Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

segfault involving Data::Dumper, anonymous sub, and scalar ref #15251

Closed
p5pRT opened this issue Mar 26, 2016 · 9 comments
Closed

segfault involving Data::Dumper, anonymous sub, and scalar ref #15251

p5pRT opened this issue Mar 26, 2016 · 9 comments

Comments

@p5pRT
Copy link

p5pRT commented Mar 26, 2016

Migrated from rt.perl.org#127786 (status was 'resolved')

Searchable as RT127786$

@p5pRT
Copy link
Author

p5pRT commented Mar 26, 2016

From frederik@ofb.net

Created by frederik@ofb.net

I found Perl segfaulting on a personal project and was able to get a
minimal test case which exhibits the problem.

Although the test case uses Data​::Dumper, I have
"$Data​::Dumper​::Useperl=1;" (pure Perl mode) so perhaps this is also a
problem with the Perl interpreter.

The Perl version is v5.22.1. I get a segfault on a x86_64 system with
Linux kernel 4.1.20-1-lts, as well as on a i686 system with Linux
kernel 4.1.19-1-lts. Both are running up-to-date Arch distributions.

On a Debian system with Perl v5.14.2, there is no segfault. (This
system is i686 with Linux kernel 3.2.45)

Here is the test case​:

  #!/usr/bin/perl

  use warnings;
  use strict;

  ## This block mostly copied from my personal helper/utility package​:
  BEGIN {
  do {
  # Declaring this in package DB results in special "eval" behavior​:
  # the expression is evaluated in the first non-DB lexical scope
  package DB;

  use Data​::Dumper;
  $Data​::Dumper​::Indent=0;
  $Data​::Dumper​::Purity=1;
  $Data​::Dumper​::Terse=1;
  ## oddly, I get a segfault when this is either 1 or 0​:
  $Data​::Dumper​::Useperl=1;

  # "Print value"​: display an expression, and then its value.
  # Evaluates the expression in the context of the caller. Useful for
  # debugging​: just substitute "pv q{EXPR}" for "EXPR" when you want
  # to examine its value. EXPR should be a scalar, but arrays and
  # hashes can be made into scalars with [] and {}.
  sub pv {
  my $e = shift;
  my ($package, $filename, $line) = caller;
  my $v = Dumper(eval "package $package; ($e)");
  die $@​ if $@​;
  print STDERR "$e = $v\n";
  }
  };
  *pv = \&DB​::pv;
  }

  ################################################################
  ## Here is a (hopefully) minimal test case to cause a segfault on Perl
  ## v5.22.1. I also tested on Perl v5.14.2, no segfault.

  my $s = "hi";
  my $foo = sub { # this sub needs to be anonymous
  warn $s; # we need this line here
  pv '$s'; # this succeeds
  pv '\$s'; # this segfaults
  };
  &$foo();

Here's the output​:

  $ ./perl-dumper-ref-bug
  hi at ./perl-dumper-ref-bug line 42.
  $s = 'hi'
  zsh​: segmentation fault (core dumped) ./perl-dumper-ref-bug

Thank you!

Perl Info

Flags:
    category=library
    severity=medium
    module=Data::Dumper

Site configuration information for perl 5.22.1:

Configured by builduser at Mon Mar  7 19:10:52 CET 2016.

Summary of my perl5 (revision 5 version 22 subversion 1) configuration:
   
  Platform:
    osname=linux, osvers=4.4.3-1-arch, archname=x86_64-linux-thread-multi
    uname='linux flo-64 4.4.3-1-arch #1 smp preempt fri feb 26 15:09:29 cet 2016 x86_64 gnulinux '
    config_args='-des -Dusethreads -Duseshrplib -Doptimize=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -Dprefix=/usr -Dvendorprefix=/usr -Dprivlib=/usr/share/perl5/core_perl -Darchlib=/usr/lib/perl5/core_perl -Dsitelib=/usr/share/perl5/site_perl -Dsitearch=/usr/lib/perl5/site_perl -Dvendorlib=/usr/share/perl5/vendor_perl -Dvendorarch=/usr/lib/perl5/vendor_perl -Dscriptdir=/usr/bin/core_perl -Dsitescript=/usr/bin/site_perl -Dvendorscript=/usr/bin/vendor_perl -Dinc_version_list=none -Dman1ext=1perl -Dman3ext=3perl -Dcccdlflags='-fPIC' -Dlddlflags=-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -Dldflags=-Wl,-O1,--sort-common,--as-needed,-z,relro'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
    ccversion='', gccversion='5.3.0', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-Wl,-O1,--sort-common,--as-needed,-z,relro -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/gcc/x86_64-unknown-linux-gnu/5.3.0/include-fixed /usr/lib /lib/../lib /usr/lib/../lib /lib /lib64 /usr/lib64
    libs=-lpthread -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.23.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.23'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/core_perl/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -L/usr/local/lib -fstack-protector-strong'



