Skip Menu |
 
Report information
Id: 40995
Status: resolved
Priority: 0/
Queue: perl5

Owner: Nobody
Requestors: shlomif <shlomif [at] iglu.org.il>
Cc:
AdminCc:

Operating System: Linux
PatchStatus: (no value)
Severity: High
Type: core
Perl Version: 5.8.8
Fixed In: (no value)



CC: shlomif [...] iglu.org.il
Subject: Segfault due to a semicolon inside a dynamic array ref.
Date: Mon, 27 Nov 2006 18:47:24 +0200 (IST)
To: perlbug [...] perl.org
From: shlomif [...] iglu.org.il
Download (untitled) / with headers
text/plain 5.2k
This is a bug report for perl from shlomif@iglu.org.il, generated with the help of perlbug 1.35 running under perl v5.8.8. ----------------------------------------------------------------- [Please enter your report here] The following script is a test case for a segfault I'm getting in the compilation phase because of a semicolon inside an dynamic array ref. The code can be taken out of the eval, but then it would be harder to test, and with the eval the problem is still reproduced. <<<<<<<<<<<<<<<<<< use strict; use warnings; use Test::More tests => 1; eval <<'EOF'; sub func1 { my ($i, $j) = @_; sub { return [ $i->func2(); ]; }; } EOF # TEST ok(1, "Test compilation of semicolon inside [ ... ]"); Show quoted text
>>>>>>>>>>>>>>>>>>
Regards, Shlomi Fish http://www.shlomifish.org/ [Please do not change anything below this line] ----------------------------------------------------------------- --- Flags: category=core severity=high --- Site configuration information for perl v5.8.8: Configured by Mandriva at Fri Sep 8 20:00:54 CEST 2006. Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Platform: osname=linux, osvers=2.6.12-12mdksmp, archname=i386-linux uname='linux n4.mandriva.com 2.6.12-12mdksmp #1 smp fri sep 9 17:43:23 cest 2005 i686 intel(r) xeon(tm) cpu 2.80ghz gnulinux ' config_args='-des -Dinc_version_list=5.8.7 5.8.7/i386-linux 5.8.6 5.8.6/i386-linux 5.8.5 5.8.4 5.8.3 5.8.2 5.8.1 5.8.0 5.6.1 5.6.0 -Darchname=i386-linux -Dcc=gcc -Doptimize=-O2 -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fomit-frame-pointer -march=i586 -mtune=pentiumpro -fasynchronous-unwind-tables -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dsitebin=/usr/local/bin -Dsiteman1dir=/usr/local/share/man/man1 -Dsiteman3dir=/usr/local/share/man/man3 -Dman3ext=3pm -Dcf_by=Mandriva -Dmyhostname=localhost -Dperladmin=root@localhost -Dcf_email=root@localhost -Dd_dosuid -Ud_csh -Duseshrplib' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm', optimize='-O2 -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fomit-frame-pointer -march=i586 -mtune=pentiumpro -fasynchronous-unwind-tables', cppflags='-fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -I/usr/include/gdbm' ccversion='', gccversion='4.1.1 20060724 (prerelease) (4.1.1-3mdk)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='gcc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lndbm -lgdbm -ldl -lm -lcrypt -lutil -lc perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc libc=/lib/libc-2.4.so, so=so, useshrplib=true, libperl=libperl.so gnulibc_version='2.4' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.8.8/i386-linux/CORE' cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib' Locally applied patches: Mandriva Linux patches --- @INC for perl v5.8.8: /home/shlomi/apps/perl/modules/lib/perl5/site_perl/5.8.8//i386-linux /home/shlomi/apps/perl/modules/lib/perl5/site_perl/5.8.8/ /home/shlomi/apps/perl/modules/lib/perl5/5.8.8/i386-linux /home/shlomi/apps/perl/modules/lib/perl5/5.8.8 /usr/lib/perl5/5.8.8/i386-linux /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/i386-linux /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.7/i386-linux /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.6/i386-linux /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl . --- Environment for perl v5.8.8: HOME=/home/shlomi LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ADDRESS=en_US.UTF-8 LC_COLLATE=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 