From @ntyni

This snippet crashes Perl 5.10.0 and blead (as of change 33541 which
is the last one in the utsl.gen.nz git repository) with a segmentation fault​:

#!/usr/bin/perl -w
use Compress​::Zlib;
use Devel​::Symdump;
print Devel​::Symdump->isa_tree;
__END__

(The snippet is reduced from the mod_perl2 2.0.4rc1 test suite,
where Apache crashes on shutdown after the tests.)

This can be reduced to

#!/usr/bin/perl
use constant "foo" => "a";
index("a", foo);
local(*g) = ${​::}{foo};
__END__

and expanded to this core-only test​:

#!/usr/bin/perl
BEGIN {
  $|=1;
  print "1..2\n";
  my $name = "foo";
  my $scalar = "a";
  if ($] > 5.009002) {
  my $symtab = \%{'​::'};
  $symtab->{$name} = \$scalar;
  } else {
  *{"​::$name"} = sub () { $scalar };
  }
}
print "ok 1\n" if index("a", foo) >= 0;
local(*g) = ${​::}{foo};
END {print "ok 2\n";}
__END__

Bisecting shows the segfault started with

[ 29544] By​: nicholas on 2006/12/13 08​:35​:43
  Log​: Eliminate PVBM. Store fast Boyer-Moore tables in PVGV.
  Add the placeholder for new type, temporarily named BIND, for binding
  and aliasing in 6 on 5.
  Branch​: perl
  ! dump.c ext/B/B.xs ext/Storable/Storable.xs op.h
  ! pod/perltodo.pod pp_hot.c sv.c sv.h util.c

On blead, change 32708 turns this into an assertion failure with -DDEBUGGING​:

miniperl​: sv.c​:3231​: S_glob_assign_glob​: Assertion `((((shplep)->sv_flags & (0x00004000|0x00008000)) == 0x00008000) && (((svtype)((shplep)->sv_flags & 0xff)) == SVt_PVGV || ((svtype)((shplep)->sv_flags & 0xff)) == SVt_PVLV))' failed.
../testscript​: line 3​: 3158 Aborted (core dumped) ./miniperl ${HOME}/t.pl

Backtrace of 'miniperl' as of change 33541 without -DDEBUGGING​:

Core was generated by `./miniperl /home/niko/t.pl'.
Program terminated with signal 11, Segmentation fault.
[New process 23428]
#0 0x0000000000488f67 in S_unshare_hek_or_pvn (my_perl=0x7c7010, hek=0x31, str=0x0, len=0, hash=0)
  at hv.c​:2294
2294 if (he->shared_he_he.he_valu.hent_refcount - 1) {
(gdb) bt
#0 0x0000000000488f67 in S_unshare_hek_or_pvn (my_perl=0x7c7010, hek=0x31, str=0x0, len=0, hash=0)
  at hv.c​:2294
#1 0x0000000000488f18 in Perl_unshare_hek (my_perl=0x7c7010, hek=0x31) at hv.c​:2263
#2 0x000000000040a776 in Perl_gp_free (my_perl=0x7c7010, gv=0x7e8820) at gv.c​:1583
#3 0x00000000004ed305 in Perl_leave_scope (my_perl=0x7c7010, base=0) at scope.c​:821
#4 0x00000000004ea2cd in Perl_pop_scope (my_perl=0x7c7010) at scope.c​:102
#5 0x00000000004a48a6 in Perl_pp_leave (my_perl=0x7c7010) at pp_hot.c​:1882
#6 0x000000000049b9d3 in Perl_runops_standard (my_perl=0x7c7010) at run.c​:38
#7 0x0000000000494971 in S_run_body (my_perl=0x7c7010, oldscope=1) at perl.c​:2400
#8 0x000000000049437e in perl_run (my_perl=0x7c7010) at perl.c​:2320
#9 0x000000000057375e in main (argc=2, argv=0x7fff820a3c88, env=0x7fff820a3ca0) at miniperlmain.c​:113

