New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CopSTASH can point to freed-and-reused SV #12155
Comments
From @cpansproutOn non-threaded builds, cops have a direct pointer to their stash, which is not reference-counted. caller returns undef in that case: $ ./perl -ILib -e 'package foo { sub bar { main::bar() } } sub bar { delete $::{"foo::"}; warn scalar caller }; foo::bar' But it returns undef by accident. cop_stash is pointing to a freed scalar, which is not SvOOK, so HvNAME_HEK returns false. I haven’t come up with a test case yet, but the freed scalar could be reused for another stash, giving erroneous results. Or it could be used for a scalar with the offset hack applied, which would result in crashes. In fixing another bug, there is a chance I will extend this bug to threaded perls, too. This is how I know the scalar is freed: $ gdb --args ./perl -ILib -e 'package foo { sub bar { main::bar() } } sub bar { delete $::{"foo::"}; warn caller }; foo::bar' (gdb) break Perl_pp_caller Breakpoint 1, Perl_pp_caller () at pp_ctl.c:1877 |
From @cpansproutOn Sun Jun 03 18:32:35 2012, sprout wrote:
I’m wondering whether this is even worth fixing. For non-threaded perls, it would require modifying any remaining op Under threads, we would have to make cops hold a refcount on the Having cops hold a refcount on the stash would result in too many
{ package foo; sub bar { main::bar() } } I’ve fixed that in commit e788621.
Which I have done. But fixing that other bug actually fixed about three -- Father Chrysostomos |
From [Unknown Contact. See original ticket]On Sun Jun 03 18:32:35 2012, sprout wrote:
I’m wondering whether this is even worth fixing. For non-threaded perls, it would require modifying any remaining op Under threads, we would have to make cops hold a refcount on the Having cops hold a refcount on the stash would result in too many
{ package foo; sub bar { main::bar() } } I’ve fixed that in commit e788621.
Which I have done. But fixing that other bug actually fixed about three -- Father Chrysostomos |
@cpansprout - Status changed from 'new' to 'open' |
From zefram@fysh.orgFather Chrysostomos wrote:
We could address this by giving every stash one extra counted ref upon -zefram |
From @cpansproutOn Nov 15, 2017, at 10:38 PM, Zefram via RT <perlbug-followup@perl.org> wrote:
See: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=75176
|
Migrated from rt.perl.org#113486 (status was 'open')
Searchable as RT113486$
The text was updated successfully, but these errors were encountered: