Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault while parsing incorrect code #14438

Closed
p5pRT opened this issue Jan 22, 2015 · 14 comments
Closed

Segmentation fault while parsing incorrect code #14438

p5pRT opened this issue Jan 22, 2015 · 14 comments

Comments

@p5pRT
Copy link

p5pRT commented Jan 22, 2015

Migrated from rt.perl.org#123652 (status was 'resolved')

Searchable as RT123652$

@p5pRT
Copy link
Author

p5pRT commented Jan 22, 2015

From thecrux@gmail.com

Got interesting SIGSEGV case

  $ perl -e '$1=eval{a​:}'
  zsh​: segmentation fault perl -e '$1=eval{a​:}'

SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems not affected

When debugging enabled i've got SIGABRT instead of SIGSEGV

  $ perlbrew use perl-5.21.6-thr-dbg
  $ gdb --args perl -e '$1=eval{a​:}'
  (gdb) run
  Program received signal SIGABRT, Aborted.
  0x00007ffff7106365 in __GI_raise (sig=sig@​entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56

  $(gdb) bt
  #0 0x00007ffff7106365 in __GI_raise (sig=sig@​entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56
  #1 0x00007ffff71077e8 in __GI_abort () at abort.c​:90
  #2 0x00007ffff70ff3b3 in __assert_fail_base (fmt=0x7ffff723e6f8 "%s%s%s​:%u​: %s%sAssertion `%s' failed.\n%n",
  assertion=assertion@​entry=0x60d840 "((LOGOP*)o)->op_other->op_type == OP_LEAVETRY", file=file@​entry=0x6ab222 "op.c",
  line=line@​entry=12600, function=function@​entry=0x614e6d <__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c​:92
  #3 0x00007ffff70ff462 in __GI___assert_fail (
  assertion=assertion@​entry=0x60d840 "((LOGOP*)o)->op_other->op_type == OP_LEAVETRY", file=file@​entry=0x6ab222 "op.c",
  line=line@​entry=12600, function=function@​entry=0x614e6d <__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c​:101
  #4 0x0000000000431bed in Perl_rpeep (my_perl=0x8e7010, o=0x919688) at op.c​:12600
  ...

  (gdb)frame 4
  (gdb)list
  12598
  12599 case OP_ENTERTRY​:
  12600 assert(cLOGOPo->op_other->op_type == OP_LEAVETRY);
  12601 DEFER(cLOGOPo->op_other);
  12602 break;
  12603

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2015

From @jkeenan

On Thu Jan 22 06​:15​:40 2015, crux wrote​:

Got interesting SIGSEGV case

$ perl -e '$1=eval{a​:}'
zsh​: segmentation fault perl -e '$1=eval{a​:}'

SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems
not affected

When debugging enabled i've got SIGABRT instead of SIGSEGV

$ perlbrew use perl-5.21.6-thr-dbg
$ gdb --args perl -e '$1=eval{a​:}'
(gdb) run
Program received signal SIGABRT, Aborted.
0x00007ffff7106365 in __GI_raise (sig=sig@​entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c​:56

$(gdb) bt
#0 0x00007ffff7106365 in __GI_raise (sig=sig@​entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c​:56
#1 0x00007ffff71077e8 in __GI_abort () at abort.c​:90
#2 0x00007ffff70ff3b3 in __assert_fail_base (fmt=0x7ffff723e6f8
"%s%s%s​:%u​: %s%sAssertion `%s' failed.\n%n",
assertion=assertion@​entry=0x60d840 "((LOGOP*)o)->op_other->op_type ==
OP_LEAVETRY", file=file@​entry=0x6ab222 "op.c",
line=line@​entry=12600, function=function@​entry=0x614e6d
<__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c​:92
#3 0x00007ffff70ff462 in __GI___assert_fail (
assertion=assertion@​entry=0x60d840 "((LOGOP*)o)->op_other->op_type ==
OP_LEAVETRY", file=file@​entry=0x6ab222 "op.c",
line=line@​entry=12600, function=function@​entry=0x614e6d
<__PRETTY_FUNCTION__.22182> "Perl_rpeep") at assert.c​:101
#4 0x0000000000431bed in Perl_rpeep (my_perl=0x8e7010, o=0x919688) at
op.c​:12600
...

(gdb)frame 4
(gdb)list
12598
12599 case OP_ENTERTRY​:
12600 assert(cLOGOPo->op_other->op_type ==
OP_LEAVETRY);
12601 DEFER(cLOGOPo->op_other);
12602 break;
12603

Confirmed; see attachment.