@INC for perl 5.22.1:
    /home/frederik/scripts-misc/perl
    /home/frederik/.local/lib/perl5/x86_64-linux-thread-multi
    /home/frederik/.local/lib/perl5
    /usr/lib/perl5/site_perl
    /usr/share/perl5/site_perl
    /usr/lib/perl5/vendor_perl
    /usr/share/perl5/vendor_perl
    /usr/lib/perl5/core_perl
    /usr/share/perl5/core_perl
    .


Environment for perl 5.22.1:
    HOME=/home/frederik
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH=/home/frederik/.local/arch/x86_64/lib:/home/frederik/.local/lib:/usr/local/lib
    LOGDIR (unset)
    PATH=/home/frederik/.local/bin:/home/frederik/projects/mailproc:/home/frederik/scripts-misc:/home/frederik/.local/arch/x86_64/bin:/usr/bin/core_perl:/usr/bin/vendor_perl:/usr/bin/site_perl:/usr/local/bin:/usr/local/sbin:/usr/bin
    PERL5LIB=/home/frederik/scripts-misc/perl:/home/frederik/.local/lib/perl5:
    PERL_BADLANG (unset)
    PERL_LOCAL_LIB_ROOT=/home/frederik/.local/:/home/frederik/.local/:/home/frederik/.local/
    PERL_MB_OPT=--install_base "/home/frederik/.local/"
    PERL_MM_OPT=INSTALL_BASE=/home/frederik/.local/
    SHELL=/bin/zsh

@p5pRT
Copy link
Author

p5pRT commented Mar 26, 2016

From frederik@ofb.net

A friend came up with a smaller test case​:

perl -e '{package DB;sub x {eval "\\\$s"} } my $s="hi";my $foo=sub {print $s;DB​::x};&$foo;'

Thanks!

Frederick

On Fri, Mar 25, 2016 at 11​:11​:35PM -0700, frederik@​ofb.net wrote​:

This is a bug report for perl from frederik@​ofb.net,
generated with the help of perlbug 1.40 running under perl 5.22.1.

-----------------------------------------------------------------
[Please describe your issue here]

I found Perl segfaulting on a personal project and was able to get a
minimal test case which exhibits the problem.

Although the test case uses Data​::Dumper, I have
"$Data​::Dumper​::Useperl=1;" (pure Perl mode) so perhaps this is also a
problem with the Perl interpreter.

The Perl version is v5.22.1. I get a segfault on a x86_64 system with
Linux kernel 4.1.20-1-lts, as well as on a i686 system with Linux
kernel 4.1.19-1-lts. Both are running up-to-date Arch distributions.

On a Debian system with Perl v5.14.2, there is no segfault. (This
system is i686 with Linux kernel 3.2.45)

Here is the test case​:

\#\!/usr/bin/perl

use warnings;
use strict;

\#\# This block mostly copied from my personal helper/utility package​:
BEGIN \{
  do \{
    \# Declaring this in package DB results in special "eval" behavior​:
    \# the expression is evaluated in the first non\-DB lexical scope
    package DB;

    use Data​::Dumper;
    $Data​::Dumper​::Indent=0;
    $Data​::Dumper​::Purity=1;
    $Data​::Dumper​::Terse=1;
    \#\# oddly\, I get a segfault when this is either 1 or 0​:
    $Data​::Dumper​::Useperl=1;