LC_IDENTIFICATION=en_US.UTF-8 LC_MEASUREMENT=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 LC_MONETARY=en_US.UTF-8 LC_NAME=en_US.UTF-8 LC_NUMERIC=en_US.UTF-8 LC_PAPER=en_US.UTF-8 LC_SOURCED=1 LC_TELEPHONE=en_US.UTF-8 LC_TIME=en_US.UTF-8 LD_LIBRARY_PATH=/usr/local/apps/svn-repos/lib/ LOGDIR (unset) PATH=/home/shlomi/apps/perl/modules/bin:/home/shlomi/apps/latemp/bin:/home/shlomi/apps/file/gringotts/bin:/home/shlomi/apps/gimageview/bin:/home/shlomi/apps/test/quadpres/bin:/usr/local/apps/svn-repos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/games:/usr/lib/qt3//bin:/home/shlomi/bin:/usr/lib/ssh:/usr/lib/qt3//bin PERL5LIB=/home/shlomi/apps/perl/modules/lib/perl5/site_perl/5.8.8/:/home/shlomi/apps/perl/modules/lib/perl5/5.8.8 PERL_BADLANG (unset) SHELL=/bin/bash
Subject: Re: [perl #40995] Segfault due to a semicolon inside a dynamic array ref.
Date: Mon, 27 Nov 2006 15:14:26 -0200
To: perl5-porters [...] perl.org
From: "Adriano Ferreira" <a.r.ferreira [...] gmail.com>
Download (untitled) / with headers
text/plain 1.1k
On 11/27/06, via RT Shlomi Fish <perlbug-followup@perl.org> wrote: Show quoted text
> The following script is a test case for a segfault I'm getting in the > compilation phase because of a semicolon inside an dynamic array ref. > The code can be taken out of the eval, but then it would be harder to test, > and with the eval the problem is still reproduced. > > <<<<<<<<<<<<<<<<<< > > use strict; > use warnings; > > use Test::More tests => 1; > > eval <<'EOF'; > sub func1 > { > my ($i, $j) = @_; > > sub { return [ $i->func2(); ]; }; > } > EOF > > # TEST > ok(1, "Test compilation of semicolon inside [ ... ]"); >
> >>>>>>>>>>>>>>>>>>
In Cygwin, I got $ perl h.pl 7 [main] perl 1856 _cygtls::handle_exceptions: Error while dumping state ( probably corrupted stack) Segmentation fault (core dumped) This code still segfault: sub { my ($i, $j) = @_; sub { [ $i->f(); ] }; } but not this sub { my ($i) = @_; sub { [ $i->f(); ] }; } which dies $ perl h.pl syntax error at h.pl line 6, near ");" syntax error at h.pl line 7, near "}" Execution of h.pl aborted due to compilation errors.
RT-Send-CC: perl5-porters [...] perl.org
From my tests, this appears to be resolved in bleadperl.
From: Shlomi Fish <shlomif [...] iglu.org.il>
Download (untitled) / with headers
text/plain 648b
Hi, I see you closed the bug as resolved because it does not happen in bleadperl. Well, not so fast, please. What still needs to be done is: 1. Add this as a test-case to the perl 5 test-suite. 2. Write a patch for the perl-5.8.x line. (Which is still heavily used). 3. Investigate the crash, and see if it poses security risks. This problem may possibly be used to crash programs that let the user evaluate Perl code. (such as eval IRC bots, PostgreSQL's PL/Perl etc.), so it also needs to be fixed in 5.8.x. Regards, Shlomi Fish On Mon Nov 27 09:52:54 2006, rafael wrote: Show quoted text
> From my tests, this appears to be resolved in bleadperl.
Download (untitled) / with headers
text/plain 886b
Replying to myself I'd like to re-open this bug because it still affects perl-5.8.x. (per Nicholas Clark's request). Regards, Shlomi Fish On Mon Nov 27 13:09:54 2006, guest wrote: Show quoted text
> Hi, I see you closed the bug as resolved because it does not happen
in Show quoted text
> bleadperl. Well, not so fast, please. What still needs to be done
is: Show quoted text
> > 1. Add this as a test-case to the perl 5 test-suite. > > 2. Write a patch for the perl-5.8.x line. (Which is still heavily > used). > > 3. Investigate the crash, and see if it poses security risks. > > This problem may possibly be used to crash programs that let the
user Show quoted text
> evaluate Perl code. (such as eval IRC bots, PostgreSQL's PL/Perl > etc.), so it also needs to be fixed in 5.8.x. > > Regards, > > Shlomi Fish > > On Mon Nov 27 09:52:54 2006, rafael wrote:
> > From my tests, this appears to be resolved in bleadperl.