Backtrace with -DDEBUGGING and the assertion failure above​:

Core was generated by `./miniperl /home/niko/t.pl'.
Program terminated with signal 6, Aborted.
[New process 14219]
#0 0x00002b50c8c431d5 in raise () from /lib/libc.so.6
(gdb) bt
#0 0x00002b50c8c431d5 in raise () from /lib/libc.so.6
#1 0x00002b50c8c44680 in abort () from /lib/libc.so.6
#2 0x00002b50c8c3c75f in __assert_fail () from /lib/libc.so.6
#3 0x000000000053affd in S_glob_assign_glob (my_perl=0x984010, dstr=0x9a70d8, sstr=0x9a70a8, dtype=9)
  at sv.c​:3366
#4 0x0000000000540f07 in Perl_sv_setsv_flags (my_perl=0x984010, dstr=0x9a70d8, sstr=0x9a70a8,
  flags=1538) at sv.c​:3717
#5 0x000000000050cc8a in Perl_pp_aassign (my_perl=0x984010) at pp_hot.c​:1074
#6 0x00000000004ad3dc in Perl_runops_debug (my_perl=0x984010) at dump.c​:1984
#7 0x00000000004f6ae3 in S_run_body (my_perl=0x984010, oldscope=1) at perl.c​:2400
#8 0x00000000004f5e15 in perl_run (my_perl=0x984010) at perl.c​:2320
#9 0x00000000006b087e in main (argc=2, argv=0x7fffe2987578, env=0x7fffe2987590) at miniperlmain.c​:113

Flags​:
  category=core
  severity=medium

Site configuration information for perl 5.10.0​:

Configured by Debian Project at Sun Mar 30 20​:28​:28 UTC 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration​:
  Platform​:
  osname=linux, osvers=2.6.18-6-xen-amd64, archname=x86_64-linux-gnu-thread-multi
  uname='linux sid 2.6.18-6-xen-amd64 #1 smp sun feb 10 18​:02​:52 utc 2008 x86_64 gnulinux '
  config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
  ccversion='', gccversion='4.2.3 (Debian 4.2.3-3)', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
  libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
  perllibs=-ldl -lm -lpthread -lc -lcrypt
  libc=/lib/libc-2.7.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0
  gnulibc_version='2.7'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'

Locally applied patches​:
 

@​INC for perl 5.10.0​:
  /etc/perl
  /usr/local/lib/perl/5.10.0
  /usr/local/share/perl/5.10.0
  /usr/lib/perl5
  /usr/share/perl5
  /usr/lib/perl/5.10
  /usr/share/perl/5.10
  /usr/local/lib/site_perl
  .

Environment for perl 5.10.0​:
  HOME=/root
  LANG (unset)
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/usr/local/sbin​:/usr/local/bin​:/usr/sbin​:/usr/bin​:/sbin​:/bin
  PERL_BADLANG (unset)
  SHELL=/bin/bash

From @rgs

2008/4/11 via RT Niko Tyni <perlbug-followup@​perl.org>​:

This snippet crashes Perl 5.10.0 and blead (as of change 33541 which
is the last one in the utsl.gen.nz git repository) with a segmentation fault​:

#!/usr/bin/perl -w
use Compress​::Zlib;
use Devel​::Symdump;
print Devel​::Symdump->isa_tree;
__END__

(The snippet is reduced from the mod_perl2 2.0.4rc1 test suite,
where Apache crashes on shutdown after the tests.)

This can be reduced to

#!/usr/bin/perl
use constant "foo" => "a";
index("a", foo);
local(*g) = ${​::}{foo};
__END__

Thanks for the impressive and detailed bug report, that was useful.

Here's a patch that solves the problem. I've not had time yet to run all tests
with it, but core tests are fine.

