New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
segmentation fault with array ties #9249
Comments
From blino@mandriva.comCreated by blino@mandriva.comPerl aborts with a segmentation fault when using array tie in array #!/usr/bin/perl my $view; package TiedList; use strict; sub TIEARRAY { sub FETCH { 0 } sub STORE { # this, index, value 1; package TiedRow; use strict; sub TIEARRAY { sub FETCH { 0 } sub STORE { $_[2] } sub FETCHSIZE { croak } sub EXTEND { croak } sub POP { croak "pop called on a TiedRow, but you can't change its size"; } 1; The testcase may look awkward, it has been written starting from The bug does not happen with perl 5.8.8, it looks like the bug has been This naive patch fixes the issue: Inline Patchdiff -p -up perl-5.10.0/av.c.av_mg perl-5.10.0/av.c
--- perl-5.10.0/av.c.av_mg 2007-12-18 11:47:07.000000000 +0100
+++ perl-5.10.0/av.c 2008-03-12 10:40:56.000000000 +0100
@@ -433,7 +433,7 @@ Perl_av_clear(pTHX_ register AV *av)
/* Give any tie a chance to cleanup first */
if (SvRMAGICAL(av)) {
const MAGIC* const mg = SvMAGIC(av);
- if (PL_delaymagic && mg->mg_type == PERL_MAGIC_isa)
+ if (PL_delaymagic && mg && mg->mg_type == PERL_MAGIC_isa)
PL_delaymagic |= DM_ARRAY;
else
mg_clear((SV*)av); Perl Info
|
From @rgsOn 12/03/2008, via RT blino @ mandriva. com wrote:
Thanks for this info!
The patch looks good and is obviously safe to apply, but I would like to Not sure where the regression test should go. t/op/tiearray.t ? |
The RT System itself - Status changed from 'new' to 'open' |
From perl@profvince.com
The problem is that delaymagic is set. This happens because the second The attached patch fixes this behaviour by copying PL_delaymagic before |
From perl@profvince.com |
From perl@profvince.comdelaymagic.patch--- pp_hot.c 2008-03-10 18:39:48.000000000 +0100
+++ pp_hot.c 2008-03-12 17:03:58.000000000 +0100
@@ -1020,8 +1020,14 @@
*(relem++) = sv;
didstore = av_store(ary,i++,sv);
if (magic) {
- if (SvSMAGICAL(sv))
+ if (SvSMAGICAL(sv)) {
+ /* More magic can happen in the mg_set callback, so we
+ * backup the delaymagic for now. */
+ U16 dmbak = PL_delaymagic;
+ PL_delaymagic = 0;
mg_set(sv);
+ PL_delaymagic |= dmbak;
+ }
if (!didstore)
sv_2mortal(sv);
}
@@ -1051,8 +1057,12 @@
duplicates += 2;
didstore = hv_store_ent(hash,sv,tmpstr,0);
if (magic) {
- if (SvSMAGICAL(tmpstr))
+ if (SvSMAGICAL(tmpstr)) {
+ U16 dmbak = PL_delaymagic;
+ PL_delaymagic = 0;
mg_set(tmpstr);
+ PL_delaymagic |= dmbak;
+ }
if (!didstore)
sv_2mortal(tmpstr);
}
@@ -1076,7 +1086,13 @@
}
else
sv_setsv(sv, &PL_sv_undef);
- SvSETMAGIC(sv);
+
+ if (SvSMAGICAL(sv)) {
+ U16 dmbak = PL_delaymagic;
+ PL_delaymagic = 0;
+ mg_set(sv);
+ PL_delaymagic |= dmbak;
+ }
break;
}
} |
From @nwc10Since your mailer isn't using the dreaded text-mangling Format Flowed, On Wed, Mar 12, 2008 at 05:37:40PM +0100, Vincent Pit wrote:
Nice debugging.
You do this: Inline Patch--- pp_hot.c 2008-03-10 18:39:48.000000000 +0100
+++ pp_hot.c 2008-03-12 17:03:58.000000000 +0100
@@ -1020,8 +1020,14 @@
*(relem++) = sv;
didstore = av_store(ary,i++,sv);
if (magic) {
- if (SvSMAGICAL(sv))
+ if (SvSMAGICAL(sv)) {
+ /* More magic can happen in the mg_set callback, so we
+ * backup the delaymagic for now. */
+ U16 dmbak = PL_delaymagic;
+ PL_delaymagic = 0;
mg_set(sv);
+ PL_delaymagic |= dmbak;
+ }
if (!didstore)
sv_2mortal(sv);
}
Or if an exception is thrown within the mg_set(), does it propagate up so Nicholas Clark |
From @smpetersI've applied this patch as change #33495 since it passes all the tests Steve On Wed, Mar 12, 2008 at 4:59 AM, via RT blino @ mandriva. com
|
From perl@profvince.com
Yes, we could localize delaymagic, just to be on the safe side. However, |
@smpeters - Status changed from 'open' to 'resolved' |
From @rgs2008/3/12 Vincent Pit <perl@profvince.com>:
Thanks, applied as #33778. |
From @iabynA belated followup. See the following commit: commit 8ef2424 Revert "Re: [perl #51636] segmentation fault with array ties" |
Migrated from rt.perl.org#51636 (status was 'resolved')
Searchable as RT51636$
The text was updated successfully, but these errors were encountered: