Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

panic: attempt to copy freed scalar #9203

Open
p5pRT opened this issue Jan 23, 2008 · 4 comments
Open

panic: attempt to copy freed scalar #9203

p5pRT opened this issue Jan 23, 2008 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Jan 23, 2008

Migrated from rt.perl.org#50142 (status was 'open')

Searchable as RT50142$

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2008

From @sciurius

Created by @sciurius

The following program abends with
panic​: attempt to copy freed scalar 94e5d88 to 94e6368 at t.pl line 5.

  @​ARGV = qw(foo);
  foo(@​ARGV);
  sub foo {
  my $x = shift(@​ARGV);
  my $y = shift;
  }

Perl Info

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.10.0:

Configured by jv at Fri Jan 18 18:53:25 CET 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.6.23.8-63.fc8, archname=i386-linux
    uname='linux phoenix.squirrel.nl 2.6.23.8-63.fc8 #1 smp wed nov 21 18:51:08 est 2007 i686 i686 i386 gnulinux '
    config_args='-des -Darchname=i386-linux -Dprefix=/opt/perl-5.10.0 -Dcf_email=jvromans@squirrel.nl -Dperladmin=jvromans@squirrel.nl'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2',
    cppflags='-fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='4.1.2 20070925 (Red Hat 4.1.2-33)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -lgdbm -ldl -lm -lcrypt -lutil -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.7.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.7'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib'

Locally applied patches:
    


@INC for perl 5.10.0:
    /home/jv/lib/perl5
    /opt/perl-5.10.0/lib/5.10.0/i386-linux
    /opt/perl-5.10.0/lib/5.10.0
    /opt/perl-5.10.0/lib/site_perl/5.10.0/i386-linux
    /opt/perl-5.10.0/lib/site_perl/5.10.0
    .


Environment for perl 5.10.0:
    HOME=/home/jv
    LANG=en_US.iso88591
    LANGUAGE (unset)
    LC_PAPER=nl_NL
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/opt/perl-5.10.0/bin:.:/home/jv/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
    PERL5LIB=/home/jv/lib/perl5
    PERL_BADLANG (unset)
    SHELL=/bin/tcsh

@p5pRT
Copy link
Author

p5pRT commented Jan 24, 2008

From @andk

On Wed, 23 Jan 2008 03​:07​:01 -0800, Johan Vromans (via RT) <perlbug-followup@​perl.org> said​:

  > @​ARGV = qw(foo);
  > foo(@​ARGV);
  > sub foo {
  > my $x = shift(@​ARGV);
  > my $y = shift;
  > }

Binary search tells me it was 24892.

----Output of .../pEhkYZa/perl-5.9.2@​24891/bin/perl----

----EOF ($?='0')----
----Output of .../pchGXXr/perl-5.9.2@​24892/bin/perl----
panic​: sv_upgrade to unknown type 255 at tests/jv-argv.pl line 5.

----EOF ($?='65280')----

It seems the panic message itself has morphed over time.

  Change 24892 by nicholas@​ship-in-a-bottle on 2005/06/18 10​:57​:02

  sv_upgrade by memcpy
  AV and HV cases need tidyup

--
andreas

@p5pRT
Copy link
Author

p5pRT commented Jan 24, 2008

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Jan 24, 2008

From @iabyn

On Thu, Jan 24, 2008 at 06​:42​:25AM +0100, Andreas J. Koenig wrote​:

On Wed, 23 Jan 2008 03​:07​:01 -0800, Johan Vromans (via RT) <perlbug-followup@​perl.org> said​:

@&#8203;ARGV = qw\(foo\);
foo\(@&#8203;ARGV\);
sub foo \{
my $x = shift\(@&#8203;ARGV\);
my $y = shift;
\}

Binary search tells me it was 24892.

----Output of .../pEhkYZa/perl-5.9.2@​24891/bin/perl----

----EOF ($?='0')----
----Output of .../pchGXXr/perl-5.9.2@​24892/bin/perl----
panic​: sv_upgrade to unknown type 255 at tests/jv-argv.pl line 5.

----EOF ($?='65280')----

It seems the panic message itself has morphed over time.

Change 24892 by nicholas@&#8203;ship\-in\-a\-bottle on 2005/06/18 10&#8203;:57&#8203;:02

sv\_upgrade by memcpy
AV and HV cases need tidyup

The bug itself has always been present, because items pushed onto the
stack aren't reference counted, and so can get prematurely freed.
Perl has just got better at detecting this and panicing rather than
ploughing on..

--
Nothing ventured, nothing lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants