Phoenix.pm: another crasher, for everyones amusement
Scott Walters
scott at illogics.org
Tue Feb 3 15:17:27 CST 2004
Dave Michell had this to say about the bug. Like most crashers in Perl
these days, it is pretty obscure.
> Thanks for the report.
>
> P5Pers: it can be reduced to:
>
> ./perl -e 'sub f { @a=@b=@c; {use} }'
>
> What is happening is that when 'use' is seen, the parser starts a new
> sub by calling start_subparse() :
>
> use : USE startsub
> { CvSPECIAL_on(PL_compcv); /* It's a BEGIN {} */ }
> WORD WORD listexpr ';'
> { utilize($1, $2, $4, $5, $6); }
> ;
> startsub: /* NULL */ /* start a regular subroutine scope */
> { $$ = start_subparse(FALSE, 0); }
>
> This creates a new pad and updates PL_comppad, PL_curpad (with the old
> ones being put on the save stack).
> When the compile blows up due to the syntax error, the recovery works
> it's way down to the newATTRSUB() call associated with f; but because
> PL_error_count > 0, newATTRSUB() does an op_free(block). This tries
> to free all the PADTMPs associated with all the @a=@b=@c ops, but
> still using the new pad allocated for 'use'. Coredump ensues.
>
> Clearly the correct fix is for the savestack to be properly popped during
> the error recovery, by I really don't understand how YACC error recovery
> works, so I'm stuck :-(
>
> The index returned by start_subparse() somehow needs to be saved and
> used to pop the savestack.
>
> Dave.
>
>
> On 0, Michael Friedman <friedman at highwire.stanford.edu> wrote:
> >
> > Heh. "for everyone's amusement".
> > Amazingly enough, my code could be hit by this bug. :-)
> > If you look at the Perl Cookbook, it suggests that one way to only load
> > modules when needed is to put the 'use' into a eval{} and then it won't
> > be executed until runtime. That way the startup time for your script is
> > lessened and, hopefully, some of the modules might not even need to be
> > loaded at all.
> >
> > While the minimal code to create the bug seems pretty silly, I can
> > completely see where this happens in practice...
> >
> > Now I'm glad I didn't upgrade from 5.8.0 yet.
> > -- Mike
> >
> > On Feb 2, 2004, at 11:23 PM, Scott Walters wrote:
> >
> > >
> > > ----- Forwarded message from "kstar at verizon.net ion at alku.ion.yi.org
> > > (via RT)" <perlbug-followup at perl.org> -----
> > >
> > > List: contact perl5-porters-help at perl.org; run by ezmlm
> > > Archive: <http://nntp.perl.org/group/perl.perl5.porters/88197>
> > > Subject: [perl #25824] Segmentation fault with sub x { shift; @a = @b;
> > > eval { use } }
> > > Ticket: perl #25824
> > > To: "mailing list perl5-porters at perl.org perl5-porters at perl.org
> > > perl5-porters at perl.org bugs-bitbucket at netlabs.develooper.com
> > > perl5-porters at perl.org perl5-porters at perl.org" <rt-25824 at perl>
> > > From: "kstar at verizon.net ion at alku.ion.yi.org (via RT)"
> > > <perlbug-followup at perl.org>
> > >
> > >
> > > # New Ticket Created by ion at alku.ion.yi.org
> > > # Please include the string: [perl #25824]
> > > # in the subject line of all future correspondence about this issue.
> > > # <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=25824 >
> > >
> > >
> > >
> > > This is a bug report for perl from ion+perlbug at ion.yi.org,
> > > generated with the help of perlbug 1.34 running under perl v5.8.3.
> > >
> > >
> > > -----------------------------------------------------------------
> > > $ perl -e 'sub x { shift; @a = @b; eval { use } }'
> > > Segmentation fault
> > >
> > > To reproduce the segfault the following needs to be done in a sub:
> > > - @_ must be modified.
> > > - A list or a hash must be assigned to a list or a hash.
> > > - eval { use }; must be done finally. The parameters for use don't
> > > seem to matter.
> > >
> > > gdb backtrace:
> > > #0 0x0809e156 in Perl_pad_free ()
> > > #1 0x0808e179 in Perl_op_clear ()
> > > #2 0x0808e0a8 in Perl_op_free ()
> > > #3 0x0808e07b in Perl_op_free ()
> > > #4 0x080967b3 in Perl_newATTRSUB ()
> > > #5 0x0808c297 in Perl_yyparse ()
> > > #6 0x08061c64 in perl_parse ()
> > > #7 0x080616cf in perl_parse ()
> > > #8 0x0805f3da in main ()
> > > -----------------------------------------------------------------
> > > ---
> > > Flags:
> > > category=core
> > > severity=low
> > > ---
> > > Site configuration information for perl v5.8.3:
> > >
> > > Configured by ion at Mon Jan 19 12:00:54 EET 2004.
