Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scalar leaked in 'local $0' under ithreads + taint mode #7826

Closed
p5pRT opened this issue Mar 4, 2005 · 4 comments
Closed

Scalar leaked in 'local $0' under ithreads + taint mode #7826

p5pRT opened this issue Mar 4, 2005 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Mar 4, 2005

Migrated from rt.perl.org#34341 (status was 'resolved')

Searchable as RT34341$

@p5pRT
Copy link
Author

p5pRT commented Mar 4, 2005

From stas@stason.org

Created by stas@rabbit.stason.org

The following scalar leak is reproduced under any perl 5.8+ w/ithreads​:

#!/usr/bin/perl -T
use Devel​::Peek;
use threads;

local $0 = "test"; # <== XXX​: leaks scalar
my $thr = threads->new(sub { Dump $0 });
$thr->join; # <== XXX​: triggers the leak

% perl -T leak.pl
SV = PVMG(0x81129a0) at 0x816dc10
  REFCNT = 1
  FLAGS = (GMG,SMG,pPOK)
  IV = 0
  NV = 0
  PV = 0x816e370 "test"\0
  CUR = 4
  LEN = 5
  MAGIC = 0x816e2a8
  MG_VIRTUAL = &PL_vtbl_sv
  MG_TYPE = PERL_MAGIC_sv(\0)
  MG_OBJ = 0x816dc04
  MG_LEN = 1
  MG_PTR = 0x816e2c8 "0"
  MAGIC = 0x816e2d8
  MG_VIRTUAL = &PL_vtbl_taint
  MG_TYPE = PERL_MAGIC_taint(t)
  MG_OBJ = 0x816dc1c
  MG_LEN = 2

Scalars leaked​: 1
leaked​: sv=0x816dc1c flags=0x084046007 refcnt=0, Perl interpreter​:
0x8102770

As the dump shows that leaked scalar is MG_OBJ = 0x816dc1c. This magic
object is a taint magic (and it happens under -T).

It happens so that ModPerl​::Registry localizes $0, so anybody trying to
spawn a thread is going to get this leak. There are probably other cases
where this happens in the same way, but at the moment I've only one *easy*
testcase.

Perl Info

Flags:
     category=core
     severity=medium

Site configuration information for perl v5.8.6:

Configured by stas at Thu Mar  3 21:57:12 EST 2005.

Summary of my perl5 (revision 5 version 8 subversion 6) configuration:
   Platform:
     osname=linux, osvers=2.6.8.1-12mdk, archname=i686-linux-thread-multi
     uname='linux rabbit.stason.org 2.6.8.1-12mdk #1 fri oct 1 12:53:41 
cest 2004 i686 mobile intel(r) pentium(r) 4 - m cpu 2.00ghz unknown gnulinux '
     config_args='-des -Dprefix=/home/stas/perl/5.8.7-ithread -Dusethreads 
-Doptimize=-g -Duseshrplib -Dusedevel -Accflags=-DDEBUG_LEAKING_SCALARS'
     hint=recommended, useposix=true, d_sigaction=define
     usethreads=define use5005threads=undef useithreads=define 
usemultiplicity=define
     useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
     use64bitint=undef use64bitall=undef uselongdouble=undef
     usemymalloc=n, bincompat5005=undef
   Compiler:
     cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS 
-DDEBUG_LEAKING_SCALARS -DDEBUGGING -fno-strict-aliasing -pipe 
-I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
-I/usr/include/gdbm',
     optimize='-g',
     cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS 
-DDEBUG_LEAKING_SCALARS -DDEBUGGING -fno-strict-aliasing -pipe 
-I/usr/local/include -I/usr/include/gdbm'
     ccversion='', gccversion='3.4.1 (Mandrakelinux 10.1 3.4.1-4mdk)', 
gccosandvers=''
     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', 
lseeksize=8
     alignbytes=4, prototype=define
   Linker and Libraries:
     ld='cc', ldflags =' -L/usr/local/lib'
     libpth=/usr/local/lib /lib /usr/lib
     libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
     perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
     libc=/lib/libc-2.3.3.so, so=so, useshrplib=true, libperl=libperl.so
     gnulibc_version='2.3.3'
   Dynamic Linking:
     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E 
-Wl,-rpath,/home/stas/perl/5.8.7-ithread/lib/5.8.6/i686-linux-thread-multi/CORE'
     cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
     MAINT23940


