New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stack pointer corruption in pp_concat() with 'use encoding' #10779
Comments
From @ntyniThis is a bug report for perl from Niko Tyni <ntyni@debian.org>, ./perl -Ilib -Mencoding=utf8 -e 'map { "a" . $a } ((1)x500);' Valgrind shows errors like ==25202== Invalid write of size 8 This is due to stack pointer corruption in Perl_pp_concat() when the Proposed patch attached. Sorry, couldn't figure how to write a regression It seems possible that there are other places where Originally reported by Ken Bloom in http://bugs.debian.org/596105 #0 Perl_stack_grow (my_perl=0xa3f010, sp=0xb456d0, p=0xb456d0, n=1) at scope.c:34 Flags: Site configuration information for perl 5.13.6: Configured by niko at Thu Oct 28 23:42:17 EEST 2010. Summary of my perl5 (revision 5 version 13 subversion 6) configuration: Locally applied patches: @INC for perl 5.13.6: Environment for perl 5.13.6: |
From @ntyni0001-Fix-stack-pointer-corruption-in-pp_concat-with-use-e.patchFrom 286215bec6f59ddd4f27fc5c21c76e3d762ed771 Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Thu, 28 Oct 2010 23:52:17 +0300
Subject: [PATCH] Fix stack pointer corruption in pp_concat() with 'use encoding'
sv_utf8_upgrade_nomg() may reallocate the stack via sv_recode_to_utf8()
if 'use encoding' is in effect, causing stack pointer corruption.
---
pp_hot.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/pp_hot.c b/pp_hot.c
index fd270e9..f4d79dc 100644
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -275,6 +275,8 @@ PP(pp_concat)
rbyte = !DO_UTF8(right);
}
if (lbyte != rbyte) {
+ /* sv_utf8_upgrade_nomg() may reallocate the stack */
+ PUTBACK;
if (lbyte)
sv_utf8_upgrade_nomg(TARG);
else {
@@ -283,6 +285,7 @@ PP(pp_concat)
sv_utf8_upgrade_nomg(right);
rpv = SvPV_nomg_const(right, rlen);
}
+ SPAGAIN;
}
sv_catpvn_nomg(TARG, rpv, rlen);
--
1.7.2.3
|
From @cpansproutOn Thu Oct 28 14:22:36 2010, ntyni@debian.org wrote:
Thank you. Applied as e3393f5.
Like this: http://perl5.git.perl.org/perl.git/commitdiff/1222f39eae03eee |
The RT System itself - Status changed from 'new' to 'open' |
@cpansprout - Status changed from 'open' to 'resolved' |
From @nwc10On Thu, Oct 28, 2010 at 02:22:36PM -0700, Niko Tyni wrote:
I can't find any. I was wondering, is a better solution to this whole problem to ensure that The whole paradigm of needing to get and "put back" a local copy of the (Heck, and effectively predates common use of tie, overloading, PerlIO and Nicholas Clark |
From @LeontOn Wed, May 8, 2013 at 2:18 PM, Nicholas Clark <nick@ccl4.org> wrote:
A number of magical thingies already do such a thing, it does make
Yeah, it's fairly annoying, though AFAIK it can't be made no-op
Yeah. It's an optimization that might not be an optimization anymore. Leon |
Migrated from rt.perl.org#78674 (status was 'resolved')
Searchable as RT78674$
The text was updated successfully, but these errors were encountered: