Phoenix.pm: another crasher, for everyones amusement

Scott Walters scott at illogics.org
Tue Feb 3 15:17:27 CST 2004


Dave Michell had this to say about the bug. Like most crashers in Perl
these days, it is pretty obscure.

> Thanks for the report.
> 
> P5Pers: it can be reduced to:
> 
>     ./perl  -e 'sub f { @a=@b=@c;  {use} }'
> 
> What is happening is that when 'use' is seen, the parser starts a new
> sub by calling start_subparse() :
> 
>     use :       USE startsub
>                             { CvSPECIAL_on(PL_compcv); /* It's a BEGIN {} */ }
>                         WORD WORD listexpr ';'
>                             { utilize($1, $2, $4, $5, $6); }
>             ;
>     startsub:   /* NULL */      /* start a regular subroutine scope */
>                         { $$ = start_subparse(FALSE, 0); }
> 
> This creates a new pad and updates PL_comppad, PL_curpad (with the old
> ones being put on the save stack).
> When the compile blows up due to the syntax error, the recovery works
> it's way down to the newATTRSUB() call associated with f; but because
> PL_error_count > 0, newATTRSUB() does an op_free(block). This tries
> to free all the PADTMPs associated with all the @a=@b=@c ops, but
> still using the new pad allocated for 'use'. Coredump ensues.
> 
> Clearly the correct fix is for the savestack to be properly popped during
> the error recovery, by I really don't understand how YACC error recovery
> works, so I'm stuck :-( 
> 
> The index returned by start_subparse() somehow needs to be saved and
> used to pop the savestack.
>  
> Dave.
> 
> 
> On  0, Michael Friedman <friedman at highwire.stanford.edu> wrote:
> > 
> > Heh. "for everyone's amusement".
> > Amazingly enough, my code could be hit by this bug. :-)
> > If you look at the Perl Cookbook, it suggests that one way to only load  
> > modules when needed is to put the 'use' into a eval{} and then it won't  
> > be executed until runtime. That way the startup time for your script is  
> > lessened and, hopefully, some of the modules might not even need to be  
> > loaded at all.
> > 
> > While the minimal code to create the bug seems pretty silly, I can  
> > completely see where this happens in practice...
> > 
> > Now I'm glad I didn't upgrade from 5.8.0 yet.
> > -- Mike
> > 
> > On Feb 2, 2004, at 11:23 PM, Scott Walters wrote:
> > 
> > >
> > > ----- Forwarded message from "kstar at verizon.net ion at alku.ion.yi.org  
> > > (via RT)" <perlbug-followup at perl.org> -----
> > >
> > > List: contact perl5-porters-help at perl.org; run by ezmlm
> > > Archive: <http://nntp.perl.org/group/perl.perl5.porters/88197>
> > > Subject: [perl #25824] Segmentation fault with sub x { shift; @a = @b;  
> > > eval { use } }
> > > Ticket: perl #25824
> > > To: "mailing list perl5-porters at perl.org perl5-porters at perl.org  
> > > perl5-porters at perl.org bugs-bitbucket at netlabs.develooper.com  
> > > perl5-porters at perl.org perl5-porters at perl.org" <rt-25824 at perl>
> > > From: "kstar at verizon.net ion at alku.ion.yi.org (via RT)"  
> > > <perlbug-followup at perl.org>
> > >
> > >
> > > # New Ticket Created by  ion at alku.ion.yi.org
> > > # Please include the string:  [perl #25824]
> > > # in the subject line of all future correspondence about this issue.
> > > # <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=25824 >
> > >
> > >
> > >
> > > This is a bug report for perl from ion+perlbug at ion.yi.org,
> > > generated with the help of perlbug 1.34 running under perl v5.8.3.
> > >
> > >
> > > -----------------------------------------------------------------
> > > $ perl -e 'sub x { shift; @a = @b; eval { use } }'
> > > Segmentation fault
> > >
> > > To reproduce the segfault the following needs to be done in a sub:
> > > - @_ must be modified.
> > > - A list or a hash must be assigned to a list or a hash.
> > > - eval { use }; must be done finally. The parameters for use don't
> > >   seem to matter.
> > >
> > > gdb backtrace:
> > > #0  0x0809e156 in Perl_pad_free ()
> > > #1  0x0808e179 in Perl_op_clear ()
> > > #2  0x0808e0a8 in Perl_op_free ()
> > > #3  0x0808e07b in Perl_op_free ()
> > > #4  0x080967b3 in Perl_newATTRSUB ()
> > > #5  0x0808c297 in Perl_yyparse ()
> > > #6  0x08061c64 in perl_parse ()
> > > #7  0x080616cf in perl_parse ()
> > > #8  0x0805f3da in main ()
