Skip Menu |
Report information
Id: 132920
Status: open
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: brian.carpenter [at] gmail.com
Cc:
AdminCc:

Operating System: (no value)
PatchStatus: (no value)
Severity: low
Type: unknown
Perl Version: (no value)
Fixed In: (no value)



Subject: Assertion `SvTYPE(sv) != (svtype)SVTYPEMASK' failed
From: "Brian C." <brian.carpenter [...] gmail.com>
Date: Tue, 27 Feb 2018 20:02:59 -0600
To: perlbug [...] perl.org
Download (untitled) / with headers
text/plain 1.9k
This assertion failure is triggered in Perl v5.27.9 (v5.27.8-408-ga0da1e1.

./perl -e '($a)=map[split//],G0;$0=map abs($0[$a++]),@$a'

perl: sv.c:6508: void Perl_sv_clear(SV *const): Assertion `SvTYPE(sv) != (svtype)SVTYPEMASK' failed.

Testing against the installed v5.22.1 on Ubuntu with valgrind, I see this:

==26560== Invalid read of size 1
==26560==    at 0x4C3008: ??? (in /usr/bin/perl)
==26560==    by 0x4C31AD: Perl_sv_unmagic (in /usr/bin/perl)
==26560==    by 0x4C216A: Perl_sv_clear (in /usr/bin/perl)
==26560==    by 0x4C2ABC: Perl_sv_free2 (in /usr/bin/perl)
==26560==    by 0x4F17CF: Perl_leave_scope (in /usr/bin/perl)
==26560==    by 0x4F934F: Perl_pp_mapwhile (in /usr/bin/perl)
==26560==    by 0x4B62C5: Perl_runops_standard (in /usr/bin/perl)
==26560==    by 0x443BC8: perl_run (in /usr/bin/perl)
==26560==    by 0x41CB2A: main (in /usr/bin/perl)
==26560==  Address 0xff00000012 is not stack'd, malloc'd or (recently) free'd
==26560==
==26560==
==26560== Process terminating with default action of signal 11 (SIGSEGV)
==26560==  Access not within mapped region at address 0xFF00000012
==26560==    at 0x4C3008: ??? (in /usr/bin/perl)
==26560==    by 0x4C31AD: Perl_sv_unmagic (in /usr/bin/perl)
==26560==    by 0x4C216A: Perl_sv_clear (in /usr/bin/perl)
==26560==    by 0x4C2ABC: Perl_sv_free2 (in /usr/bin/perl)
==26560==    by 0x4F17CF: Perl_leave_scope (in /usr/bin/perl)
==26560==    by 0x4F934F: Perl_pp_mapwhile (in /usr/bin/perl)
==26560==    by 0x4B62C5: Perl_runops_standard (in /usr/bin/perl)
==26560==    by 0x443BC8: perl_run (in /usr/bin/perl)
==26560==    by 0x41CB2A: main (in /usr/bin/perl)
==26560==  If you believe this happened as a result of a stack
==26560==  overflow in your program's main thread (unlikely but
==26560==  possible), you can try to increase the size of the
==26560==  main thread stack using the --main-stacksize= flag.
==26560==  The main thread stack size used in this run was 8388608.
Segmentation fault
RT-Send-CC: perl5-porters [...] perl.org
Download (untitled) / with headers
text/plain 600b
On Tue, 27 Feb 2018 18:03:54 -0800, brian.carpenter@gmail.com wrote: Show quoted text
> This assertion failure is triggered in Perl v5.27.9 (v5.27.8-408-ga0da1e1. > > ./perl -e '($a)=map[split//],G0;$0=map abs($0[$a++]),@$a' > > perl: sv.c:6508: void Perl_sv_clear(SV *const): Assertion `SvTYPE(sv) != > (svtype)SVTYPEMASK' failed.
This looks like another stack-not-refcunted issue. $a ends up as [ "G", "0" ], and the "G" and "0" scalars are pushed onto the stack. The $a++ converts $a from a reference to a large integer, freeing both the array and it's contents, leaving an unreferenced SV on the stack. Tony


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org