--- sv.c
+++ sv.c
@​@​ -3718,8 +3718,10 @​@​ Perl_sv_setsv_flags(pTHX_ SV *dstr, regi
  GvMULTI_on(dstr);
  return;
  }
- glob_assign_glob(dstr, sstr, dtype);
- return;
+ if (isGV_with_GP(sstr)) {
+ glob_assign_glob(dstr, sstr, dtype);
+ return;
+ }
  }

  if (dtype >= SVt_PV) {

The RT System itself - Status changed from 'new' to 'open'

From @rgs

I've now applied the patch to bleadperl as change #33807.

@rgs - Status changed from 'open' to 'resolved'

From @rurban

2008/5/10 Rafael Garcia-Suarez via RT <perlbug-followup@​perl.org>​:

I've now applied the patch to bleadperl as change #33807.

We also need that for maint (5.10.x)
--
Reini

From p5p@spam.wizbit.be

On Fri May 09 08​:50​:13 2008, rafael wrote​:

2008/4/11 via RT Niko Tyni <perlbug-followup@​perl.org>​:

This snippet crashes Perl 5.10.0 and blead (as of change 33541 which
is the last one in the utsl.gen.nz git repository) with a
segmentation fault​:

#!/usr/bin/perl -w
use Compress​::Zlib;
use Devel​::Symdump;
print Devel​::Symdump->isa_tree;
__END__

(The snippet is reduced from the mod_perl2 2.0.4rc1 test suite,
where Apache crashes on shutdown after the tests.)

This can be reduced to

#!/usr/bin/perl
use constant "foo" => "a";
index("a", foo);
local(*g) = ${​::}{foo};
__END__

Thanks for the impressive and detailed bug report, that was useful.

Here's a patch that solves the problem. I've not had time yet to run
all tests
with it, but core tests are fine.

--- sv.c
+++ sv.c
@​@​ -3718,8 +3718,10 @​@​ Perl_sv_setsv_flags(pTHX_ SV *dstr, regi
GvMULTI_on(dstr);
return;
}
- glob_assign_glob(dstr, sstr, dtype);
- return;
+ if (isGV_with_GP(sstr)) {
+ glob_assign_glob(dstr, sstr, dtype);
+ return;
+ }
}

    if \(dtype >= SVt\_PV\) \{

The patch was applied with Change 33807 but no tests were included.

A patch with the test is attached (added it in t/op/local.t).

Kind regards,

Bram

From p5p@spam.wizbit.be

--- old/t/op/local.t	2008-08-10 19:47:08.000000000 +0200
+++ new/t/op/local.t	2008-08-10 19:55:51.000000000 +0200
@@ -5,7 +5,7 @@
     @INC = qw(. ../lib);
     require './test.pl';
 }
-plan tests => 122;
+plan tests => 123;
 
 my $list_assignment_supported = 1;
 
@@ -451,6 +451,11 @@
     is($h{'k1'},111);
 }
 
+like( runperl(stderr => 1,
+              prog => 'use constant foo => q(a);' .
+                      'index(q(a), foo);' .
+                      'local *g=${::}{foo};print "ok";'), "ok", "[perl #52740]");
+
 # Keep this test last, as it can SEGV
 {
     local *@;

From @Tux

On Sun, 10 Aug 2008 10​:59​:16 -0700, "Bram via RT"
<perlbug-followup@​perl.org> wrote​:

The patch was applied with Change 33807 but no tests were included.

A patch with the test is attached (added it in t/op/local.t).

Thanks, applied as change #34198

Kind regards,

Bram

--
H.Merijn Brand Amsterdam Perl Mongers http​://amsterdam.pm.org/
using & porting perl 5.6.2, 5.8.x, 5.10.x, 5.11.x on HP-UX 10.20, 11.00,
11.11, 11.23, and 11.31, SuSE 10.1, 10.2, and 10.3, AIX 5.2, and Cygwin.
http​://mirrors.develooper.com/hpux/ http​://www.test-smoke.org/
http​://qa.perl.org http​://www.goldmark.org/jeff/stupid-disclaimers/