From wolf-dietrich_moeller@t-online.de

Created by wolf-dietrich_moeller@t-online.de

On execution of a perl script with "perl -w script.pl" perl crashes
without any compile or runtime message or warning.
An operating system "perl.exe - Application Error" window appears
in my Win XP SP3 installation. The error window reads​:
'The instruction at "0x...." referenced memory at "0x....".
  The memory could not be "read"'.

The crash happens when returning from a subroutine with "return without
EXPR"
from the replacement part of a substitution s///e.
According to perlfunc return without EXPR should return "()" in list context
and "undef" in scalar context.

The test program below shows in "a..c" the cases where perl
works correctly (non-empty return from substitution or
return with explicit EXPR = "()" or "undef").
In "d" on return in list context still everything is fine
(an empty list is returned, see "d" in test case).
But on return in scalar context the crash happens.

#### begin test code

sub tst ($) {
shift =~ s/(.)/return $1 if $1 eq 'a'; return () if $1 eq 'b'; return undef
if $1 eq 'c'; return if $1 eq 'd'; 'F'/er
}
my ($y,$z,$i);
for (qw'a b c d') {
print STDERR "\$_='$_'\n";
$i = ($y) = tst($_);
print STDERR "list context​: y='",$y//'undef',"', length return-list=$i";
$z = tst($_);
print STDERR ", scalar context​: z='",$z//'undef',"'\n\n";
}

#### end test code

The console output of "perl -w script.pl" is​:

#### begin output
$_='a'
list context​: y='a', length return-list=1, scalar context​: z='a'

$_='b'
list context​: y='undef', length return-list=0, scalar context​: z='undef'

$_='c'
list context​: y='undef', length return-list=1, scalar context​: z='undef'

$_='d'
list context​: y='undef', length return-list=0
#### end output

Here the crash happens before the print for $z (scalar context) is executed.

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.24.0:

Configured by strawberry-perl at Tue May 10 17:12:25 2016.

Summary of my perl5 (revision 5 version 24 subversion 0) configuration:
   
  Platform:
    osname=MSWin32, osvers=6.3, archname=MSWin32-x86-multi-thread-64int
    uname='Win32 strawberry-perl 5.24.0.1 #1 Tue May 10 17:10:11 2016 i386'
    config_args='undef'
    hint=recommended, useposix=true, d_sigaction=undef
    useithreads=define, usemultiplicity=define
    use64bitint=define, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags =' -s -O2 -DWIN32  -DPERL_TEXTMODE_SCRIPTS
-DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -fwrapv -fno-strict-aliasing
-mms-bitfields',
    optimize='-s -O2',
    cppflags='-DWIN32'
    ccversion='', gccversion='4.9.2', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678,
doublekind=3
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12,
longdblkind=3
    ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='long
long', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='g++', ldflags ='-s -L"C:\Perl\perl\lib\CORE" -L"C:\Perl\c\lib"'
    libpth=C:\Perl\c\lib C:\Perl\c\i686-w64-mingw32\lib
C:\Perl\c\lib\gcc\i686-w64-mingw32\4.9.2
    libs=-lmoldname -lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32
-ladvapi32 -lshell32 -lole32 -loleaut32 -lnetapi32 -luuid -lws2_32 -lmpr
-lwinmm -lversion -lodbc32 -lodbccp32 -lcomctl32
    perllibs=-lmoldname -lkernel32 -luser32 -lgdi32 -lwinspool -lcomdlg32
-ladvapi32 -lshell32 -lole32 -loleaut32 -lnetapi32 -luuid -lws2_32 -lmpr
-lwinmm -lversion -lodbc32 -lodbccp32 -lcomctl32
    libc=, so=dll, useshrplib=true, libperl=libperl524.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_win32.xs, dlext=xs.dll, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags='-mdll -s -L"C:\Perl\perl\lib\CORE"
-L"C:\Perl\c\lib"'



@INC for perl 5.24.0:
    C:/Perl/perl/site/lib
    C:/Perl/perl/vendor/lib
    C:/Perl/perl/lib
    .