@INC for perl v5.8.6:
     /home/stas/perl/5.8.7-ithread/lib/5.8.6/i686-linux-thread-multi
     /home/stas/perl/5.8.7-ithread/lib/5.8.6
     /home/stas/perl/5.8.7-ithread/lib/site_perl/5.8.6/i686-linux-thread-multi
     /home/stas/perl/5.8.7-ithread/lib/site_perl/5.8.6
     /home/stas/perl/5.8.7-ithread/lib/site_perl
     .


Environment for perl v5.8.6:
     HOME=/home/stas
     LANG=en_GB
     LANGUAGE=en_GB:en
     LC_ADDRESS=en_CA
     LC_COLLATE=en_GB
     LC_CTYPE=en_GB
     LC_IDENTIFICATION=en_CA
     LC_MEASUREMENT=en_CA
     LC_MESSAGES=en_GB
     LC_MONETARY=en_CA
     LC_NAME=en_CA
     LC_NUMERIC=en_CA
     LC_PAPER=en_CA
     LC_SOURCED=1
     LC_TELEPHONE=en_CA
     LC_TIME=en_GB
     LD_LIBRARY_PATH (unset)
     LOGDIR (unset)
 
PATH=/usr//bin:/bin:/usr/bin:.:/usr/local/bin:/usr/X11R6/bin/:/usr/games:/home/stas/bin:/home/stas/bin:/usr/local/bin:/usr/X11R6/bin:/usr/java/j2re1.4.0/bin/
     PERLDOC_PAGER=less -R
     PERL_BADLANG (unset)
     SHELL=/bin/tcsh

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

@p5pRT
Copy link
Author

p5pRT commented Mar 4, 2005

From stas@stason.org

(resubmitting Steve Hay's followup so it'll be stored in rt)

Stas Bekman (via RT) wrote​:

# New Ticket Created by Stas Bekman
# Please include the string​: [perl #34341]
# in the subject line of all future correspondence about this issue.
# <URL​: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=34341 >

This is a bug report for perl from stas@​rabbit.stason.org,
generated with the help of perlbug 1.35 running under perl v5.8.6.

-----------------------------------------------------------------
[Please enter your report here]

The following scalar leak is reproduced under any perl 5.8+ w/ithreads​:

#!/usr/bin/perl -T
use Devel​::Peek;
use threads;

local $0 = "test"; # <== XXX​: leaks scalar
my $thr = threads->new(sub { Dump $0 });
$thr->join; # <== XXX​: triggers the leak
[...]
Scalars leaked​: 1
leaked​: sv=0x816dc1c flags=0x084046007 refcnt=0, Perl interpreter​:
0x8102770

As the dump shows that leaked scalar is MG_OBJ = 0x816dc1c. This magic
object is a taint magic (and it happens under -T).

From​: Steve Hay <steve.hay@​uk.radan.com>

Is this anything to do with the following comment found in
scope.c​::S_save_scalar_at()

  /* XXX SvMAGIC() is *shared* between osv and sv. This can
  * lead to coredumps when both SVs are destroyed without one
  * of their SvMAGIC() slots being NULLed. */

There's certiainly some stuff to do with taint magic and localizing
going on in that function, so since that's what this particular problem
revolves around, maybe its worth a closer look by someone that
understands it?

I'm not sure what the following chunk from that function is trying to
achieve​:

  if (PL_tainting && PL_tainted &&
  (mg = mg_find(osv, PERL_MAGIC_taint))) {
  SAVESPTR(mg->mg_obj);
  mg->mg_obj = osv;
  }

but could it be related to the leaked MG_OBJ?

- Steve

@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2005

From @iabyn

Looks like the leak has been fixed by my change #24942, which fixed
local() and magic (and specifically removed the code related to that XXX
comment above)

@p5pRT
Copy link
Author

p5pRT commented Jul 7, 2005

@iabyn - Status changed from 'new' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant