Skip Menu |
Report information
Id: 127786
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: frederik [at] ofb.net
Cc:
AdminCc:

Operating System: Linux
PatchStatus: (no value)
Severity: medium
Type: library
Perl Version: 5.22.1
Fixed In: (no value)



CC: frederik [...] ofb.net
Date: Fri, 25 Mar 2016 23:11:35 -0700
To: perlbug [...] perl.org
From: frederik [...] ofb.net
Subject: segfault involving Data::Dumper, anonymous sub, and scalar ref
Download (untitled) / with headers
text/plain 6.4k
This is a bug report for perl from frederik@ofb.net, generated with the help of perlbug 1.40 running under perl 5.22.1. ----------------------------------------------------------------- [Please describe your issue here] I found Perl segfaulting on a personal project and was able to get a minimal test case which exhibits the problem. Although the test case uses Data::Dumper, I have "$Data::Dumper::Useperl=1;" (pure Perl mode) so perhaps this is also a problem with the Perl interpreter. The Perl version is v5.22.1. I get a segfault on a x86_64 system with Linux kernel 4.1.20-1-lts, as well as on a i686 system with Linux kernel 4.1.19-1-lts. Both are running up-to-date Arch distributions. On a Debian system with Perl v5.14.2, there is no segfault. (This system is i686 with Linux kernel 3.2.45) Here is the test case: #!/usr/bin/perl use warnings; use strict; ## This block mostly copied from my personal helper/utility package: BEGIN { do { # Declaring this in package DB results in special "eval" behavior: # the expression is evaluated in the first non-DB lexical scope package DB; use Data::Dumper; $Data::Dumper::Indent=0; $Data::Dumper::Purity=1; $Data::Dumper::Terse=1; ## oddly, I get a segfault when this is either 1 or 0: $Data::Dumper::Useperl=1; # "Print value": display an expression, and then its value. # Evaluates the expression in the context of the caller. Useful for # debugging: just substitute "pv q{EXPR}" for "EXPR" when you want # to examine its value. EXPR should be a scalar, but arrays and # hashes can be made into scalars with [] and {}. sub pv { my $e = shift; my ($package, $filename, $line) = caller; my $v = Dumper(eval "package $package; ($e)"); die $@ if $@; print STDERR "$e = $v\n"; } }; *pv = \&DB::pv; } ################################################################ ## Here is a (hopefully) minimal test case to cause a segfault on Perl ## v5.22.1. I also tested on Perl v5.14.2, no segfault. my $s = "hi"; my $foo = sub { # this sub needs to be anonymous warn $s; # we need this line here pv '$s'; # this succeeds pv '\$s'; # this segfaults }; &$foo(); Here's the output: $ ./perl-dumper-ref-bug hi at ./perl-dumper-ref-bug line 42. $s = 'hi' zsh: segmentation fault (core dumped) ./perl-dumper-ref-bug Thank you! [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=library severity=medium module=Data::Dumper --- Site configuration information for perl 5.22.1: Configured by builduser at Mon Mar 7 19:10:52 CET 2016. Summary of my perl5 (revision 5 version 22 subversion 1) configuration: Platform: osname=linux, osvers=4.4.3-1-arch, archname=x86_64-linux-thread-multi uname='linux flo-64 4.4.3-1-arch #1 smp preempt fri feb 26 15:09:29 cet 2016 x86_64 gnulinux ' config_args='-des -Dusethreads -Duseshrplib -Doptimize=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -Dprefix=/usr -Dvendorprefix=/usr -Dprivlib=/usr/share/perl5/core_perl -Darchlib=/usr/lib/perl5/core_perl -Dsitelib=/usr/share/perl5/site_perl -Dsitearch=/usr/lib/perl5/site_perl -Dvendorlib=/usr/share/perl5/vendor_perl -Dvendorarch=/usr/lib/perl5/vendor_perl -Dscriptdir=/usr/bin/core_perl -Dsitescript=/usr/bin/site_perl -Dvendorscript=/usr/bin/vendor_perl -Dinc_version_list=none -Dman1ext=1perl -Dman3ext=3perl -Dcccdlflags='-fPIC' -Dlddlflags=-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -Dldflags=-Wl,-O1,--sort-common,--as-needed,-z,relro' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong', cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='', gccversion='5.3.0', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='cc', ldflags ='-Wl,-O1,--sort-common,--as-needed,-z,relro -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/gcc/x86_64-unknown-linux-gnu/5.3.0/include-fixed /usr/lib /lib/../lib /usr/lib/../lib /lib /lib64 /usr/lib64 libs=-lpthread -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=libc-2.23.so, so=so, useshrplib=true, libperl=libperl.so gnulibc_version='2.23' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/core_perl/CORE' cccdlflags='-fPIC', lddlflags='-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -L/usr/local/lib -fstack-protector-strong' --- @INC for perl 5.22.1: /home/frederik/scripts-misc/perl /home/frederik/.local/lib/perl5/x86_64-linux-thread-multi /home/frederik/.local/lib/perl5 /usr/lib/perl5/site_perl /usr/share/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5/core_perl /usr/share/perl5/core_perl . --- Environment for perl 5.22.1: HOME=/home/frederik LANG=en_US.UTF-8 LANGUAGE (unset) LD_LIBRARY_PATH=/home/frederik/.local/arch/x86_64/lib:/home/frederik/.local/lib:/usr/local/lib LOGDIR (unset) PATH=/home/frederik/.local/bin:/home/frederik/projects/mailproc:/home/frederik/scripts-misc:/home/frederik/.local/arch/x86_64/bin:/usr/bin/core_perl:/usr/bin/vendor_perl:/usr/bin/site_perl:/usr/local/bin:/usr/local/sbin:/usr/bin PERL5LIB=/home/frederik/scripts-misc/perl:/home/frederik/.local/lib/perl5: PERL_BADLANG (unset) PERL_LOCAL_LIB_ROOT=/home/frederik/.local/:/home/frederik/.local/:/home/frederik/.local/ PERL_MB_OPT=--install_base "/home/frederik/.local/" PERL_MM_OPT=INSTALL_BASE=/home/frederik/.local/ SHELL=/bin/zsh
CC: perl5-porters [...] perl.org
Subject: Re: segfault involving Data::Dumper, anonymous sub, and scalar ref
Date: Sat, 26 Mar 2016 10:15:10 -0700
From: Frederik Eaton <frederik [...] ofb.net>
To: perlbug [...] perl.org
A friend came up with a smaller test case: perl -e '{package DB;sub x {eval "\\\$s"} } my $s="hi";my $foo=sub {print $s;DB::x};&$foo;' Thanks! Frederick On Fri, Mar 25, 2016 at 11:11:35PM -0700, frederik@ofb.net wrote: Show quoted text
> > This is a bug report for perl from frederik@ofb.net, > generated with the help of perlbug 1.40 running under perl 5.22.1. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > I found Perl segfaulting on a personal project and was able to get a > minimal test case which exhibits the problem. > > Although the test case uses Data::Dumper, I have > "$Data::Dumper::Useperl=1;" (pure Perl mode) so perhaps this is also a > problem with the Perl interpreter. > > The Perl version is v5.22.1. I get a segfault on a x86_64 system with > Linux kernel 4.1.20-1-lts, as well as on a i686 system with Linux > kernel 4.1.19-1-lts. Both are running up-to-date Arch distributions. > > On a Debian system with Perl v5.14.2, there is no segfault. (This > system is i686 with Linux kernel 3.2.45) > > Here is the test case: > > #!/usr/bin/perl > > use warnings; > use strict; > > ## This block mostly copied from my personal helper/utility package: > BEGIN { > do { > # Declaring this in package DB results in special "eval" behavior: > # the expression is evaluated in the first non-DB lexical scope > package DB; > > use Data::Dumper; > $Data::Dumper::Indent=0; > $Data::Dumper::Purity=1; > $Data::Dumper::Terse=1; > ## oddly, I get a segfault when this is either 1 or 0: > $Data::Dumper::Useperl=1; > > # "Print value": display an expression, and then its value. > # Evaluates the expression in the context of the caller. Useful for > # debugging: just substitute "pv q{EXPR}" for "EXPR" when you want > # to examine its value. EXPR should be a scalar, but arrays and > # hashes can be made into scalars with [] and {}. > sub pv { > my $e = shift; > my ($package, $filename, $line) = caller; > my $v = Dumper(eval "package $package; ($e)"); > die $@ if $@; > print STDERR "$e = $v\n"; > } > }; > *pv = \&DB::pv; > } > > ################################################################ > ## Here is a (hopefully) minimal test case to cause a segfault on Perl > ## v5.22.1. I also tested on Perl v5.14.2, no segfault. > > my $s = "hi"; > my $foo = sub { # this sub needs to be anonymous > warn $s; # we need this line here > pv '$s'; # this succeeds > pv '\$s'; # this segfaults > }; > &$foo(); > > Here's the output: > > $ ./perl-dumper-ref-bug > hi at ./perl-dumper-ref-bug line 42. > $s = 'hi' > zsh: segmentation fault (core dumped) ./perl-dumper-ref-bug > > Thank you! > > [Please do not change anything below this line] > ----------------------------------------------------------------- > --- > Flags: > category=library > severity=medium > module=Data::Dumper > --- > Site configuration information for perl 5.22.1: > > Configured by builduser at Mon Mar 7 19:10:52 CET 2016. > > Summary of my perl5 (revision 5 version 22 subversion 1) configuration: > > Platform: > osname=linux, osvers=4.4.3-1-arch, archname=x86_64-linux-thread-multi > uname='linux flo-64 4.4.3-1-arch #1 smp preempt fri feb 26 15:09:29 cet 2016 x86_64 gnulinux ' > config_args='-des -Dusethreads -Duseshrplib -Doptimize=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -Dprefix=/usr -Dvendorprefix=/usr -Dprivlib=/usr/share/perl5/core_perl -Darchlib=/usr/lib/perl5/core_perl -Dsitelib=/usr/share/perl5/site_perl -Dsitearch=/usr/lib/perl5/site_perl -Dvendorlib=/usr/share/perl5/vendor_perl -Dvendorarch=/usr/lib/perl5/vendor_perl -Dscriptdir=/usr/bin/core_perl -Dsitescript=/usr/bin/site_perl -Dvendorscript=/usr/bin/vendor_perl -Dinc_version_list=none -Dman1ext=1perl -Dman3ext=3perl -Dcccdlflags='-fPIC' -Dlddlflags=-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -Dldflags=-Wl,-O1,--sort-common,--as-needed,-z,relro' > hint=recommended, useposix=true, d_sigaction=define > useithreads=define, usemultiplicity=define > use64bitint=define, use64bitall=define, uselongdouble=undef > usemymalloc=n, bincompat5005=undef > Compiler: > cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', > optimize='-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong', > cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' > ccversion='', gccversion='5.3.0', gccosandvers='' > intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3 > d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3 > ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 > alignbytes=8, prototype=define > Linker and Libraries: > ld='cc', ldflags ='-Wl,-O1,--sort-common,--as-needed,-z,relro -fstack-protector-strong -L/usr/local/lib' > libpth=/usr/local/lib /usr/lib/gcc/x86_64-unknown-linux-gnu/5.3.0/include-fixed /usr/lib /lib/../lib /usr/lib/../lib /lib /lib64 /usr/lib64 > libs=-lpthread -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat > perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc > libc=libc-2.23.so, so=so, useshrplib=true, libperl=libperl.so > gnulibc_version='2.23' > Dynamic Linking: > dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/core_perl/CORE' > cccdlflags='-fPIC', lddlflags='-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -L/usr/local/lib -fstack-protector-strong' > > > --- > @INC for perl 5.22.1: > /home/frederik/scripts-misc/perl > /home/frederik/.local/lib/perl5/x86_64-linux-thread-multi > /home/frederik/.local/lib/perl5 > /usr/lib/perl5/site_perl > /usr/share/perl5/site_perl > /usr/lib/perl5/vendor_perl > /usr/share/perl5/vendor_perl > /usr/lib/perl5/core_perl > /usr/share/perl5/core_perl > . > > --- > Environment for perl 5.22.1: > HOME=/home/frederik > LANG=en_US.UTF-8 > LANGUAGE (unset) > LD_LIBRARY_PATH=/home/frederik/.local/arch/x86_64/lib:/home/frederik/.local/lib:/usr/local/lib > LOGDIR (unset) > PATH=/home/frederik/.local/bin:/home/frederik/projects/mailproc:/home/frederik/scripts-misc:/home/frederik/.local/arch/x86_64/bin:/usr/bin/core_perl:/usr/bin/vendor_perl:/usr/bin/site_perl:/usr/local/bin:/usr/local/sbin:/usr/bin > PERL5LIB=/home/frederik/scripts-misc/perl:/home/frederik/.local/lib/perl5: > PERL_BADLANG (unset) > PERL_LOCAL_LIB_ROOT=/home/frederik/.local/:/home/frederik/.local/:/home/frederik/.local/ > PERL_MB_OPT=--install_base "/home/frederik/.local/" > PERL_MM_OPT=INSTALL_BASE=/home/frederik/.local/ > SHELL=/bin/zsh >