> > > -----------------------------------------------------------------
> > > ---
> > > Flags:
> > >     category=core
> > >     severity=low
> > > ---
> > > Site configuration information for perl v5.8.3:
> > >
> > > Configured by ion at Mon Jan 19 12:00:54 EET 2004.
> > >
> > > Summary of my perl5 (revision 5.0 version 8 subversion 3)  
> > > configuration:
> > >   Platform:
> > >     osname=linux, osvers=2.6.0-gentoo, archname=i586-linux
> > >     uname='linux alku 2.6.0-gentoo #2 smp sun dec 21 10:35:44 eet 2003  
> > > i686 celeron (mendocino) genuineintel gnulinux '
> > >     config_args='-des -Darchname=i586-linux -Dcccdlflags=-fPIC  
> > > -Dccdlflags=-rdynamic -Dcc=gcc -Dprefix=/usr -Dvendorprefix=/usr  
> > > -Dsiteprefix=/usr -Dlocincpth=  -Doptimize=-O3 -march=pentium2  
> > > -mcpu=pentium2 -funroll-loops -pipe -Duselargefiles -Dd_dosuid  
> > > -Dd_semctl_semun -Dscriptdir=/usr/bin -Dman3ext=3pm -Dcf_by=Gentoo  
> > > -Ud_csh -Di_gdbm -Di_db -Di_ndbm'
> > >     hint=recommended, useposix=true, d_sigaction=define
> > >     usethreads=undef use5005threads=undef useithreads=undef  
> > > usemultiplicity=undef
> > >     useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
> > >     use64bitint=undef use64bitall=undef uselongdouble=undef
> > >     usemymalloc=n, bincompat5005=undef
> > >   Compiler:
> > >     cc='gcc', ccflags ='-fno-strict-aliasing -D_LARGEFILE_SOURCE  
> > > -D_FILE_OFFSET_BITS=64',
> > >     optimize='-O3 -march=pentium2 -mcpu=pentium2 -funroll-loops -pipe',
> > >     cppflags='-DPERL5 -fno-strict-aliasing'
> > >     ccversion='', gccversion='3.3.2 20031218 (Gentoo Linux 3.3.2-r5,  
> > > propolice-3.3-7)', gccosandvers=''
> > >     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
> > >     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
> > >     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',  
> > > lseeksize=8
> > >     alignbytes=4, prototype=define
> > >   Linker and Libraries:
> > >     ld='gcc', ldflags =' -L/usr/local/lib'
> > >     libpth=/usr/local/lib /lib /usr/lib
> > >     libs=-lpthread -lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
> > >     perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
> > >     libc=/lib/libc-2.3.3.so, so=so, useshrplib=false, libperl=libperl.a
> > >     gnulibc_version='2.3.3'
> > >   Dynamic Linking:
> > >     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef,  
> > > ccdlflags='-rdynamic'
> > >     cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
> > >
> > > Locally applied patches:
> > >
> > >
> > > ---
> > > @INC for perl v5.8.3:
> > >     /etc/perl
> > >     /usr/lib/perl5/site_perl/5.8.3/i586-linux
> > >     /usr/lib/perl5/site_perl/5.8.3
> > >     /usr/lib/perl5/site_perl/5.8.2/i586-linux
> > >     /usr/lib/perl5/site_perl/5.8.2
> > >     /usr/lib/perl5/site_perl
> > >     /usr/lib/perl5/vendor_perl/5.8.3/i586-linux
> > >     /usr/lib/perl5/vendor_perl/5.8.3
> > >     /usr/lib/perl5/vendor_perl/5.8.2/i586-linux
> > >     /usr/lib/perl5/vendor_perl/5.8.2
> > >     /usr/lib/perl5/vendor_perl
> > >     /usr/lib/perl5/5.8.3/i586-linux
> > >     /usr/lib/perl5/5.8.3
> > >     /usr/local/lib/site_perl
> > >     /usr/lib/perl5/site_perl/5.8.2/i586-linux
> > >     /usr/lib/perl5/site_perl/5.8.2
> > >     .
> > >
> > > ---
> > > Environment for perl v5.8.3:
> > >     HOME=/home/ion
> > >     LANG=en_US.UTF-8
> > >     LANGUAGE (unset)
> > >     LC_CTYPE=fi_FI.UTF-8
> > >     LD_LIBRARY_PATH (unset)
> > >     LOGDIR (unset)
> > >      
> > > PATH=/home/ion/bin:/sbin:/usr/sbin:/usr/local/sbin:/opt/sbin:/bin:/ 
> > > usr/bin:/usr/local/bin:/opt/bin:/usr/i586-pc-linux-gnu/gcc-bin/3.3:/ 
> > > usr/X11R6/bin:/opt/blackdown-jdk-1.4.1/bin:/opt/blackdown-jdk-1.4.1/ 
> > > jre/bin:/usr/qt/3/bin:/usr/kde/3.1/bin:/usr/games/bin
> > >     PERL_BADLANG (unset)
> > >     SHELL=/bin/bash
> > >
> > > ----- End forwarded message -----
> > >
> > ---------------------------------------------------------------------
> > Michael Friedman                  HighWire Press, Stanford Southwest
> > Phone: 480-456-0880                                   Tempe, Arizona
> > FAX:   270-721-8034                  <friedman at highwire.stanford.edu>
> > ---------------------------------------------------------------------
> > 



More information about the Phoenix-pm mailing list