From internationils@gmx.net

This is a bug report for perl from internationils@​gmx.net,
generated with the help of perlbug 1.40 running under perl 5.20.2.

#!/usr/bin/perl
# This is perl 5, version 20, subversion 2 (v5.20.2) built for x86_64-linux-gnu-thread-multi
# (with 42 registered patches, see perl -V for more detail)

use strict;
use warnings;

sub something { my $subvar= shift; }
my $table="";
my @​tablename = ("tix_ALL", "tix_2", "tix_3");
my $loop=0;

$table = something("$tablename[$loop]_table");
something("./$table.csv") if(0);
#SEGFAULT HERE due to 'loop' instead of '$loop'
print "Writing table $tablename[loop]\n";

Flags​:
  category=core
  severity=low

Site configuration information for perl 5.20.2​:

Configured by Debian Project at Sun May 3 16​:16​:25 UTC 2015.

Summary of my perl5 (revision 5 version 20 subversion 2) configuration​:
 
  Platform​:
  osname=linux, osvers=3.2.0-4-amd64, archname=x86_64-linux-gnu-thread-multi
  uname='linux x86-csail-01 3.2.0-4-amd64 #1 smp debian 3.2.68-1+deb7u1 x86_64 gnulinux '
  config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Dldflags= -Wl,-z,relro -Dlddlflags=-shared -Wl,-z,relro -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.20 -Darchlib=/usr/lib/x86_64-linux-gnu/perl/5.20 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/x86_64-linux-gnu/perl5/5.20 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.20.2 -Dsitearch=/usr/local/lib/x86_64-linux-gnu/perl/5.20.2 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -Ui_libutil -Uversiononly -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.20.2 -des'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include'
  ccversion='', gccversion='4.9.2', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
  libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
  perllibs=-ldl -lm -lpthread -lc -lcrypt
  libc=libc-2.19.so, so=so, useshrplib=true, libperl=libperl.so.5.20
  gnulibc_version='2.19'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib -fstack-protector'

