From @salva

Created by @salva

Croaking from a XSUB called via goto &xsub corrupts perl internals.

Run tryme.pl from the module attached to see it happening​:

$ ./tryme.pl
Attempt to free unreferenced scalar​: SV 0x814cbd8 at
/home/salva/s/perl/ext/goto_and_croak/blib/lib/goto_and_croak.pm line
18.
Segmentation fault

Flags:
    category=core
    severity=medium

Site configuration information for perl v5.8.4:

Configured by Debian Project at Tue Mar  8 20:31:23 EST 2005.

Summary of my perl5 (revision 5 version 8 subversion 4)
configuration:
  Platform:
    osname=linux, osvers=2.4.27-ti1211,
archname=i386-linux-thread-multi
    uname='linux kosh 2.4.27-ti1211 #1 sun sep 19 18:17:45 est 2004
i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
-Dcccdlflags=-fPIC -Darchname=i386-linux -Dprefix=/usr
-Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8
-Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
-Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
-Dsitelib=/usr/local/share/perl/5.8.4
-Dsitearch=/usr/local/lib/perl/5.8.4 -Dman1dir=/usr/share/man/man1
-Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
-Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
-Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm
-Duseshrplib -Dlibperl=libperl.so.5.8.4 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-DDEBIAN -fno-strict-aliasing -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN
-fno-strict-aliasing -I/usr/local/include'
    ccversion='', gccversion='3.3.5 (Debian 1:3.3.5-9)',
gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define,
longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8,
Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.3.2.so, so=so, useshrplib=true,
libperl=libperl.so.5.8.4
    gnulibc_version='2.3.2'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    


@INC for perl v5.8.4:
    /etc/perl
    /usr/local/lib/perl/5.8.4
    /usr/local/share/perl/5.8.4
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.8
    /usr/share/perl/5.8
    /usr/local/lib/site_perl
    .


Environment for perl v5.8.4:
    HOME=/home/salva
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=~/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
    PERL_BADLANG (unset)
    SHELL=/bin/bash


		
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

From @salva

goto_and_croak-0.01.tar.gz

From @iabyn

On Thu, May 19, 2005 at 12​:22​:07PM -0000, Salvador Fandiño wrote​:

Run tryme.pl from the module attached to see it happening​:

The file you attached, goto_and_croak-0.01.tar.gz, does not appear to
be in gz (nor bz2, tar, or zip) format.

--
My Dad used to say 'always fight fire with fire', which is probably why
he got thrown out of the fire brigade.

The RT System itself - Status changed from 'new' to 'open'

From @nwc10

On Thu, May 19, 2005 at 01​:53​:16PM +0100, Dave Mitchell wrote​:

On Thu, May 19, 2005 at 12​:22​:07PM -0000, Salvador Fandiño wrote​:

Run tryme.pl from the module attached to see it happening​:

The file you attached, goto_and_croak-0.01.tar.gz, does not appear to
be in gz (nor bz2, tar, or zip) format.

It's become UTF-8 encoded. Using my handy de-utf-8 tool​:

$ perl -C1 -pe0 <goto_and_croak-0.01.tar.gz | tar tfz -
goto_and_croak-0.01/
goto_and_croak-0.01/lib/
goto_and_croak-0.01/lib/goto_and_croak.pm
goto_and_croak-0.01/tryme.pl
goto_and_croak-0.01/goto_and_croak.xs
goto_and_croak-0.01/Makefile.PL
goto_and_croak-0.01/ppport.h
goto_and_croak-0.01/META.yml
goto_and_croak-0.01/MANIFEST

I'm not sure if this a bug in RT, or in the mail system at bugs.perl.org,
but for the mail that creates the initial tickets, it seems that all
attachments are converted bytes->UTF-8.

Nicholas Clark

From @iabyn

On Thu, May 19, 2005 at 02​:15​:11PM +0100, Nicholas Clark wrote​:

It's become UTF-8 encoded. Using my handy de-utf-8 tool​:

$ perl -C1 -pe0 <goto_and_croak-0.01.tar.gz | tar tfz -

Oooh, shiney :-)

I can reproduce the goto bug in bleed. I'm a bit busy at the moment,
so I'll try to look at it in more detail next week sometime.

--
Never do today what you can put off till tomorrow.

From @obra

I'm not sure if this a bug in RT, or in the mail system at bugs.perl.org,
but for the mail that creates the initial tickets, it seems that all
attachments are converted bytes->UTF-8.

All attachments or all text/* attachments?

Nicholas Clark

--

From @iabyn

Croaking from a XSUB called via goto &xsub corrupts perl internals.

Now fixed in bleed with the change below.

--
Red sky at night - gerroff my land!
Red sky at morning - gerroff my land!
  -- old farmers' sayings #14

Change 24535 by davem@​davem-splatty on 2005/05/21 22​:10​:19

  [perl #35878] goto &xsub that croaks corrupts memory
  When an XS sub is called, a CxSUB context shouldn't be pushed. Make
  goto &xs_sub mimic this behaviour by first popping the old CxSUB

Affected files ...

... //depot/perl/pp_ctl.c#438 edit
... //depot/perl/t/op/goto_xs.t#5 edit

Differences ...

==== //depot/perl/pp_ctl.c#438 (text) ====

@​@​ -2343,6 +2343,7 @​@​
  SAVETMPS;
  SAVEFREESV(cv); /* later, undo the 'avoid premature free' hack */
  if (CvXSUB(cv)) {
+ OP* retop = cx->blk_sub.retop;
  if (reified) {
  I32 index;
  for (index=0; index<items; index++)
@​@​ -2367,17 +2368,15 @​@​
  SV **newsp;
  I32 gimme;

+ /* XS subs don't have a CxSUB, so pop it */
+ POPBLOCK(cx, PL_curpm);
  /* Push a mark for the start of arglist */
  PUSHMARK(mark);
  PUTBACK;
  (void)(*CvXSUB(cv))(aTHX_ cv);
- /* Pop the current context like a decent sub should */
- POPBLOCK(cx, PL_curpm);
- /* Do _not_ use PUTBACK, keep the XSUB's return stack! */
  }
  LEAVE;
- assert(CxTYPE(cx) == CXt_SUB);
- return cx->blk_sub.retop;
+ return retop;
  }
  else {
  AV* padlist = CvPADLIST(cv);

==== //depot/perl/t/op/goto_xs.t#5 (xtext) ====

@​@​ -20,7 +20,7 @​@​
eval 'require Fcntl'
  or do { print "1..0\n# Fcntl unavailable, can't test XS goto.\n"; exit 0 };

-print "1..10\n";
+print "1..11\n";

# We don't know what symbols are defined in platform X's system headers.
# We don't even want to guess, because some platform out there will
@​@​ -96,3 +96,20 @​@​

$ret = call_goto_ref($VALID);
print(($ret == $value) ? "ok 10\n" : "not ok 10\n# ($ret != $value)\n");
+
+
+# [perl #35878] croak in XS after goto segfaulted
+
+use XS​::APItest qw(mycroak);
+
+sub goto_croak { goto &mycroak }
+
+{
+ my $e;
+ for (1..4) {
+ eval { goto_croak("boo$_\n") };
+ $e .= $@​;
+ }
+ print $e eq "boo1\nboo2\nboo3\nboo4\n" ? "ok 11\n" : "not ok 11\n";
+}
+

@iabyn - Status changed from 'open' to 'resolved'