> > >
> > > Summary of my perl5 (revision 5.0 version 8 subversion 3)
> > > configuration:
> > > Platform:
> > > osname=linux, osvers=2.6.0-gentoo, archname=i586-linux
> > > uname='linux alku 2.6.0-gentoo #2 smp sun dec 21 10:35:44 eet 2003
> > > i686 celeron (mendocino) genuineintel gnulinux '
> > > config_args='-des -Darchname=i586-linux -Dcccdlflags=-fPIC
> > > -Dccdlflags=-rdynamic -Dcc=gcc -Dprefix=/usr -Dvendorprefix=/usr
> > > -Dsiteprefix=/usr -Dlocincpth= -Doptimize=-O3 -march=pentium2
> > > -mcpu=pentium2 -funroll-loops -pipe -Duselargefiles -Dd_dosuid
> > > -Dd_semctl_semun -Dscriptdir=/usr/bin -Dman3ext=3pm -Dcf_by=Gentoo
> > > -Ud_csh -Di_gdbm -Di_db -Di_ndbm'
> > > hint=recommended, useposix=true, d_sigaction=define
> > > usethreads=undef use5005threads=undef useithreads=undef
> > > usemultiplicity=undef
> > > useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
> > > use64bitint=undef use64bitall=undef uselongdouble=undef
> > > usemymalloc=n, bincompat5005=undef
> > > Compiler:
> > > cc='gcc', ccflags ='-fno-strict-aliasing -D_LARGEFILE_SOURCE
> > > -D_FILE_OFFSET_BITS=64',
> > > optimize='-O3 -march=pentium2 -mcpu=pentium2 -funroll-loops -pipe',
> > > cppflags='-DPERL5 -fno-strict-aliasing'
> > > ccversion='', gccversion='3.3.2 20031218 (Gentoo Linux 3.3.2-r5,
> > > propolice-3.3-7)', gccosandvers=''
> > > intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
> > > d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
> > > ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
> > > lseeksize=8
> > > alignbytes=4, prototype=define
> > > Linker and Libraries:
> > > ld='gcc', ldflags =' -L/usr/local/lib'
> > > libpth=/usr/local/lib /lib /usr/lib
> > > libs=-lpthread -lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
> > > perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
> > > libc=/lib/libc-2.3.3.so, so=so, useshrplib=false, libperl=libperl.a
> > > gnulibc_version='2.3.3'
> > > Dynamic Linking:
> > > dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef,
> > > ccdlflags='-rdynamic'
> > > cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
> > >
> > > Locally applied patches:
> > >
> > >
> > > ---
> > > @INC for perl v5.8.3:
> > > /etc/perl
> > > /usr/lib/perl5/site_perl/5.8.3/i586-linux
> > > /usr/lib/perl5/site_perl/5.8.3
> > > /usr/lib/perl5/site_perl/5.8.2/i586-linux
> > > /usr/lib/perl5/site_perl/5.8.2
> > > /usr/lib/perl5/site_perl
> > > /usr/lib/perl5/vendor_perl/5.8.3/i586-linux
> > > /usr/lib/perl5/vendor_perl/5.8.3
> > > /usr/lib/perl5/vendor_perl/5.8.2/i586-linux
> > > /usr/lib/perl5/vendor_perl/5.8.2
> > > /usr/lib/perl5/vendor_perl
> > > /usr/lib/perl5/5.8.3/i586-linux
> > > /usr/lib/perl5/5.8.3
> > > /usr/local/lib/site_perl
> > > /usr/lib/perl5/site_perl/5.8.2/i586-linux
> > > /usr/lib/perl5/site_perl/5.8.2
> > > .
> > >
> > > ---
> > > Environment for perl v5.8.3:
> > > HOME=/home/ion
> > > LANG=en_US.UTF-8
> > > LANGUAGE (unset)
> > > LC_CTYPE=fi_FI.UTF-8
> > > LD_LIBRARY_PATH (unset)
> > > LOGDIR (unset)
> > >
> > > PATH=/home/ion/bin:/sbin:/usr/sbin:/usr/local/sbin:/opt/sbin:/bin:/
> > > usr/bin:/usr/local/bin:/opt/bin:/usr/i586-pc-linux-gnu/gcc-bin/3.3:/
> > > usr/X11R6/bin:/opt/blackdown-jdk-1.4.1/bin:/opt/blackdown-jdk-1.4.1/
> > > jre/bin:/usr/qt/3/bin:/usr/kde/3.1/bin:/usr/games/bin
> > > PERL_BADLANG (unset)
> > > SHELL=/bin/bash
> > >
> > > ----- End forwarded message -----
> > >
> > ---------------------------------------------------------------------
> > Michael Friedman HighWire Press, Stanford Southwest
> > Phone: 480-456-0880 Tempe, Arizona
> > FAX: 270-721-8034 <friedman at highwire.stanford.edu>
> > ---------------------------------------------------------------------
> >
More information about the Phoenix-pm
mailing list