Skip Menu |
Report information
Id: 131929
Status: open
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: zefram [at] fysh.org
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: core
Perl Version: 5.27.2
Fixed In: (no value)



Subject: multi-arg open() error leaks
From: zefram [...] fysh.org
CC: zefram [...] fysh.org
Date: Sat, 19 Aug 2017 04:07:47 +0100
To: perlbug [...] perl.org
Download (untitled) / with headers
text/plain 4.7k
This is a bug report for perl from zefram@fysh.org, generated with the help of perlbug 1.40 running under perl 5.27.2. ----------------------------------------------------------------- [Please describe your issue here] If an open() operation specifies a list of layers, and has more than one argument, and the layer handling the opening can't accept more than one argument, then the operation leaks: $ perl -lwe 'for(0..2) { system("ps u $$"); for(0..9999) { eval { open($f, ">:scalar", \$a, 2) } } }' Name "main::f" used only once: possible typo at -e line 1. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND zefram 10526 0.0 0.0 22268 3268 pts/3 S+ 03:59 0:00 perl -lwe for(0 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND zefram 10526 0.0 0.0 26308 6076 pts/3 S+ 03:59 0:00 perl -lwe for(0 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND zefram 10526 0.0 0.0 28156 7964 pts/3 S+ 03:59 0:00 perl -lwe for(0 The problem is that the argument count error is signalled as an exception (unlike most opening errors) but explicit freeing of the layer list is required (in PerlIO_openn()). I'm not sure which part of this is the bug: perhaps the error ought to be signalled through errno, or perhaps the code branch that croaks should explicitly free the layer list, or perhaps the operation should be made robust against all exceptions by using some arrangement like mortalisation to free the layer list. [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=low --- Site configuration information for perl 5.27.2: Configured by zefram at Thu Jul 20 23:32:33 BST 2017. Summary of my perl5 (revision 5 version 27 subversion 2) configuration: Platform: osname=linux osvers=3.16.0-4-amd64 archname=x86_64-linux-thread-multi uname='linux barba.rous.org 3.16.0-4-amd64 #1 smp debian 3.16.43-2+deb8u2 (2017-06-26) x86_64 gnulinux ' config_args='-des -Dprefix=/home/zefram/usr/perl/perl_install/perl-5.27.2-i64-f52 -Duselargefiles -Dusethreads -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dusedevel -Uversiononly -Ui_db' hint=recommended useposix=true d_sigaction=define useithreads=define usemultiplicity=define use64bitint=define use64bitall=define uselongdouble=undef usemymalloc=n default_inc_excludes_dot=define bincompat5005=undef Compiler: cc='cc' ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2' optimize='-O2' cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include' ccversion='' gccversion='4.9.2' gccosandvers='' intsize=4 longsize=8 ptrsize=8 doublesize=8 byteorder=12345678 doublekind=3 d_longlong=define longlongsize=8 d_longdbl=define longdblsize=16 longdblkind=3 ivtype='long' ivsize=8 nvtype='double' nvsize=8 Off_t='off_t' lseeksize=8 alignbytes=8 prototype=define Linker and Libraries: ld='cc' ldflags =' -fstack-protector-strong -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib libs=-lpthread -lnsl -ldb -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=libc-2.19.so so=so useshrplib=true libperl=libperl.so gnulibc_version='2.19' Dynamic Linking: dlsrc=dl_dlopen.xs dlext=so d_dlsymun=undef ccdlflags='-Wl,-E -Wl,-rpath,/home/zefram/usr/perl/perl_install/perl-5.27.2-i64-f52/lib/5.27.2/x86_64-linux-thread-multi/CORE' cccdlflags='-fPIC' lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector-strong' --- @INC for perl 5.27.2: /home/zefram/usr/perl/perl_install/perl-5.27.2-i64-f52/lib/site_perl/5.27.2/x86_64-linux-thread-multi /home/zefram/usr/perl/perl_install/perl-5.27.2-i64-f52/lib/site_perl/5.27.2 /home/zefram/usr/perl/perl_install/perl-5.27.2-i64-f52/lib/5.27.2/x86_64-linux-thread-multi /home/zefram/usr/perl/perl_install/perl-5.27.2-i64-f52/lib/5.27.2 --- Environment for perl 5.27.2: HOME=/home/zefram LANG (unset) LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/zefram/usr/perl/perl_install/perl-5.27.2-i64-f52/bin:/home/zefram/usr/perl/util:/home/zefram/pub/x86_64-unknown-linux-gnu/bin:/home/zefram/pub/common/bin:/usr/bin:/bin:/usr/local/bin:/usr/games PERLDOC=-oman PERL_BADLANG (unset) SHELL=/usr/bin/zsh
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 3.3k
On Sat, 19 Aug 2017 03:07:58 GMT, zefram@fysh.org wrote: Show quoted text
> > This is a bug report for perl from zefram@fysh.org, > generated with the help of perlbug 1.40 running under perl 5.27.2. > > > ----------------------------------------------------------------- > [Please describe your issue here] > > If an open() operation specifies a list of layers, and has more than > one > argument, and the layer handling the opening can't accept more than > one > argument, then the operation leaks: > > $ perl -lwe 'for(0..2) { system("ps u $$"); for(0..9999) { eval { > open($f, ">:scalar", \$a, 2) } } }' > Name "main::f" used only once: possible typo at -e line 1. > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME > COMMAND > zefram 10526 0.0 0.0 22268 3268 pts/3 S+ 03:59 0:00 perl > -lwe for(0 > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME > COMMAND > zefram 10526 0.0 0.0 26308 6076 pts/3 S+ 03:59 0:00 perl > -lwe for(0 > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME > COMMAND > zefram 10526 0.0 0.0 28156 7964 pts/3 S+ 03:59 0:00 perl > -lwe for(0 > > The problem is that the argument count error is signalled as an > exception > (unlike most opening errors) but explicit freeing of the layer list is > required (in PerlIO_openn()). I'm not sure which part of this is the > bug: perhaps the error ought to be signalled through errno, or perhaps > the code branch that croaks should explicitly free the layer list, or > perhaps the operation should be made robust against all exceptions by > using some arrangement like mortalisation to free the layer list. >
Bug appears to have been introduced somewhere in perl-5.8. ##### $ perlbrew use perl-5.6.2 $ perl -v | head -2 | tail -1 This is perl, v5.6.2 built for x86_64-linux $ perl -lwe 'for(0..2) { system("ps u $$"); for(0..9999) { eval { open($f, ">:scalar", \$a, 2) } } }' Name "main::a" used only once: possible typo at -e line 1. Name "main::f" used only once: possible typo at -e line 1. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND jkeenan 26442 0.0 0.0 17460 3088 pts/31 S+ 21:50 0:00 perl -lwe for(0..2) { system("ps USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND jkeenan 26442 0.0 0.0 17460 3088 pts/31 S+ 21:50 0:00 perl -lwe for(0..2) { system("ps USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND jkeenan 26442 0.0 0.0 17460 3088 pts/31 S+ 21:50 0:00 perl -lwe for(0..2) { system("ps ##### $ perlbrew use perl-5.8.9 $ perl -v | head -2 | tail -1 This is perl, v5.8.9 built for x86_64-linux $ perl -lwe 'for(0..2) { system("ps u $$"); for(0..9999) { eval { open($f, ">:scalar", \$a, 2) } } }' Name "main::a" used only once: possible typo at -e line 1. Name "main::f" used only once: possible typo at -e line 1. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND jkeenan 26553 0.0 0.0 17796 3008 pts/31 S+ 21:52 0:00 perl -lwe for(0..2) { system("ps USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND jkeenan 26553 0.0 0.1 21972 5320 pts/31 S+ 21:52 0:00 perl -lwe for(0..2) { system("ps USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND jkeenan 26553 0.0 0.1 23952 7412 pts/31 S+ 21:52 0:00 perl -lwe for(0..2) { system("ps ##### Thank you very much. -- James E Keenan (jkeenan@cpan.org)
From: Zefram <zefram [...] fysh.org>
Subject: Re: [perl #131929] multi-arg open() error leaks
Date: Wed, 23 Aug 2017 03:21:25 +0100
To: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 424b
James E Keenan via RT wrote: Show quoted text
>Bug appears to have been introduced somewhere in perl-5.8.
The bug was present in the earliest released version to have that error message (5.7.3). Earlier versions of PerlIO layers, back to 5.7.1, are vulnerable to an exception happening in that area, such as in a layer's open method, but don't have that particular way of generating an exception. 5.6 doesn't have PerlIO layers. -zefram


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org