Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not() || 1 produces segmentation fault #7793

Closed
p5pRT opened this issue Feb 10, 2005 · 10 comments
Closed

not() || 1 produces segmentation fault #7793

p5pRT opened this issue Feb 10, 2005 · 10 comments
Labels
distro-Linux type-core

Comments

@p5pRT
Copy link

p5pRT commented Feb 10, 2005

Migrated from rt.perl.org#34101 (status was 'resolved')

Searchable as RT34101$
@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

From robin.stocker@nibor.org

Created by robin.stocker@nibor.org

Hi,

It seems like I just stumbled over a funny bug.

perl -e 'not() || 1'
perl -e 'die unless not()'
...

Like in the two examples above, the evaluation of not()
produces a segmentation fault or a freeze of the interpreter.
This problem occurred on several platforms ( x86/Linux,
sparc64/Solaris ) and perl versions ( 5.6.1, 5.8.4, 5.8.6 ).

Regards,
Robin Stocker

Perl Info 

Flags:
    category=core
    severity=low

Site configuration information for perl v5.8.6:

Configured by Gentoo at Thu Jan 27 14:16:31 CET 2005.

Summary of my perl5 (revision 5 version 8 subversion 6) configuration:
  Platform:
    osname=linux, osvers=2.6.10-gentoo-r6, archname=i686-linux
    uname='linux saturn 2.6.10-gentoo-r6 #1 smp wed jan 19 19:13:17 cet 2005 i686 mobile intel(r) pentium(r) 4 - m cpu 2.00ghz genuineintel gnulinux '
    config_args='-des -Darchname=i686-linux -Dcccdlflags=-fPIC -Dccdlflags=-rdynamic -Dcc=gcc -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dlocincpth=  -Doptimize=-pipe -march=pentium4 -O2 -Duselargefiles -Dd_semctl_semun -Dscriptdir=/usr/bin -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dinstallman1dir=/usr/share/man/man1 -Dinstallman3dir=/var/tmp/portage/perl-5.8.6-r2/image//usr/share/man/man3 -Dman1ext=1 -Dman3ext=3pm -Dinc_version_list=5.8.2 5.8.2/i686-linux 5.8.4 5.8.4/i686-linux 5.8.5 5.8.5/i686-linux  -Dcf_by=Gentoo -Ud_csh -Di_ndbm -Di_gdbm -Di_db'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-pipe -march=pentium4 -O2',
    cppflags='-DPERL5 -fno-strict-aliasing -pipe'
    ccversion='', gccversion='3.4.3 20050110 (Gentoo Linux 3.4.3.20050110, ssp-3.4.3.20050110-0, pie-8.7.7)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lpthread -lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.3.4.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.3.4'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    


@INC for perl v5.8.6:
    /etc/perl
    /usr/lib/perl5/site_perl/5.8.6/i686-linux
    /usr/lib/perl5/site_perl/5.8.6
    /usr/lib/perl5/site_perl/5.8.4
    /usr/lib/perl5/site_perl/5.8.4/i686-linux
    /usr/lib/perl5/site_perl/5.8.5
    /usr/lib/perl5/site_perl/5.8.5/i686-linux
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.8.6/i686-linux
    /usr/lib/perl5/vendor_perl/5.8.6
    /usr/lib/perl5/vendor_perl/5.8.4
    /usr/lib/perl5/vendor_perl/5.8.4/i686-linux
    /usr/lib/perl5/vendor_perl
    /usr/lib/perl5/5.8.6/i686-linux
    /usr/lib/perl5/5.8.6
    /usr/local/lib/site_perl
    /usr/lib/perl5/site_perl/5.8.4
    /usr/lib/perl5/site_perl/5.8.4/i686-linux
    /usr/lib/perl5/site_perl/5.8.5
    /usr/lib/perl5/site_perl/5.8.5/i686-linux
    .


Environment for perl v5.8.6:
    HOME=/home/nibor
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.4.3:/opt/ati/bin:/usr/X11R6/bin:/usr/games/bin:/sbin:/usr/sbin:/home/nibor/bin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

From alexeyt@freeshell.org

On Thu, 10 Feb 2005, robin.stocker@​nibor.org (via RT) wrote​:

It seems like I just stumbled over a funny bug.

perl -e 'not() || 1'
perl -e 'die unless not()'
...

Confirmed on x86/win32 version 5.8.4.

What's also interesting is that, in my case​:

perl -e 'not() || <any value>'

crashes, while

perl -e '1; not() || <any value>'

hangs and

perl -m<any module> -e 'not() || <any value>'

hangs, yet

perl -e -m<any module> 'not() || <any value>'

doesn't crash or hang. A very interesting bug :)

  Alexey

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

From @tamias

On Thu, Feb 10, 2005 at 05​:00​:02PM +0000, Alexey Toptygin wrote​:

perl -m<any module> -e 'not() || <any value>'

hangs, yet

perl -e -m<any module> 'not() || <any value>'

doesn't crash or hang. A very interesting bug :)

That last one's not that interesting.

% perl -MO=Deparse -e -mCGI 'not() || 1'
-'mCGI';
-e syntax OK
%

:)

Ronald

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

From @rgs

robin.stocker@​nibor.org (via RT) wrote​:

perl -e 'not() || 1'
perl -e 'die unless not()'
...

Like in the two examples above, the evaluation of not()
produces a segmentation fault or a freeze of the interpreter.

It occurs in bleadperl as well; but that's not the evaluation
of not() that segfault, since the bug appears with -c as well.

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

From @smpeters

On Thu, Feb 10, 2005 at 12​:29​:51PM -0500, Ronald J Kimball wrote​:

On Thu, Feb 10, 2005 at 05​:00​:02PM +0000, Alexey Toptygin wrote​:

perl -m<any module> -e 'not() || <any value>'

hangs, yet

perl -e -m<any module> 'not() || <any value>'

doesn't crash or hang. A very interesting bug :)

That last one's not that interesting.

% perl -MO=Deparse -e -mCGI 'not() || 1'
-'mCGI';
-e syntax OK
%

Here's the backtrace from blead...

(gdb) bt
#0 0x1c05f94d in S_new_logop (my_perl=0x3c030000, type=159, flags=0,
  firstp=0xcfbf2d34, otherp=0xcfbf2d38) at op.c​:3484
#1 0x1c05f846 in Perl_newLOGOP (my_perl=0x3c030000, type=160, flags=0,
  first=0x0, other=0x3c03c940) at op.c​:3459
#2 0x1c053f22 in Perl_yyparse (my_perl=0x3c030000) at perly.y​:515
#3 0x1c01ced5 in S_parse_body (my_perl=0x3c030000, env=0x0,
  xsinit=0x1c016e5c <xs_init>) at perl.c​:1684
#4 0x1c01bbc7 in perl_parse (my_perl=0x3c030000, xsinit=0x1c016e5c <xs_init>,
  argc=3, argv=0xcfbf2f40, env=0x0) at perl.c​:1194
#5 0x1c016dc8 in main (argc=3, argv=0xcfbf2f40, env=0xcfbf2f50)
  at perlmain.c​:96

Steve Peters
steve@​fisharerojo.org

@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

From @mhx

The segfault can be reproduced with all versions of Perl since 5.6.0.

It has been fixed by the following change​:

Change 23960 by mhx@​mhx-r2d2 on 2005/02/10 20​:50​:31

  [perl #34101] not() || 1 produces segmentation fault
 
  Fixed by making not() behave like not(0). This is also the
  way not() behaved before it started segfaulting in 5.6.0.

@p5pRT p5pRT closed this as completed Feb 10, 2005
@p5pRT
Copy link
Author

p5pRT commented Feb 10, 2005

@mhx - Status changed from 'open' to 'resolved'

@p5pRT
Copy link
Author

p5pRT commented Feb 11, 2005

From @iabyn

On Thu, Feb 10, 2005 at 06​:15​:17PM +0100, Rafael Garcia-Suarez wrote​:

robin.stocker@​nibor.org (via RT) wrote​:

perl -e 'not() || 1'
perl -e 'die unless not()'
...

Like in the two examples above, the evaluation of not()
produces a segmentation fault or a freeze of the interpreter.

It occurs in bleadperl as well; but that's not the evaluation
of not() that segfault, since the bug appears with -c as well.

Its the fact that the OP struct containing the NOT operator doesn't have
a child, and various parts of the the core assume that it always has a
child. The proper fix is to stop the lexer/parser generating such a bad op
in the first place, but it's (as always) too late at night for my poor
brain to work out how to do such a thing.

--
Nothing ventured, nothing lost.

@p5pRT
Copy link
Author

p5pRT commented Feb 11, 2005

From @mhx

On 2005-02-11, at 00​:29​:58 +0000, Dave Mitchell wrote​:

On Thu, Feb 10, 2005 at 06​:15​:17PM +0100, Rafael Garcia-Suarez wrote​:

robin.stocker@​nibor.org (via RT) wrote​:

perl -e 'not() || 1'
perl -e 'die unless not()'
...

Like in the two examples above, the evaluation of not()
produces a segmentation fault or a freeze of the interpreter.

It occurs in bleadperl as well; but that's not the evaluation
of not() that segfault, since the bug appears with -c as well.

Its the fact that the OP struct containing the NOT operator doesn't have
a child, and various parts of the the core assume that it always has a
child. The proper fix is to stop the lexer/parser generating such a bad op
in the first place, but it's (as always) too late at night for my poor
brain to work out how to do such a thing.

It has already been fixed by change #23960, but somehow
my RT response didn't show up on the list (yet).

Marcus

--
To iterate is human, to recurse, divine.
  -- Robert Heller

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
distro-Linux type-core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@p5pRT