From @hvds

AFL (<http​://lcamtuf.coredump.cx/afl/>) finds this​:

% /miniperl -e '&{0 == &{0 == 0}} * 0'
Segmentation fault (core dumped)
%

Running with -Ds shows a stack underflow - the multiply is just a way to show it​:

% ./miniperl -e '$^D="st"; &{0 == &{0 == 0}}'
  => PVMG("st"\0)
(-e​:1) nextstate
  =>
(-e​:1) pushmark
  => *
(-e​:1) const(IV(0))
  => * IV(0)
(-e​:1) pushmark
  => * IV(0) *
(-e​:1) const(SV_YES)
  => * IV(0) * SV_YES
(-e​:1) entersub
  => * IV(0)
(-e​:1) eq
  => [STACK UNDERFLOW!!!]
*
(-e​:1) entersub
  => [STACK UNDERFLOW!!!]

(-e​:1) leave
%

I'm unlikely to have time for further debugging on this one any time soon.

Hugo

From @cpansprout

On Sat Feb 28 03​:46​:02 2015, hv wrote​:

AFL (<http​://lcamtuf.coredump.cx/afl/>) finds this​:

% /miniperl -e '&{0 == &{0 == 0}} * 0'
Segmentation fault (core dumped)
%

Running with -Ds shows a stack underflow - the multiply is just a way
to show it​:

% ./miniperl -e '$^D="st"; &{0 == &{0 == 0}}'
=> PVMG("st"\0)
(-e​:1) nextstate
=>
(-e​:1) pushmark
=> *
(-e​:1) const(IV(0))
=> * IV(0)
(-e​:1) pushmark
=> * IV(0) *
(-e​:1) const(SV_YES)
=> * IV(0) * SV_YES
(-e​:1) entersub
=> * IV(0)
(-e​:1) eq
=> [STACK UNDERFLOW!!!]
*
(-e​:1) entersub
=> [STACK UNDERFLOW!!!]

(-e​:1) leave
%

I'm unlikely to have time for further debugging on this one any time
soon.

I find this clearer​:

$ ./miniperl -e 'warn 1, 2, 3, &{0 == 0} * 0, 4, 5, 6'
120456 at -e line 1.

This has something to do with the &PL_sv_yes-as-a-sub hack, which is used to implement missing ->import methods. That this was ever exposed to Perl space is a bug, IMHO, though we have explicit tests for it.

However, it is not limited to &{0 == 0}​:

$ ./miniperl -e 'warn 1, 2, 3, main->import * 0, 4, 5, 6'
120456 at -e line 1.

I see the same results with 5.8.7 and blead.

--

Father Chrysostomos

The RT System itself - Status changed from 'new' to 'open'