Skip Menu |
Report information
Id: 123652
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: crux <thecrux [at] gmail.com>
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: 5.22.0



Subject: Segmentation fault while parsing incorrect code
Download (untitled) / with headers
text/plain 1.5k
Got interesting SIGSEGV case $ perl -e '$1=eval{a:}' zsh: segmentation fault perl -e '$1=eval{a:}' SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems not affected When debugging enabled i've got SIGABRT instead of SIGSEGV $ perlbrew use perl-5.21.6-thr-dbg $ gdb --args perl -e '$1=eval{a:}' (gdb) run Program received signal SIGABRT, Aborted. 0x00007ffff7106365 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 $(gdb) bt #0 0x00007ffff7106365 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff71077e8 in __GI_abort () at abort.c:90 #2 0x00007ffff70ff3b3 in __assert_fail_base (fmt=0x7ffff723e6f8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x60d840 "((LOGOP*)o)->op_other->op_type == OP_LEAVETRY", file=file@entry=0x6ab222 "op.c", line=line@entry=12600, function=function@entry=0x614e6d <__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c:92 #3 0x00007ffff70ff462 in __GI___assert_fail ( assertion=assertion@entry=0x60d840 "((LOGOP*)o)->op_other->op_type == OP_LEAVETRY", file=file@entry=0x6ab222 "op.c", line=line@entry=12600, function=function@entry=0x614e6d <__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c:101 #4 0x0000000000431bed in Perl_rpeep (my_perl=0x8e7010, o=0x919688) at op.c:12600 ... (gdb)frame 4 (gdb)list 12598 12599 case OP_ENTERTRY: 12600 assert(cLOGOPo->op_other->op_type == OP_LEAVETRY); 12601 DEFER(cLOGOPo->op_other); 12602 break; 12603
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 1.7k
On Thu Jan 22 06:15:40 2015, crux wrote: Show quoted text
> Got interesting SIGSEGV case > > $ perl -e '$1=eval{a:}' > zsh: segmentation fault perl -e '$1=eval{a:}' > > SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems > not affected > > When debugging enabled i've got SIGABRT instead of SIGSEGV > > $ perlbrew use perl-5.21.6-thr-dbg > $ gdb --args perl -e '$1=eval{a:}' > (gdb) run > Program received signal SIGABRT, Aborted. > 0x00007ffff7106365 in __GI_raise (sig=sig@entry=6) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:56 > > $(gdb) bt > #0 0x00007ffff7106365 in __GI_raise (sig=sig@entry=6) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:56 > #1 0x00007ffff71077e8 in __GI_abort () at abort.c:90 > #2 0x00007ffff70ff3b3 in __assert_fail_base (fmt=0x7ffff723e6f8 > "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", > assertion=assertion@entry=0x60d840 "((LOGOP*)o)->op_other->op_type == > OP_LEAVETRY", file=file@entry=0x6ab222 "op.c", > line=line@entry=12600, function=function@entry=0x614e6d > <__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c:92 > #3 0x00007ffff70ff462 in __GI___assert_fail ( > assertion=assertion@entry=0x60d840 "((LOGOP*)o)->op_other->op_type == > OP_LEAVETRY", file=file@entry=0x6ab222 "op.c", > line=line@entry=12600, function=function@entry=0x614e6d > <__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c:101 > #4 0x0000000000431bed in Perl_rpeep (my_perl=0x8e7010, o=0x919688) at > op.c:12600 > ... > > (gdb)frame 4 > (gdb)list > 12598 > 12599 case OP_ENTERTRY: > 12600 assert(cLOGOPo->op_other->op_type == > OP_LEAVETRY); > 12601 DEFER(cLOGOPo->op_other); > 12602 break; > 12603
Confirmed; see attachment. -- James E Keenan (jkeenan@cpan.org)
Subject: 123652-segfault.txt
