x4e7a93) #1 0x7f073088ddb9 in __strdup (/lib/x86_64-linux-gnu/libc.so.6+0x87db9) SUMMARY: AddressSanitizer: heap-use-after-free (/tmp/perl-5.30.0/perl+0x4813a9) in __interceptor_setlocale Shadow bytes around the buggy address: 0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c047fff8000: fa fa 01 fa fa fa 00 02 fa fa 00 02 fa fa 00 02 0x0c047fff8010: fa fa 00 02 fa fa 00 02 fa fa 00 02 fa fa 06 fa 0x0c047fff8020: fa fa 00 02 fa fa fd fa fa fa fd fa fa fa 00 fa =>0x0c047fff8030: fa fa[fd]fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c047fff8040: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c047fff8050: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa 0x0c047fff8060: fa fa fd fa fa fa 02 fa fa fa 00 fa fa fa 02 fa 0x0c047fff8070: fa fa fd fa fa fa fd fa fa fa 00 00 fa fa 00 06 0x0c047fff8080: fa fa 00 03 fa fa 00 03 fa fa 00 fa fa fa 00 04 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==21403==ABORTING -- Niko Tyni ntyni@debian.orgThread Previous | Thread Next