Environment for perl 5.24.0:
    HOME (unset)
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=C:\Documents and Settings\All Users\Application
Data\Oracle\Java\javapath;C:\Program Files\Perl\site\bin;C:\Program
Files\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Pr
ogram Files\Windows
Imaging\;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Bin;C:\Program
Files\QuickTime
Alternative\QTSystem;C:\Perl\c\bin;C:\Perl\perl\site\bin;C:\Perl\perl\bin
    PERL_BADLANG (unset)
    SHELL (unset)

From perl@profvince.com

I can confirm that this code segfaults with perl 5.24.0, but not with
perl 5.22.0. lldb points to Perl_leave_adjust_stacks().

Vincent

The RT System itself - Status changed from 'new' to 'open'

From @dur-randir

Bisect points to

fc6e609 is the first bad commit
commit fc6e609
Author​: David Mitchell <davem@​iabyn.com>
Date​: Thu Dec 24 19​:44​:05 2015 +0000

  dounwind()​: do a POPBLOCK for final cx frame.

  Previously dounwind() relied on the caller to a TOPBLOCK or POPBLOCK
  following the call to dounwind(). It's debatable who should be
  responsible. Arguably its more efficient for dounwind() not to do a
  POPBLOCK, since the caller will probably immediately follow on with
  POPFOO; POPBLOCK for the next context frame anyway.

  Logically however, dounwind() should do this, and its not possible
  for the caller to do so retrospectively, as context frame cxstack_ix + 1
  may have been overwritten by the time dounwind returns.

  Also, the changes in this branch mean that the old PL_tmps_floor is now
  saved in the context struct rather than on the save stack, so code that
  does C<dounwind(-1); LEAVE_SCOPE();> will no longer automatically
  restore PL_tmps_floor. With thiis commit, it will.

  The change to pp_return reflects that we now need to copy any return args
  *before* donwind() is called, so that "return $1" will mg_get($1) while
  the correct (inner) PL_curpm is still in scope.

From @iabyn

On Sun, Nov 27, 2016 at 07​:09​:58AM -0800, Sergey Aleynikov via RT wrote​:

Bisect points to

fc6e609 is the first bad commit
commit fc6e609
Author​: David Mitchell <davem@​iabyn.com>
Date​: Thu Dec 24 19​:44​:05 2015 +0000

dounwind\(\)​: do a POPBLOCK for final cx frame\.

Thanks for the bisect.

Now fixed with v5.25.7-26-g7332835.

--
The Enterprise is captured by a vastly superior alien intelligence which
does not put them on trial.
  -- Things That Never Happen in "Star Trek" #10

From @jkeenan

On Mon, 28 Nov 2016 08​:14​:50 GMT, davem wrote​:

On Sun, Nov 27, 2016 at 07​:09​:58AM -0800, Sergey Aleynikov via RT wrote​:

Bisect points to

fc6e609 is the first bad commit
commit fc6e609
Author​: David Mitchell <davem@​iabyn.com>
Date​: Thu Dec 24 19​:44​:05 2015 +0000

dounwind\(\)​: do a POPBLOCK for final cx frame\.

Thanks for the bisect.

Now fixed with v5.25.7-26-g7332835.

Is this ticket closable?

--
James E Keenan (jkeenan@​cpan.org)

From @jkeenan

On Fri, 02 Dec 2016 22​:03​:24 GMT, jkeenan wrote​:

On Mon, 28 Nov 2016 08​:14​:50 GMT, davem wrote​:

On Sun, Nov 27, 2016 at 07​:09​:58AM -0800, Sergey Aleynikov via RT wrote​:

Bisect points to

fc6e609 is the first bad commit
commit fc6e609
Author​: David Mitchell <davem@​iabyn.com>
Date​: Thu Dec 24 19​:44​:05 2015 +0000

dounwind\(\)​: do a POPBLOCK for final cx frame\.

Thanks for the bisect.

Now fixed with v5.25.7-26-g7332835.

Is this ticket closable?

No complaints received in past month. Marking ticket resolved.

Thank you very much.
--
James E Keenan (jkeenan@​cpan.org)

@jkeenan - Status changed from 'open' to 'resolved'