Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault due to a semicolon inside a dynamic array ref. #8726

Closed
p5pRT opened this issue Jan 5, 2007 · 3 comments
Closed

Segfault due to a semicolon inside a dynamic array ref. #8726

p5pRT opened this issue Jan 5, 2007 · 3 comments
Labels
distro-Linux type-core

Comments

@p5pRT
Copy link

p5pRT commented Jan 5, 2007

Migrated from rt.perl.org#41188 (status was 'rejected')

Searchable as RT41188$
@p5pRT
Copy link
Author

p5pRT commented Jan 5, 2007

From @shlomif

Created by @shlomif

This is a reopening of​:

http​://rt.perl.org/rt3/Public/Bug/Display.html?id=40995

Because the latter was closed without having being fixed beforehand.

The following script is a test case for a segfault I'm getting in the
compilation phase because of a semicolon inside an dynamic array ref.
The code can be taken out of the eval, but then it would be harder to test,
and with the eval the problem is still reproduced.

<<<<<<<<<<<<<<<<<<

use strict;
use warnings;

use Test​::More tests => 1;

eval <<'EOF';
sub func1
{
  my ($i, $j) = @​_;

  sub { return [ $i->func2(); ]; };
}
EOF

# TEST

ok(1, "Test compilation of semicolon inside [ ... ]");

Regards,

Shlomi Fish

http​://www.shlomifish.org/

ferreira2 said​:

<<<<<
In Cygwin, I got

$ perl h.pl
7 [main] perl 1856 _cygtls​::handle_exceptions​: Error while dumping state (
probably corrupted stack)
Segmentation fault (core dumped)

This code still segfault​:

sub
{
my ($i, $j) = @​_;
sub { [ $i->f(); ] };
}

but not this

sub
{
my ($i) = @​_;
sub { [ $i->f(); ] };
}

which dies

$ perl h.pl
syntax error at h.pl line 6, near ");"
syntax error at h.pl line 7, near "}"
Execution of h.pl aborted due to compilation errors.

And then I said​:

<<<<<<<<<<<<<<<<
Hi, I see you closed the bug as resolved because it does not happen in
bleadperl. Well, not so fast, please. What still needs to be done is​:

1. Add this as a test-case to the perl 5 test-suite.

2. Write a patch for the perl-5.8.x line. (Which is still heavily
used).

3. Investigate the crash, and see if it poses security risks.

This problem may possibly be used to crash programs that let the user
evaluate Perl code. (such as eval IRC bots, PostgreSQL's PL/Perl
etc.), so it also needs to be fixed in 5.8.x.

Regards,

Shlomi Fish

On Mon Nov 27 09​:52​:54 2006, rafael wrote​:

From my tests, this appears to be resolved in bleadperl.

Perl Info 

Flags:
    category=core
    severity=medium

Site configuration information for perl v5.8.8:

Configured by Mandriva at Fri Sep  8 20:00:54 CEST 2006.

Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
  Platform:
    osname=linux, osvers=2.6.12-12mdksmp, archname=i386-linux
    uname='linux n4.mandriva.com 2.6.12-12mdksmp #1 smp fri sep 9 17:43:23 cest 2005 i686 intel(r) xeon(tm) cpu 2.80ghz gnulinux '
    config_args='-des -Dinc_version_list=5.8.7 5.8.7/i386-linux 5.8.6 5.8.6/i386-linux 5.8.5 5.8.4 5.8.3 5.8.2 5.8.1 5.8.0 5.6.1 5.6.0 -Darchname=i386-linux -Dcc=gcc -Doptimize=-O2  -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fomit-frame-pointer -march=i586 -mtune=pentiumpro -fasynchronous-unwind-tables -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dsitebin=/usr/local/bin -Dsiteman1dir=/usr/local/share/man/man1 -Dsiteman3dir=/usr/local/share/man/man3 -Dman3ext=3pm -Dcf_by=Mandriva -Dmyhostname=localhost -Dperladmin=root@localhost -Dcf_email=root@localhost -Dd_dosuid -Ud_csh -Duseshrplib'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2 -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fomit-frame-pointer -march=i586 -mtune=pentiumpro -fasynchronous-unwind-tables',
    cppflags='-fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='4.1.1 20060724 (prerelease) (4.1.1-3mdk)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.4.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.4'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.8/i386-linux/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    Mandriva Linux patches


@INC for perl v5.8.8:
    /home/shlomi/apps/perl/modules/lib/perl5/site_perl/5.8.8//i386-linux
    /home/shlomi/apps/perl/modules/lib/perl5/site_perl/5.8.8/
    /home/shlomi/apps/perl/modules/lib/perl5/5.8.8/i386-linux
    /home/shlomi/apps/perl/modules/lib/perl5/5.8.8
    /usr/lib/perl5/5.8.8/i386-linux
    /usr/lib/perl5/5.8.8
    /usr/lib/perl5/site_perl/5.8.8/i386-linux
    /usr/lib/perl5/site_perl/5.8.8
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.8.8/i386-linux
    /usr/lib/perl5/vendor_perl/5.8.8
    /usr/lib/perl5/vendor_perl/5.8.7
    /usr/lib/perl5/vendor_perl/5.8.7/i386-linux
    /usr/lib/perl5/vendor_perl/5.8.6
    /usr/lib/perl5/vendor_perl/5.8.6/i386-linux
    /usr/lib/perl5/vendor_perl/5.8.4
    /usr/lib/perl5/vendor_perl
    .


Environment for perl v5.8.8:
    HOME=/home/shlomi
    LANG=en_US.UTF-8
    LANGUAGE=en_US:en
    LC_ADDRESS=en_US.UTF-8
    LC_COLLATE=en_US.UTF-8
    LC_CTYPE=en_US.UTF-8
    LC_IDENTIFICATION=en_US.UTF-8
    LC_MEASUREMENT=en_US.UTF-8
    LC_MESSAGES=en_US.UTF-8
    LC_MONETARY=en_US.UTF-8
    LC_NAME=en_US.UTF-8
    LC_NUMERIC=en_US.UTF-8
    LC_PAPER=en_US.UTF-8
    LC_SOURCED=1
    LC_TELEPHONE=en_US.UTF-8
    LC_TIME=en_US.UTF-8
    LD_LIBRARY_PATH=/usr/local/apps/svn-repos/lib/
    LOGDIR (unset)
    PATH=/home/shlomi/apps/perl/modules/bin:/home/shlomi/apps/latemp/bin:/home/shlomi/apps/file/gringotts/bin:/home/shlomi/apps/gimageview/bin:/home/shlomi/apps/test/quadpres/bin:/usr/local/apps/svn-repos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/games:/usr/lib/qt3//bin:/home/shlomi/bin:/usr/lib/ssh:/usr/lib/qt3//bin
    PERL5LIB=/home/shlomi/apps/perl/modules/lib/perl5/site_perl/5.8.8/:/home/shlomi/apps/perl/modules/lib/perl5/5.8.8
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Mar 26, 2007

@iabyn - Status changed from 'new' to 'rejected'

@p5pRT p5pRT closed this as completed Mar 26, 2007
@p5pRT
Copy link
Author

p5pRT commented Mar 26, 2007

From @iabyn

I've rejected this ticket, as the problem is well understood, and has
been fully fixed in bleed with appropriate tests added. The fix will not
be backported to the 5.8.x branch as it is too complex. It has no new
security implications.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
distro-Linux type-core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@p5pRT