CC: "bugs-bitbucket [...] rt.perl.org" <bugs-bitbucket [...] rt.perl.org>
To: Perl5 Porters <perl5-porters [...] perl.org>
From: Aaron Crane <arc [...] cpan.org>
Date: Sat, 26 Mar 2016 20:11:49 +0000
Subject: Re: [perl #127790] Re: segfault involving Data::Dumper, anonymous sub, and scalar ref
Download (untitled) / with headers
text/plain 793b
via RT <perlbug-followup@perl.org> wrote: Show quoted text
> A friend came up with a smaller test case: > > perl -e '{package DB;sub x {eval "\\\$s"} } my $s="hi";my $foo=sub {print $s;DB::x};&$foo;'
In the interests of further reducing it: it turns out that neither the value of $s nor the "print" are necessary: $ perl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB::f}->()' Segmentation fault: 11 Under -DEBUGGING, we get an assertion failure instead (including under miniperl): $ ./miniperl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB::f}->()' Assertion failed: (cv), function S_mark_padname_lvalue, file op.c, line 2625. Abort trap: 6 This is a part of the core I know essentially nothing about, though, so I'm afraid I'll have to stop there. -- Aaron Crane ** http://aaroncrane.co.uk/
Subject: Re: [perl #127790] Re: segfault involving Data::Dumper, anonymous sub, and scalar ref
From: Dave Mitchell <davem [...] iabyn.com>
To: Aaron Crane <arc [...] cpan.org>
Date: Mon, 28 Mar 2016 15:56:49 +0100
CC: Perl5 Porters <perl5-porters [...] perl.org>, "bugs-bitbucket [...] rt.perl.org" <bugs-bitbucket [...] rt.perl.org>
Download (untitled) / with headers
text/plain 1.5k
On Sat, Mar 26, 2016 at 08:11:49PM +0000, Aaron Crane wrote: Show quoted text
> via RT <perlbug-followup@perl.org> wrote:
> > A friend came up with a smaller test case: > > > > perl -e '{package DB;sub x {eval "\\\$s"} } my $s="hi";my $foo=sub {print $s;DB::x};&$foo;'
> > In the interests of further reducing it: it turns out that neither the > value of $s nor the "print" are necessary: > > $ perl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB::f}->()' > Segmentation fault: 11 > > Under -DEBUGGING, we get an assertion failure instead (including under > miniperl): > > $ ./miniperl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB::f}->()' > Assertion failed: (cv), function S_mark_padname_lvalue, file op.c, line 2625. > Abort trap: 6 > > This is a part of the core I know essentially nothing about, though, > so I'm afraid I'll have to stop there.
Fixed by commit aea0412a260d9d7295c0a5bebb8bb6978dc02ccd Author: David Mitchell <davem@iabyn.com> AuthorDate: Mon Mar 28 15:36:42 2016 +0100 Commit: David Mitchell <davem@iabyn.com> CommitDate: Mon Mar 28 15:36:42 2016 +0100 RT #127786: assertion failure with eval in DB pkg. Normally a cloned anon sud has a NULL CvOUTSIDE(), unless that sub can contain code that will do an eval. However, calling eval from within the DB package pretends that the eval was done in the caller's scope. which then trips up on the NULL CvOUTSIDE(). -- All wight. I will give you one more chance. This time, I want to hear no Wubens. No Weginalds. No Wudolf the wed-nosed weindeers. -- Life of Brian
Download (untitled) / with headers
text/plain 252b
Thank you for submitting this report. You have helped make Perl better. With the release of Perl 5.24.0 on May 9, 2016, this and 149 other issues have been resolved. Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org