[perl] 88 $ ./perl -e '$1=eval{a:}' perl: op.c:13712: Perl_rpeep: Assertion `((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY' failed. Aborted (core dumped) [perl] 89 $ gdb --args ./perl -e '$1=eval{a:}' GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./perl...done. (gdb) run Starting program: /home/jkeenan/gitwork/perl/perl -e \$1=eval\{a:\} [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". perl: op.c:13712: Perl_rpeep: Assertion `((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY' failed. Program received signal SIGABRT, Aborted. 0x00007ffff70e9cc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff70e9cc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff70ed0d8 in __GI_abort () at abort.c:89 #2 0x00007ffff70e2b86 in __assert_fail_base ( fmt=0x7ffff72343d0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x607140 "((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY", file=file@entry=0x6a0aea "op.c", line=line@entry=13712, function=function@entry=0x60ab66 <__PRETTY_FUNCTION__.22275> "Perl_rpeep") at assert.c:92 #3 0x00007ffff70e2c32 in __GI___assert_fail ( assertion=assertion@entry=0x607140 "((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY", file=file@entry=0x6a0aea "op.c", line=line@entry=13712, function=function@entry=0x60ab66 <__PRETTY_FUNCTION__.22275> "Perl_rpeep") at assert.c:101 #4 0x0000000000439270 in Perl_rpeep (my_perl=0x8e2010, o=0x9189a8) at op.c:13712 #5 0x000000000042eb1c in Perl_newPROG (my_perl=0x8e2010, o=0x919210) at op.c:4100 #6 0x000000000048e23b in Perl_yyparse (my_perl=my_perl@entry=0x8e2010, gramtype=gramtype@entry=258) at perly.y:120 #7 0x000000000044e140 in S_parse_body (xsinit=0x41d540 <xs_init>, env=0x0, my_perl=0x8e2010) at perl.c:2273 #8 perl_parse (my_perl=0x8e2010, xsinit=xsinit@entry=0x41d540 <xs_init>, argc=<optimized out>, argv=<optimized out>, env=env@entry=0x0) at perl.c:1607 #9 0x000000000041d3a9 in main (argc=3, argv=0x7fffffffd9d8, env=0x7fffffffd9f8) at perlmain.c:114 (gdb) frame 4 #4 0x0000000000439270 in Perl_rpeep (my_perl=0x8e2010, o=0x9189a8) at op.c:13712 13712 assert(cLOGOPo->op_other->op_type == OP_LEAVETRY); (gdb) list 13707 * process the rest of the code */ 13708 DEFER(cLOOP->op_lastop); 13709 break; 13710 13711 case OP_ENTERTRY: 13712 assert(cLOGOPo->op_other->op_type == OP_LEAVETRY); 13713 DEFER(cLOGOPo->op_other); 13714 break; 13715 13716 case OP_SUBST: (gdb) Summary of my perl5 (revision 5 version 21 subversion 9) configuration: Commit id: 6a40a726ac1d6a8f37527d834a781fc5c38e12f0 Platform: osname=linux, osvers=3.13.0-44-generic, archname=x86_64-linux-thread-multi uname='linux zareason 3.13.0-44-generic #73-ubuntu smp tue dec 16 00:22:43 utc 2014 x86_64 x86_64 x86_64 gnulinux ' config_args='-des -Dusedevel -DDEBUGGING -Duseithreads' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2 -g', cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion='', gccversion='4.8.2', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='cc', ldflags =' -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/4.8/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=libc-2.19.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.19' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector' Characteristics of this binary (from libperl): Compile-time options: DEBUGGING HAS_TIMES MULTIPLICITY PERLIO_LAYERS PERL_DONT_CREATE_GVSV PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV PERL_TRACK_MEMPOOL PERL_USE_DEVEL USE_64_BIT_ALL USE_64_BIT_INT USE_ITHREADS USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_PERLIO USE_PERL_ATOF USE_REENTRANT_API Built under linux Compiled at Jan 22 2015 21:57:41 %ENV: PERL5LIB="/home/jkeenan/perl5/lib/perl5" PERLBREW_BASHRC_VERSION="0.67" PERLBREW_HOME="/home/jkeenan/.perlbrew" PERLBREW_MANPATH="/home/jkeenan/perl5/perlbrew/perls/perl-5.20.1/man" PERLBREW_PATH="/home/jkeenan/perl5/perlbrew/bin:/home/jkeenan/perl5/perlbrew/perls/perl-5.20.1/bin" PERLBREW_PERL="perl-5.20.1" PERLBREW_ROOT="/home/jkeenan/perl5/perlbrew" PERLBREW_VERSION="0.67" PERL_LOCAL_LIB_ROOT="/home/jkeenan/perl5" PERL_MB_OPT="--install_base "/home/jkeenan/perl5"" PERL_MM_OPT="INSTALL_BASE=/home/jkeenan/perl5" PERL_WORKDIR="gitwork/perl" @INC: lib /home/jkeenan/perl5/lib/perl5 /usr/local/lib/perl5/site_perl/5.21.9/x86_64-linux-thread-multi /usr/local/lib/perl5/site_perl/5.21.9 /usr/local/lib/perl5/5.21.9/x86_64-linux-thread-multi /usr/local/lib/perl5/5.21.9 .