    \# "Print value"​: display an expression\, and then its value\.
    \# Evaluates the expression in the context of the caller\. Useful for
    \# debugging​: just substitute "pv q\{EXPR\}" for "EXPR" when you want
    \# to examine its value\. EXPR should be a scalar\, but arrays and
    \# hashes can be made into scalars with \[\] and \{\}\.
    sub pv \{
      my $e = shift;
      my \($package\, $filename\, $line\) = caller;
      my $v = Dumper\(eval "package $package; \($e\)"\);
      die $@​ if $@​;
      print STDERR "$e = $v\\n";
    \}
  \};
  \*pv = \\&DB​::pv;
\}

\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#
\#\# Here is a \(hopefully\) minimal test case to cause a segfault on Perl
\#\# v5\.22\.1\. I also tested on Perl v5\.14\.2\, no segfault\.

my $s = "hi";
my $foo = sub \{ \# this sub needs to be anonymous
  warn $s;      \# we need this line here
  pv '$s';      \# this succeeds
  pv '\\$s';     \# this segfaults
\};
&$foo\(\);

Here's the output​:

$ \./perl\-dumper\-ref\-bug
hi at \./perl\-dumper\-ref\-bug line 42\.
$s = 'hi'
zsh​: segmentation fault \(core dumped\)  \./perl\-dumper\-ref\-bug

Thank you!

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags​:
category=library
severity=medium
module=Data​::Dumper
---
Site configuration information for perl 5.22.1​:

Configured by builduser at Mon Mar 7 19​:10​:52 CET 2016.

Summary of my perl5 (revision 5 version 22 subversion 1) configuration​:

Platform​:
osname=linux, osvers=4.4.3-1-arch, archname=x86_64-linux-thread-multi
uname='linux flo-64 4.4.3-1-arch #1 smp preempt fri feb 26 15​:09​:29 cet 2016 x86_64 gnulinux '
config_args='-des -Dusethreads -Duseshrplib -Doptimize=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -Dprefix=/usr -Dvendorprefix=/usr -Dprivlib=/usr/share/perl5/core_perl -Darchlib=/usr/lib/perl5/core_perl -Dsitelib=/usr/share/perl5/site_perl -Dsitearch=/usr/lib/perl5/site_perl -Dvendorlib=/usr/share/perl5/vendor_perl -Dvendorarch=/usr/lib/perl5/vendor_perl -Dscriptdir=/usr/bin/core_perl -Dsitescript=/usr/bin/site_perl -Dvendorscript=/usr/bin/vendor_perl -Dinc_version_list=none -Dman1ext=1perl -Dman3ext=3perl -Dcccdlflags='-fPIC' -Dlddlflags=-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -Dldflags=-Wl,-O1,--sort-common,--as-needed,-z,relro'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler​:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong',
cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
ccversion='', gccversion='5.3.0', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries​:
ld='cc', ldflags ='-Wl,-O1,--sort-common,--as-needed,-z,relro -fstack-protector-strong -L/usr/local/lib'
libpth=/usr/local/lib /usr/lib/gcc/x86_64-unknown-linux-gnu/5.3.0/include-fixed /usr/lib /lib/../lib /usr/lib/../lib /lib /lib64 /usr/lib64
libs=-lpthread -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
libc=libc-2.23.so, so=so, useshrplib=true, libperl=libperl.so
gnulibc_version='2.23'
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/core_perl/CORE'
cccdlflags='-fPIC', lddlflags='-shared -Wl,-O1,--sort-common,--as-needed,-z,relro -L/usr/local/lib -fstack-protector-strong'

---
@​INC for perl 5.22.1​:
/home/frederik/scripts-misc/perl
/home/frederik/.local/lib/perl5/x86_64-linux-thread-multi
/home/frederik/.local/lib/perl5
/usr/lib/perl5/site_perl
/usr/share/perl5/site_perl
/usr/lib/perl5/vendor_perl
/usr/share/perl5/vendor_perl
/usr/lib/perl5/core_perl
/usr/share/perl5/core_perl
.