Locally applied patches​:
  DEBPKG​:debian/cpan_definstalldirs - Provide a sensible INSTALLDIRS default for modules installed from CPAN.
  DEBPKG​:debian/db_file_ver - http​://bugs.debian.org/340047 Remove overly restrictive DB_File version check.
  DEBPKG​:debian/doc_info - Replace generic man(1) instructions with Debian-specific information.
  DEBPKG​:debian/enc2xs_inc - http​://bugs.debian.org/290336 Tweak enc2xs to follow symlinks and ignore missing @​INC directories.
  DEBPKG​:debian/errno_ver - http​://bugs.debian.org/343351 Remove Errno version check due to upgrade problems with long-running processes.
  DEBPKG​:debian/libperl_embed_doc - http​://bugs.debian.org/186778 Note that libperl-dev package is required for embedded linking
  DEBPKG​:fixes/respect_umask - Respect umask during installation
  DEBPKG​:debian/writable_site_dirs - Set umask approproately for site install directories
  DEBPKG​:debian/extutils_set_libperl_path - EU​:MM​: set location of libperl.a under /usr/lib
  DEBPKG​:debian/no_packlist_perllocal - Don't install .packlist or perllocal.pod for perl or vendor
  DEBPKG​:debian/prefix_changes - Fiddle with *PREFIX and variables written to the makefile
  DEBPKG​:debian/fakeroot - Postpone LD_LIBRARY_PATH evaluation to the binary targets.
  DEBPKG​:debian/instmodsh_doc - Debian policy doesn't install .packlist files for core or vendor.
  DEBPKG​:debian/ld_run_path - Remove standard libs from LD_RUN_PATH as per Debian policy.
  DEBPKG​:debian/libnet_config_path - Set location of libnet.cfg to /etc/perl/Net as /usr may not be writable.
  DEBPKG​:debian/mod_paths - Tweak @​INC ordering for Debian
  DEBPKG​:debian/module_build_man_extensions - http​://bugs.debian.org/479460 Adjust Module​::Build manual page extensions for the Debian Perl policy
  DEBPKG​:debian/prune_libs - http​://bugs.debian.org/128355 Prune the list of libraries wanted to what we actually need.
  DEBPKG​:fixes/net_smtp_docs - [rt.cpan.org #36038] http​://bugs.debian.org/100195 Document the Net​::SMTP 'Port' option
  DEBPKG​:debian/perlivp - http​://bugs.debian.org/510895 Make perlivp skip include directories in /usr/local
  DEBPKG​:debian/deprecate-with-apt - http​://bugs.debian.org/747628 Point users to Debian packages of deprecated core modules
  DEBPKG​:debian/squelch-locale-warnings - http​://bugs.debian.org/508764 Squelch locale warnings in Debian package maintainer scripts
  DEBPKG​:debian/skip-upstream-git-tests - Skip tests specific to the upstream Git repository
  DEBPKG​:debian/patchlevel - http​://bugs.debian.org/567489 List packaged patches for 5.20.2-3+deb8u1 in patchlevel.h
  DEBPKG​:debian/skip-kfreebsd-crash - http​://bugs.debian.org/628493 [perl #96272] Skip a crashing test case in t/op/threads.t on GNU/kFreeBSD
  DEBPKG​:fixes/document_makemaker_ccflags - http​://bugs.debian.org/628522 [rt.cpan.org #68613] Document that CCFLAGS should include $Config{ccflags}
  DEBPKG​:debian/find_html2text - http​://bugs.debian.org/640479 Configure CPAN​::Distribution with correct name of html2text
  DEBPKG​:debian/perl5db-x-terminal-emulator.patch - http​://bugs.debian.org/668490 Invoke x-terminal-emulator rather than xterm in perl5db.pl
  DEBPKG​:debian/cpan-missing-site-dirs - http​://bugs.debian.org/688842 Fix CPAN​::FirstTime defaults with nonexisting site dirs if a parent is writable
  DEBPKG​:fixes/memoize_storable_nstore - [rt.cpan.org #77790] http​://bugs.debian.org/587650 Memoize​::Storable​: respect 'nstore' option not respected
  DEBPKG​:debian/regen-skip - Skip a regeneration check in unrelated git repositories
  DEBPKG​:fixes/regcomp-mips-optim - [perl #122817] http​://bugs.debian.org/754054 Downgrade the optimization of regcomp.c on mips and mipsel due to a gcc-4.9 bug
  DEBPKG​:debian/makemaker-pasthru - http​://bugs.debian.org/758471 Pass LD settings through to subdirectories
  DEBPKG​:fixes/perldoc-less-R - [rt.cpan.org #98636] http​://bugs.debian.org/758689 Tell the 'less' pager to allow terminal escape sequences
  DEBPKG​:fixes/pod_man_reproducible_date - http​://bugs.debian.org/759405 Support POD_MAN_DATE in Pod​::Man for the left-hand footer
  DEBPKG​:fixes/io_uncompress_gunzip_inmemory - http​://bugs.debian.org/747363 [rt.cpan.org #95494] Fix gunzip to in-memory file handle
  DEBPKG​:fixes/socket_test_recv_fix - http​://bugs.debian.org/758718 [perl #122657] Compare recv return value to peername in socket test
  DEBPKG​:fixes/hurd_socket_recv_todo - http​://bugs.debian.org/758718 [perl #122657] TODO checking the result of recv() on hurd
  DEBPKG​:fixes/regexp-performance - [0fa70a0] http​://bugs.debian.org/777556 [perl #123743] simpify and speed up /.*.../ handling
  DEBPKG​:fixes/failed_require_diagnostics - http​://bugs.debian.org/781120 [perl #123270] Report inaccesible file on failed require
  DEBPKG​:fixes/array-cloning - http​://bugs.debian.org/779357 [perl #124127] [902d169] fix cloning arrays with unused elements
  DEBPKG​:fixes/perldb-threads - http​://bugs.debian.org/779357 [perl #124127] [41ef2c6] lib/perl5db.pl​: Restore noop lock prototype

@​INC for perl 5.20.2​:
  /home/nils/perl5/lib/perl5/x86_64-linux-gnu-thread-multi
  /home/nils/perl5/lib/perl5
  /etc/perl
  /usr/local/lib/x86_64-linux-gnu/perl/5.20.2
  /usr/local/share/perl/5.20.2
  /usr/lib/x86_64-linux-gnu/perl5/5.20
  /usr/share/perl5
  /usr/lib/x86_64-linux-gnu/perl/5.20
  /usr/share/perl/5.20
  /usr/local/lib/site_perl
  .