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 485b
On Thu Jan 22 06:15:40 2015, crux wrote: Show quoted text
> Got interesting SIGSEGV case > > $ perl -e '$1=eval{a:}' > zsh: segmentation fault perl -e '$1=eval{a:}' > > SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems > not affected
5.21.4 is unaffected. 5.14.4 crashes. Your subject is slightly wrong. The code is not invalid. (It just dies at run time because $1 is read-only.) You can have a label at the end of a block. I’ll run a bisect. -- Father Chrysostomos
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 905b
On Thu Jan 22 21:56:06 2015, sprout wrote: Show quoted text
> On Thu Jan 22 06:15:40 2015, crux wrote:
> > Got interesting SIGSEGV case > > > > $ perl -e '$1=eval{a:}' > > zsh: segmentation fault perl -e '$1=eval{a:}' > > > > SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems > > not affected
> > 5.21.4 is unaffected. 5.14.4 crashes. > > Your subject is slightly wrong. The code is not invalid. (It just > dies at run time because $1 is read-only.) You can have a label at > the end of a block. > > I’ll run a bisect.
$ ../perl.git/Porting/bisect.pl --target=miniperl --start=v5.12.0 --end=v5.14.4 -e 'eval{$1=eval{a:}}' ... eae48c8938e50ebb341a72c2886c5ae8587092a5 is the first bad commit commit eae48c8938e50ebb341a72c2886c5ae8587092a5 Author: Zefram <zefram@fysh.org> Date: Tue Oct 19 21:16:11 2010 +0100 refactor and regularise label/statement grammar -- Father Chrysostomos
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 623b
On Thu Jan 22 21:56:06 2015, sprout wrote: Show quoted text
> On Thu Jan 22 06:15:40 2015, crux wrote:
> > Got interesting SIGSEGV case > > > > $ perl -e '$1=eval{a:}' > > zsh: segmentation fault perl -e '$1=eval{a:}' > > > > SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems > > not affected
> > 5.21.4 is unaffected. 5.14.4 crashes. > > Your subject is slightly wrong. The code is not invalid. (It just > dies at run time because $1 is read-only.) You can have a label at > the end of a block. >
So, can we have the attempt to assign to $1 throw a more tidy exception? -- James E Keenan (jkeenan@cpan.org)
RT-Send-CC: perl5-porters [...] perl.org
Fixed in 2f465e0. -- Father Chrysostomos
Date: Sun, 25 Jan 2015 10:38:55 +0300
To: Father Chrysostomos via RT <perlbug-followup [...] perl.org>
From: Vladimir Lettiev <thecrux [...] gmail.com>
Subject: [perl #123652] Segmentation fault while parsing incorrect code
Download (untitled) / with headers
text/plain 171b
On Sat, Jan 24, 2015 at 05:23:34PM -0800, Father Chrysostomos via RT wrote: Show quoted text
> Fixed in 2f465e0.
Great, thank you. Whether this fix will be ported to stable 5.20 branch?
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 435b
On Sat Jan 24 23:39:31 2015, crux wrote: Show quoted text
> On Sat, Jan 24, 2015 at 05:23:34PM -0800, Father Chrysostomos via RT wrote:
> > Fixed in 2f465e0.
> > Great, thank you. Whether this fix will be ported to stable 5.20 branch? >
It looks like a suitable candidate for backporting, so I've just added it to the voting file, and it will be in 5.20.2 if a couple of other committers agree: http://perl5.git.perl.org/perl.git/commit/f10d2881c7
Subject: Your ticket against Perl 5 has been resolved
Download (untitled) / with headers
text/plain 263b
Thanks for submitting this ticket The issue should be resolved with the release today of Perl v5.22, available at http://www.perl.org/get.html If you find that the problem persists, feel free to reopen this ticket -- Karl Williamson for the Perl 5 porters team


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org