---
Environment for perl 5.22.1​:
HOME=/home/frederik
LANG=en_US.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH=/home/frederik/.local/arch/x86_64/lib​:/home/frederik/.local/lib​:/usr/local/lib
LOGDIR (unset)
PATH=/home/frederik/.local/bin​:/home/frederik/projects/mailproc​:/home/frederik/scripts-misc​:/home/frederik/.local/arch/x86_64/bin​:/usr/bin/core_perl​:/usr/bin/vendor_perl​:/usr/bin/site_perl​:/usr/local/bin​:/usr/local/sbin​:/usr/bin
PERL5LIB=/home/frederik/scripts-misc/perl​:/home/frederik/.local/lib/perl5​:
PERL_BADLANG (unset)
PERL_LOCAL_LIB_ROOT=/home/frederik/.local/​:/home/frederik/.local/​:/home/frederik/.local/
PERL_MB_OPT=--install_base "/home/frederik/.local/"
PERL_MM_OPT=INSTALL_BASE=/home/frederik/.local/
SHELL=/bin/zsh

@p5pRT
Copy link
Author

p5pRT commented Mar 26, 2016

From @arc

via RT <perlbug-followup@​perl.org> wrote​:

A friend came up with a smaller test case​:

perl -e '{package DB;sub x {eval "\\\$s"} } my $s="hi";my $foo=sub {print $s;DB​::x};&$foo;'

In the interests of further reducing it​: it turns out that neither the
value of $s nor the "print" are necessary​:

$ perl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB​::f}->()'
Segmentation fault​: 11

Under -DEBUGGING, we get an assertion failure instead (including under
miniperl)​:

$ ./miniperl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB​::f}->()'
Assertion failed​: (cv), function S_mark_padname_lvalue, file op.c, line 2625.
Abort trap​: 6

This is a part of the core I know essentially nothing about, though,
so I'm afraid I'll have to stop there.

--
Aaron Crane ** http​://aaroncrane.co.uk/

@p5pRT
Copy link
Author

p5pRT commented Mar 26, 2016

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Mar 28, 2016

From @iabyn

On Sat, Mar 26, 2016 at 08​:11​:49PM +0000, Aaron Crane wrote​:

via RT <perlbug-followup@​perl.org> wrote​:

A friend came up with a smaller test case​:

perl -e '{package DB;sub x {eval "\\\$s"} } my $s="hi";my $foo=sub {print $s;DB​::x};&$foo;'

In the interests of further reducing it​: it turns out that neither the
value of $s nor the "print" are necessary​:

$ perl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB​::f}->()'
Segmentation fault​: 11

Under -DEBUGGING, we get an assertion failure instead (including under
miniperl)​:

$ ./miniperl -e'package DB{sub f{eval q/\$s/}} my $s; sub{$s;DB​::f}->()'
Assertion failed​: (cv), function S_mark_padname_lvalue, file op.c, line 2625.
Abort trap​: 6

This is a part of the core I know essentially nothing about, though,
so I'm afraid I'll have to stop there.

Fixed by

  commit aea0412
  Author​: David Mitchell <davem@​iabyn.com>
  AuthorDate​: Mon Mar 28 15​:36​:42 2016 +0100
  Commit​: David Mitchell <davem@​iabyn.com>
  CommitDate​: Mon Mar 28 15​:36​:42 2016 +0100

  RT #127786​: assertion failure with eval in DB pkg.
 
  Normally a cloned anon sud has a NULL CvOUTSIDE(), unless that
  sub can contain code that will do an eval.
  However, calling eval from within the DB package pretends that the eval
  was done in the caller's scope. which then trips up on the NULL
  CvOUTSIDE().

--
All wight. I will give you one more chance. This time, I want to hear
no Wubens. No Weginalds. No Wudolf the wed-nosed weindeers.
  -- Life of Brian

@p5pRT
Copy link
Author

p5pRT commented Mar 28, 2016

@iabyn - Status changed from 'open' to 'pending release'

@p5pRT
Copy link
Author

p5pRT commented Mar 29, 2016

@tonycoz - Status changed from 'new' to 'pending release'

@p5pRT
Copy link
Author

p5pRT commented May 13, 2016

From @khwilliamson

Thank you for submitting this report. You have helped make Perl better.
 
With the release of Perl 5.24.0 on May 9, 2016, this and 149 other issues have been resolved.

Perl 5.24.0 may be downloaded via https://metacpan.org/release/RJBS/perl-5.24.0

@p5pRT
Copy link
Author

p5pRT commented May 13, 2016

@khwilliamson - Status changed from 'pending release' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant