From tassadar+perl@xephon.org

This is a bug report for perl from tassadar+perl@​xephon.org,
generated with the help of perlbug 1.35 running under perl v5.8.7.

Hi, i've found a small code that triggers a segfault on the
following perl versions :

5.8.4 (ubuntu package)
5.8.7 (debian testing package)
5.8.7 (freebsd port 5.3-RELEASE)
5.9.1 (compiled on my linux debian testing i386, gcc-4.0.1)

unaffected versions :
version 5.005_03 built for sun4-solaris

Priority is low, since this code is incorrect, but it might help
resolving other issues.

the segfault does not appear when not using 'strict'.
note that no code is executed since it's in a sub that is never
called at runtime.

-- CODE BEGINS HERE --
#!/usr/bin/perl
use strict;
sub s { open $X, my $Y, r; }
-- CODE ENDS HERE --

hope it might help,

Nicolas

Flags​:
  category=core
  severity=low

Site configuration information for perl v5.8.7​:

Configured by Debian Project at Thu Jun 9 00​:28​:22 EST 2005.

Summary of my perl5 (revision 5 version 8 subversion 7) configuration​:
  Platform​:
  osname=linux, osvers=2.4.27-ti1211, archname=i386-linux-thread-multi
  uname='linux kosh 2.4.27-ti1211 #1 sun sep 19 18​:17​:45 est 2004 i686 gnulinux '
  config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=i386-linux -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.7 -Dsitearch=/usr/local/lib/perl/5.8.7 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.7 -Dd_dosuid -des'
  hint=recommended, useposix=true, d_sigaction=define
  usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
  useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
  use64bitint=undef use64bitall=undef uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
  ccversion='', gccversion='3.3.6 (Debian 1​:3.3.6-6)', gccosandvers=''
  intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
  ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=4, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib
  libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
  perllibs=-ldl -lm -lpthread -lc -lcrypt
  libc=/lib/libc-2.3.2.so, so=so, useshrplib=true, libperl=libperl.so.5.8.7
  gnulibc_version='2.3.2'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches​:
 

@​INC for perl v5.8.7​:
  /etc/perl
  /usr/local/lib/perl/5.8.7
  /usr/local/share/perl/5.8.7
  /usr/lib/perl5
  /usr/share/perl5
  /usr/lib/perl/5.8
  /usr/share/perl/5.8
  /usr/local/lib/site_perl
  .

Environment for perl v5.8.7​:
  HOME=/home/tassadar
  LANG=fr_FR@​euro
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/tassadar/bison​:/home/tassadar/bin/​:/usr/local/bin​:/usr/bin​:/bin​:/usr/bin/X11​:/usr/games
  PERL_BADLANG (unset)
  SHELL=/bin/zsh

From @smpeters

[tassadar+perl@​xephon.org - Wed Aug 31 01​:38​:30 2005]​:

This is a bug report for perl from tassadar+perl@​xephon.org,
generated with the help of perlbug 1.35 running under perl v5.8.7.

-----------------------------------------------------------------
Hi, i've found a small code that triggers a segfault on the
following perl versions :

5.8.4 (ubuntu package)
5.8.7 (debian testing package)
5.8.7 (freebsd port 5.3-RELEASE)
5.9.1 (compiled on my linux debian testing i386, gcc-4.0.1)

unaffected versions :
version 5.005_03 built for sun4-solaris

Priority is low, since this code is incorrect, but it might help
resolving other issues.

the segfault does not appear when not using 'strict'.
note that no code is executed since it's in a sub that is never
called at runtime.

-- CODE BEGINS HERE --
#!/usr/bin/perl
use strict;
sub s { open $X, my $Y, r; }
-- CODE ENDS HERE --

This appears to have been fixed in bleadperl. I'm not sure, though,
what the exact fix was. Using perl-current, I get​:

./perl -Mstrict -wle'sub s { open $X, my $Y, r; }'
Global symbol "$X" requires explicit package name at -e line 1.
Execution of -e aborted due to compilation errors.

In the 5.8 releases, the coredump occurs in Perl_ck_open.

#0 0x0809964c in Perl_ck_open ()
(gdb) bt
#0 0x0809964c in Perl_ck_open ()
#1 0x08092698 in Perl_convert ()
#2 0x08089336 in Perl_yyparse ()
#3 0x0806731a in Perl_my_failure_exit ()
#4 0x08068d0e in perl_parse ()
#5 0x0805fda9 in main ()

The RT System itself - Status changed from 'new' to 'open'

@smpeters - Status changed from 'open' to 'resolved'

From domo@computer.org

Summary​: already fixed by patch 24523.

On 2005–08–31, at 10​:38, tassadar+perl@​xephon.org (via RT) wrote​:

-- CODE BEGINS HERE --
#!/usr/bin/perl
use strict;
sub s { open $X, my $Y, r; }
-- CODE ENDS HERE --
[crashes on 5.8.x, 5.9.1]

FWIW, I see the crash (on Darwin) with 5.8.1-7 (omitting 5.8.2, which
I don't have lying around) and 5.9.2, but not with bleadperl@​25275.
Stack trace for the crashed perls is like

Thread 0 Crashed​:
0 perl 0x0002893c Perl_ck_open + 452 (op.c​:5835)
1 perl 0x00017624 Perl_convert + 452 (op.c​:2131)
2 perl 0x001adc60 Perl_yyparse + 8252 (perly.y​:427)
3 perl 0x00033018 S_parse_body + 6184 (perl.c​:1733)
4 perl 0x000315a4 perl_parse + 1780 (perl.c​:1203)
5 perl 0x000028b8 main + 308 (perlmain.c​:97)
6 perl 0x00001fe0 _start + 344 (crt.c​:272)
7 perl 0x00001e84 start + 60

(That happens to be 5.9.2; others are similar.)

A sniff of the blame log shows that patch 24523 did a little consting
in that area. Reverting the changed lines in bleadperl brings the
crash back. So consting fixed a bug that hadn't even been reported!

Does consting stuff like this get rolled into the various maints as a
matter of course?
--
Dominic Dunlop

From @smpeters

[domo@​computer.org - Wed Aug 31 06​:01​:12 2005]​:

Summary​: already fixed by patch 24523.

On 2005–08–31, at 10​:38, tassadar+perl@​xephon.org (via RT) wrote​:

-- CODE BEGINS HERE --
#!/usr/bin/perl
use strict;
sub s { open $X, my $Y, r; }
-- CODE ENDS HERE --
[crashes on 5.8.x, 5.9.1]

FWIW, I see the crash (on Darwin) with 5.8.1-7 (omitting 5.8.2, which
I don't have lying around) and 5.9.2, but not with bleadperl@​25275.
Stack trace for the crashed perls is like

Thread 0 Crashed​:
0 perl 0x0002893c Perl_ck_open + 452 (op.c​:5835)
1 perl 0x00017624 Perl_convert + 452 (op.c​:2131)
2 perl 0x001adc60 Perl_yyparse + 8252 (perly.y​:427)
3 perl 0x00033018 S_parse_body + 6184 (perl.c​:1733)
4 perl 0x000315a4 perl_parse + 1780 (perl.c​:1203)
5 perl 0x000028b8 main + 308 (perlmain.c​:97)
6 perl 0x00001fe0 _start + 344 (crt.c​:272)
7 perl 0x00001e84 start + 60

(That happens to be 5.9.2; others are similar.)

A sniff of the blame log shows that patch 24523 did a little consting
in that area. Reverting the changed lines in bleadperl brings the
crash back. So consting fixed a bug that hadn't even been reported!

Does consting stuff like this get rolled into the various maints as a
matter of course?

This seems to go a bit deeper. My current bleadperl works fine on
OpenBSD, but segfaults on Linux. I'll have to play with the
configurations to see what the backtrace from Linux will show me now.

@smpeters - Status changed from 'resolved' to 'open'

From @rgs

tassadar+perl@​xephon.org (via RT) wrote​:

Priority is low, since this code is incorrect, but it might help
resolving other issues.

the segfault does not appear when not using 'strict'.
note that no code is executed since it's in a sub that is never
called at runtime.

-- CODE BEGINS HERE --
#!/usr/bin/perl
use strict;
sub s { open $X, my $Y, r; }
-- CODE ENDS HERE --

Thanks for the report, fixed as below in the development version of
perl​:

Change 25341 by rgs@​bloom on 2005/08/31 14​:14​:21

  Fix for [perl #37036] perl segfault at 'compile'-time

Affected files ...

... //depot/perl/op.c#702 edit

Differences ...

==== //depot/perl/op.c#702 (text) ====

@​@​ -5896,6 +5896,7 @​@​
  (last->op_private & OPpCONST_STRICT) &&
  (oa = first->op_sibling) && /* The fh. */
  (oa = oa->op_sibling) && /* The mode. */
+ (oa->op_type == OP_CONST) &&
  SvPOK(((SVOP*)oa)->op_sv) &&
  (mode = SvPVX_const(((SVOP*)oa)->op_sv)) &&
  mode[0] == '>' && mode[1] == '&' && /* A dup open. */

@rgs - Status changed from 'open' to 'resolved'

From @nwc10

On Wed, Aug 31, 2005 at 03​:00​:31PM +0200, Dominic Dunlop wrote​:

Does consting stuff like this get rolled into the various maints as a
matter of course?

It will get into 5.8.x if it doesn't seem to break anything else.

Nicholas Clark