Environment for perl 5.20.2​:
  HOME=/home/nils
  LANG=C
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/nils/perl5/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/local/games​:/usr/games
  PERL5LIB=/home/nils/perl5/lib/perl5
  PERL_BADLANG (unset)
  PERL_LOCAL_LIB_ROOT=/home/nils/perl5
  PERL_MB_OPT=--install_base "/home/nils/perl5"
  PERL_MM_OPT=INSTALL_BASE=/home/nils/perl5
  SHELL=/bin/bash

From @nicomen

$ gdb --args perl -e '30; "$a[b]";'
GNU gdb (Ubuntu 7.10-0ubuntu1) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+​: GNU GPL version 3 or later <http​://gnu.org/licenses/gpl.html>
This is free software​: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see​:
<http​://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at​:
<http​://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from perl...Reading symbols from /usr/lib/debug//usr/bin/perl...done.
done.
(gdb) run
Starting program​: /usr/bin/perl -e 30\;\ \"\$a\[b\]\"\;
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000000000052ffe1 in Perl_my_atof (my_perl=my_perl@​entry=0x7a9010, s=0x7d8f40 "b") at numeric.c​:857
857 numeric.c​: No such file or directory.
(gdb) bt
#0 0x000000000052ffe1 in Perl_my_atof (my_perl=my_perl@​entry=0x7a9010, s=0x7d8f40 "b") at numeric.c​:857
#1 0x00000000004c50e1 in S_sv_2iuv_common (my_perl=my_perl@​entry=0x7a9010, sv=sv@​entry=0x7d3c70) at sv.c​:2214
#2 0x00000000004c578b in Perl_sv_2iv_flags (my_perl=my_perl@​entry=0x7a9010, sv=0x7d3c70, flags=flags@​entry=2) at sv.c​:2404
#3 0x000000000042bac5 in Perl_rpeep (my_perl=0x7a9010, o=0x7d8cc0) at op.c​:11814
#4 0x00000000004266fc in Perl_newPROG (my_perl=0x7a9010, o=0x7d8d00) at op.c​:3361
#5 0x0000000000465735 in Perl_yyparse (my_perl=0x7a9010, gramtype=8223088) at perly.y​:147
#6 0x000000000043cd0d in S_parse_body (xsinit=0x41bed0 <xs_init>, env=0x0, my_perl=<optimized out>) at perl.c​:2298
#7 perl_parse (my_perl=<optimized out>, xsinit=xsinit@​entry=0x41bed0 <xs_init>, argc=<optimized out>, argv=<optimized out>, env=env@​entry=0x0) at perl.c​:1607
#8 0x000000000041bd29 in main (argc=3, argv=0x7fffffffdd88, env=0x7fffffffdda8) at perlmain.c​:112

From [Unknown Contact. See original ticket]

$ gdb --args perl -e '30; "$a[b]";'
GNU gdb (Ubuntu 7.10-0ubuntu1) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+​: GNU GPL version 3 or later <http​://gnu.org/licenses/gpl.html>
This is free software​: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see​:
<http​://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at​:
<http​://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from perl...Reading symbols from /usr/lib/debug//usr/bin/perl...done.
done.
(gdb) run
Starting program​: /usr/bin/perl -e 30\;\ \"\$a\[b\]\"\;
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000000000052ffe1 in Perl_my_atof (my_perl=my_perl@​entry=0x7a9010, s=0x7d8f40 "b") at numeric.c​:857
857 numeric.c​: No such file or directory.
(gdb) bt
#0 0x000000000052ffe1 in Perl_my_atof (my_perl=my_perl@​entry=0x7a9010, s=0x7d8f40 "b") at numeric.c​:857
#1 0x00000000004c50e1 in S_sv_2iuv_common (my_perl=my_perl@​entry=0x7a9010, sv=sv@​entry=0x7d3c70) at sv.c​:2214
#2 0x00000000004c578b in Perl_sv_2iv_flags (my_perl=my_perl@​entry=0x7a9010, sv=0x7d3c70, flags=flags@​entry=2) at sv.c​:2404
#3 0x000000000042bac5 in Perl_rpeep (my_perl=0x7a9010, o=0x7d8cc0) at op.c​:11814
#4 0x00000000004266fc in Perl_newPROG (my_perl=0x7a9010, o=0x7d8d00) at op.c​:3361
#5 0x0000000000465735 in Perl_yyparse (my_perl=0x7a9010, gramtype=8223088) at perly.y​:147
#6 0x000000000043cd0d in S_parse_body (xsinit=0x41bed0 <xs_init>, env=0x0, my_perl=<optimized out>) at perl.c​:2298
#7 perl_parse (my_perl=<optimized out>, xsinit=xsinit@​entry=0x41bed0 <xs_init>, argc=<optimized out>, argv=<optimized out>, env=env@​entry=0x0) at perl.c​:1607
#8 0x000000000041bd29 in main (argc=3, argv=0x7fffffffdd88, env=0x7fffffffdda8) at perlmain.c​:112