>
CC: "OtherRecipients of perl Ticket #40995": ;, perl5-porters [...] perl.org
Subject: Re: [perl #40995] Segfault due to a semicolon inside a dynamic array ref.
Date: Mon, 12 Mar 2007 07:01:22 +0100
To: "Rafael Garcia-Suarez via RT" <perlbug-followup [...] perl.org>
From: andreas.koenig.7os6VVqR [...] franz.ak.mind.de (Andreas J. Koenig)
Download (untitled) / with headers
text/plain 925b
Show quoted text
>>>>> On Mon, 27 Nov 2006 09:52:55 -0800, "Rafael Garcia-Suarez via RT" <perlbug-followup@perl.org> said:
FWIW, this is what binary search says: Show quoted text
----Program---- use strict; use warnings; use Test::More tests => 1; eval <<'EOF'; sub func1 { my ($i, $j) = @_; sub { return [ $i->func2(); ]; }; } EOF # TEST ok(1, "Test compilation of semicolon inside [ ... ]"); ----Output of .../p4uyj6N/perl-5.8.0@22273/bin/perl---- 1..1 ----EOF ($?='11')---- ----Output of .../pO842AD/perl-5.8.0@22278/bin/perl---- 1..1 ok 1 - Test compilation of semicolon inside [ ... ] ----EOF ($?='0')---- Change 22278 by nicholas@faith on 2004/02/07 19:50:10 hv_clear_placeholders now manipulates the linked lists directly, rather than using the iterator interface and calling hv_delete This will allow hv_delete to be simplified to remove most of the special casing related to placeholders. -- andreas
CC: Rafael Garcia-Suarez via RT <perlbug-followup [...] perl.org>, "OtherRecipients of perl Ticket #40995": ;, perl5-porters [...] perl.org
Subject: Re: [perl #40995] Segfault due to a semicolon inside a dynamic array ref.
Date: Mon, 12 Mar 2007 09:53:20 +0000
To: "Andreas J. Koenig" <andreas.koenig.7os6VVqR [...] franz.ak.mind.de>
From: Dave Mitchell <davem [...] iabyn.com>
Download (untitled) / with headers
text/plain 1.2k
On Mon, Mar 12, 2007 at 07:01:22AM +0100, Andreas J. Koenig wrote: Show quoted text
> >>>>> On Mon, 27 Nov 2006 09:52:55 -0800, "Rafael Garcia-Suarez via RT" <perlbug-followup@perl.org> said:
> > FWIW, this is what binary search says:
In this case, the result is a bit misleading. The actual bug is in using the wrong pad when freeing ops after a compile error in a sub. Whether it segfaults is down to luck. Show quoted text
> > ----Program---- > use strict; > use warnings; > > use Test::More tests => 1; > > eval <<'EOF'; > sub func1 > { > my ($i, $j) = @_; > > sub { return [ $i->func2(); ]; }; > } > EOF > > # TEST > ok(1, "Test compilation of semicolon inside [ ... ]"); > > > ----Output of .../p4uyj6N/perl-5.8.0@22273/bin/perl---- > 1..1 > > ----EOF ($?='11')---- > ----Output of .../pO842AD/perl-5.8.0@22278/bin/perl---- > 1..1 > ok 1 - Test compilation of semicolon inside [ ... ] > > ----EOF ($?='0')---- > > > > > Change 22278 by nicholas@faith on 2004/02/07 19:50:10 > > hv_clear_placeholders now manipulates the linked lists directly, rather > than using the iterator interface and calling hv_delete > This will allow hv_delete to be simplified to remove most of the > special casing related to placeholders. > > -- > andreas
-- My get-up-and-go just got up and went.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org