--
James E Keenan (jkeenan@​cpan.org)

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2015

From @jkeenan

[perl] 88 $ ./perl -e '$1=eval{a​:}'
perl​: op.c​:13712​: Perl_rpeep​: Assertion `((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY' failed.
Aborted (core dumped)

[perl] 89 $ gdb --args ./perl -e '$1=eval{a​:}'
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+​: GNU GPL version 3 or later <http​://gnu.org/licenses/gpl.html>
This is free software​: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see​:
<http​://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at​:
<http​://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./perl...done.
(gdb) run
Starting program​: /home/jkeenan/gitwork/perl/perl -e \$1=eval\{a​:\}
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
perl​: op.c​:13712​: Perl_rpeep​: Assertion `((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff70e9cc9 in __GI_raise (sig=sig@​entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c​: No such file or directory.
(gdb) bt
#0 0x00007ffff70e9cc9 in __GI_raise (sig=sig@​entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c​:56
#1 0x00007ffff70ed0d8 in __GI_abort () at abort.c​:89
#2 0x00007ffff70e2b86 in __assert_fail_base (
  fmt=0x7ffff72343d0 "%s%s%s​:%u​: %s%sAssertion `%s' failed.\n%n",
  assertion=assertion@​entry=0x607140 "((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY",
  file=file@​entry=0x6a0aea "op.c", line=line@​entry=13712,
  function=function@​entry=0x60ab66 <__PRETTY_FUNCTION__.22275> "Perl_rpeep") at assert.c​:92
#3 0x00007ffff70e2c32 in __GI___assert_fail (
  assertion=assertion@​entry=0x607140 "((LOGOP*)(o))->op_other->op_type == OP_LEAVETRY",
  file=file@​entry=0x6a0aea "op.c", line=line@​entry=13712,
  function=function@​entry=0x60ab66 <__PRETTY_FUNCTION__.22275> "Perl_rpeep") at assert.c​:101
#4 0x0000000000439270 in Perl_rpeep (my_perl=0x8e2010, o=0x9189a8) at op.c​:13712
#5 0x000000000042eb1c in Perl_newPROG (my_perl=0x8e2010, o=0x919210) at op.c​:4100
#6 0x000000000048e23b in Perl_yyparse (my_perl=my_perl@​entry=0x8e2010, gramtype=gramtype@​entry=258)
  at perly.y​:120
#7 0x000000000044e140 in S_parse_body (xsinit=0x41d540 <xs_init>, env=0x0, my_perl=0x8e2010) at perl.c​:2273
#8 perl_parse (my_perl=0x8e2010, xsinit=xsinit@​entry=0x41d540 <xs_init>, argc=<optimized out>,
  argv=<optimized out>, env=env@​entry=0x0) at perl.c​:1607
#9 0x000000000041d3a9 in main (argc=3, argv=0x7fffffffd9d8, env=0x7fffffffd9f8) at perlmain.c​:114
(gdb) frame 4
#4 0x0000000000439270 in Perl_rpeep (my_perl=0x8e2010, o=0x9189a8) at op.c​:13712
13712 assert(cLOGOPo->op_other->op_type == OP_LEAVETRY);
(gdb) list
13707 * process the rest of the code */
13708 DEFER(cLOOP->op_lastop);
13709 break;
13710
13711 case OP_ENTERTRY​:
13712 assert(cLOGOPo->op_other->op_type == OP_LEAVETRY);
13713 DEFER(cLOGOPo->op_other);
13714 break;
13715
13716 case OP_SUBST​:
(gdb)

Summary of my perl5 (revision 5 version 21 subversion 9) configuration​:
  Commit id​: 6a40a72
  Platform​:
  osname=linux, osvers=3.13.0-44-generic, archname=x86_64-linux-thread-multi
  uname='linux zareason 3.13.0-44-generic #73-ubuntu smp tue dec 16 00​:22​:43 utc 2014 x86_64 x86_64 x86_64 gnulinux '
  config_args='-des -Dusedevel -DDEBUGGING -Duseithreads'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.8.2', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/4.8/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
  libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
  perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
  libc=libc-2.19.so, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.19'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector'

Characteristics of this binary (from libperl)​:
  Compile-time options​: DEBUGGING HAS_TIMES MULTIPLICITY PERLIO_LAYERS
  PERL_DONT_CREATE_GVSV
  PERL_HASH_FUNC_ONE_AT_A_TIME_HARD
  PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP
  PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV
  PERL_TRACK_MEMPOOL PERL_USE_DEVEL USE_64_BIT_ALL
  USE_64_BIT_INT USE_ITHREADS USE_LARGE_FILES
  USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE
  USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_PERLIO
  USE_PERL_ATOF USE_REENTRANT_API
  Built under linux
  Compiled at Jan 22 2015 21​:57​:41
  %ENV​:
  PERL5LIB="/home/jkeenan/perl5/lib/perl5"
  PERLBREW_BASHRC_VERSION="0.67"
  PERLBREW_HOME="/home/jkeenan/.perlbrew"
  PERLBREW_MANPATH="/home/jkeenan/perl5/perlbrew/perls/perl-5.20.1/man"
  PERLBREW_PATH="/home/jkeenan/perl5/perlbrew/bin​:/home/jkeenan/perl5/perlbrew/perls/perl-5.20.1/bin"
  PERLBREW_PERL="perl-5.20.1"
  PERLBREW_ROOT="/home/jkeenan/perl5/perlbrew"
  PERLBREW_VERSION="0.67"
  PERL_LOCAL_LIB_ROOT="/home/jkeenan/perl5"
  PERL_MB_OPT="--install_base "/home/jkeenan/perl5""
  PERL_MM_OPT="INSTALL_BASE=/home/jkeenan/perl5"
  PERL_WORKDIR="gitwork/perl"
  @​INC​:
  lib
  /home/jkeenan/perl5/lib/perl5
  /usr/local/lib/perl5/site_perl/5.21.9/x86_64-linux-thread-multi
  /usr/local/lib/perl5/site_perl/5.21.9
  /usr/local/lib/perl5/5.21.9/x86_64-linux-thread-multi
  /usr/local/lib/perl5/5.21.9
  .