From @wolfsage

On Thu, Sep 3, 2015 at 7​:51 AM, Nils <perlbug-followup@​perl.org> wrote​:

#!/usr/bin/perl
# This is perl 5, version 20, subversion 2 (v5.20.2) built for x86_64-linux-gnu-thread-multi
# (with 42 registered patches, see perl -V for more detail)

use strict;
use warnings;

sub something { my $subvar= shift; }
my $table="";
my @​tablename = ("tix_ALL", "tix_2", "tix_3");
my $loop=0;

$table = something("$tablename[$loop]_table");
something("./$table.csv") if(0);
#SEGFAULT HERE due to 'loop' instead of '$loop'
print "Writing table $tablename[loop]\n";

I believe this reduces to​:

  perl -e '0; $a[b]'

Seemingly broken in 5.19.3 with

commit 515abc4
Author​: Father Chrysostomos <sprout@​cpan.org>
Date​: Sat Aug 10 10​:41​:11 2013 -0700

  Set PL_curcop to NULL in op.c​:S_cop_free

Seemingly fixed in 5.21.5, in passing, by​:

commit f5b5c2a
Author​: Father Chrysostomos <sprout@​cpan.org>
Date​: Mon Oct 13 20​:37​:29 2014 -0700

  Simplify double-nextstate optimisation

  [...]

-- Matthew Horsfall (alh)

The RT System itself - Status changed from 'new' to 'open'

From zefram@fysh.org

Nicolas Mendoza via RT wrote​:

Program received signal SIGSEGV, Segmentation fault.
0x000000000052ffe1 in Perl_my_atof (my_perl=my_perl@​entry=0x7a9010, s=0x7d8f40 "b") at numeric.c​:857

That's DECLARE_STORE_LC_NUMERIC_SET_TO_NEEDED(). Presumably failing via
the need to check lexical locale flags, which tries to use PL_curcop.
Both the apparent breaking and apparent fixing commits were concerned
with cops, but the nature of the apparent fixing one doesn't fill me
with confidence that the problem is really fixed. You should look at
the state of PL_curcop at the moment of segv​: I'm pretty sure it's either
null or pointing at a broken op structure.

-zefram

From @iabyn

On Fri, Sep 04, 2015 at 08​:11​:04PM +0100, Zefram wrote​:

Nicolas Mendoza via RT wrote​:

Program received signal SIGSEGV, Segmentation fault.
0x000000000052ffe1 in Perl_my_atof (my_perl=my_perl@​entry=0x7a9010, s=0x7d8f40 "b") at numeric.c​:857

That's DECLARE_STORE_LC_NUMERIC_SET_TO_NEEDED(). Presumably failing via
the need to check lexical locale flags, which tries to use PL_curcop.
Both the apparent breaking and apparent fixing commits were concerned
with cops, but the nature of the apparent fixing one doesn't fill me
with confidence that the problem is really fixed. You should look at
the state of PL_curcop at the moment of segv​: I'm pretty sure it's either
null or pointing at a broken op structure.

Looking at this further, the SEGV in 5.20.0 happened due the "delete spare
COP when two are adjacent" code in rpeep. That code was calling
S_cop_free(), which after v5.19.2-370-g515abc4 sets PL_curcop to NULL if
PL_curcop is the cop being freed.

The simplified deduplication code introduced by v5.21.4-465-gf5b5c2a
doesn't call S_cop_free() any more, so its no longer an issue.

So I'll close this ticket.

--
All wight. I will give you one more chance. This time, I want to hear
no Wubens. No Weginalds. No Wudolf the wed-nosed weindeers.
  -- Life of Brian

@iabyn - Status changed from 'open' to 'resolved'