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2015

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2015

From @cpansprout

On Thu Jan 22 06​:15​:40 2015, crux wrote​:

Got interesting SIGSEGV case

$ perl -e '$1=eval{a​:}'
zsh​: segmentation fault perl -e '$1=eval{a​:}'

SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems
not affected

5.21.4 is unaffected. 5.14.4 crashes.

Your subject is slightly wrong. The code is not invalid. (It just dies at run time because $1 is read-only.) You can have a label at the end of a block.

I’ll run a bisect.

--

Father Chrysostomos

@p5pRT
Copy link
Author

p5pRT commented Jan 23, 2015

From @cpansprout

On Thu Jan 22 21​:56​:06 2015, sprout wrote​:

On Thu Jan 22 06​:15​:40 2015, crux wrote​:

Got interesting SIGSEGV case

$ perl -e '$1=eval{a​:}'
zsh​: segmentation fault perl -e '$1=eval{a​:}'

SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems
not affected

5.21.4 is unaffected. 5.14.4 crashes.

Your subject is slightly wrong. The code is not invalid. (It just
dies at run time because $1 is read-only.) You can have a label at
the end of a block.

I’ll run a bisect.

$ ../perl.git/Porting/bisect.pl --target=miniperl --start=v5.12.0 --end=v5.14.4 -e 'eval{$1=eval{a​:}}'
...
eae48c8 is the first bad commit
commit eae48c8
Author​: Zefram <zefram@​fysh.org>
Date​: Tue Oct 19 21​:16​:11 2010 +0100

  refactor and regularise label/statement grammar

--

Father Chrysostomos

@p5pRT
Copy link
Author

p5pRT commented Jan 24, 2015

From @jkeenan

On Thu Jan 22 21​:56​:06 2015, sprout wrote​:

On Thu Jan 22 06​:15​:40 2015, crux wrote​:

Got interesting SIGSEGV case

$ perl -e '$1=eval{a​:}'
zsh​: segmentation fault perl -e '$1=eval{a​:}'

SIGSEGV reproduced for Perl 5.16, 5.18, 5.20, blead. Perl 5.8.9 seems
not affected

5.21.4 is unaffected. 5.14.4 crashes.

Your subject is slightly wrong. The code is not invalid. (It just
dies at run time because $1 is read-only.) You can have a label at
the end of a block.

So, can we have the attempt to assign to $1 throw a more tidy exception?

--
James E Keenan (jkeenan@​cpan.org)

@p5pRT
Copy link
Author

p5pRT commented Jan 25, 2015

From @cpansprout

Fixed in 2f465e0.

--

Father Chrysostomos

@p5pRT
Copy link
Author

p5pRT commented Jan 25, 2015

@cpansprout - Status changed from 'open' to 'resolved'

@p5pRT
Copy link
Author

p5pRT commented Jan 25, 2015

@cpansprout - Status changed from 'resolved' to 'pending release'

@p5pRT
Copy link
Author

p5pRT commented Jan 25, 2015

From thecrux@gmail.com

On Sat, Jan 24, 2015 at 05​:23​:34PM -0800, Father Chrysostomos via RT wrote​:

Fixed in 2f465e0.

Great, thank you. Whether this fix will be ported to stable 5.20 branch?

@p5pRT
Copy link
Author

p5pRT commented Jan 25, 2015

From @steve-m-hay

On Sat Jan 24 23​:39​:31 2015, crux wrote​:

On Sat, Jan 24, 2015 at 05​:23​:34PM -0800, Father Chrysostomos via RT wrote​:

Fixed in 2f465e0.

Great, thank you. Whether this fix will be ported to stable 5.20 branch?

It looks like a suitable candidate for backporting, so I've just added it to the voting file, and it will be in 5.20.2 if a couple of other committers agree​:

http​://perl5.git.perl.org/perl.git/commit/f10d2881c7

@p5pRT
Copy link
Author

p5pRT commented Jun 2, 2015

From @khwilliamson

Thanks for submitting this ticket

The issue should be resolved with the release today of Perl v5.22, available at http​://www.perl.org/get.html
If you find that the problem persists, feel free to reopen this ticket

--
Karl Williamson for the Perl 5 porters team

@p5pRT
Copy link
Author

p5pRT commented Jun 2, 2015

@khwilliamson - Status changed from 'pending release' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant