From nothingmuch@syeeda.local

Created by nothingmuch@syeeda.local

This is a bug report for perl from nothingmuch@​syeeda.local,
generated with the help of perlbug 1.35 running under perl v5.10.0.

-----------------------------------------------------------------

The following script produces a segfault or bus error for me​:

package Foo;
use Moose;

use namespace​::clean -except => 'meta';

sub bar {
  my ( $self, @​args ) = @​_;

  my @​ret; # without this it's a segfault, with it it's a bus error (null pointer deref on osx)

  foreach my @​error ( @​args ) {
  }
}

Moose uses Sub​::Exporter to create export closures for its declaration syntax.

These are then deleted by namespace​::clean when the Scope​::Guard it puts in %^H
is stringified and thus goes out of scope.

I suspect that the parse failure is causing %^H to be cleaned up differently,
and that the garbage collection is causing these issues.

I can't reduce the test case any more than this.

Flags:
    category=core
    severity=low

This perlbug was built using Perl v5.8.8 - Fri May  2 00:15:29 CST 2008
It is being executed now by  Perl v5.10.0 - Tue Jan 29 05:46:20 IST 2008.

Site configuration information for perl v5.10.0:

Configured by nothingmuch at Tue Jan 29 05:46:20 IST 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=darwin, osvers=9.1.0, archname=darwin-multi-2level
    uname='darwin syeeda.local 9.1.0 darwin kernel version 9.1.0: wed oct 31 17:46:22 pdt 2007; root:xnu-1228.0.2~1release_i386 i386 '
    config_args='-Uusethreads -Dusemultiplicity -de -s'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-fno-common -DPERL_DARWIN -no-cpp-precomp -fno-strict-aliasing -pipe -I/usr/local/include',
    optimize='-O3',
    cppflags='-no-cpp-precomp -fno-common -DPERL_DARWIN -no-cpp-precomp -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.0.1 (Apple Inc. build 5465)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib
    libs=-ldbm -ldl -lm -lutil -lc
    perllibs=-ldl -lm -lutil -lc
    libc=/usr/lib/libc.dylib, so=dylib, useshrplib=false, libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup -L/usr/local/lib'

Locally applied patches:
    


@INC for perl v5.10.0:
    /usr/local/svk-1.06/perl/darwin-thread-multi-2level/
    /usr/local/lib/perl5/5.10.0/darwin-multi-2level
    /usr/local/lib/perl5/5.10.0
    /usr/local/lib/perl5/site_perl/5.10.0/darwin-multi-2level
    /usr/local/lib/perl5/site_perl/5.10.0
    /usr/local/lib/perl5/site_perl/5.8.8
    /usr/local/lib/perl5/site_perl/5.8.6
    /usr/local/lib/perl5/site_perl
    .


Environment for perl v5.10.0:
    DYLD_LIBRARY_PATH (unset)
    HOME=/Users/nothingmuch
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LC_ALL=en_US.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/Users/nothingmuch/bin:/Users/nothingmuch/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/Applications/Graphviz.app/Contents/MacOS:/Applications/Doxygen.app/Contents/Resources:/Applications/MPlayer OSX.app/Contents/Resources/External_Binaries/mplayer_intel.app/Contents/MacOS:/opt/local/bin:/opt/local/sbin:/usr/local/perls/blead/bin:/usr/local/perls/5.6.2/bin:/Applications/Graphviz.app/Contents/MacOS:/Developer/Tools
    PERL5LIB=/usr/local/svk-1.06/perl/darwin-thread-multi-2level/
    PERL_AUTOINSTALL=--checkonly
    PERL_BADLANG (unset)
    PERL_MM_USE_DEFAULT=1
    SHELL=/bin/bash

From @iabyn

On Fri, Sep 05, 2008 at 01​:01​:34PM -0700, nothingmuch@​syeeda.local (via RT) wrote​:

package Foo;
use Moose;

use namespace​::clean -except => 'meta';

sub bar {
my ( $self, @​args ) = @​_;

my @​ret; \# without this it's a segfault\, with it it's a bus error \(null pointer deref on osx\)

foreach my @​error \( @​args \) \{
\}

}

I can reduce it to the following, which crashes on bleed and doesn't
require any external modules​:

F1.pm​:

  package F1;

  sub foo { };

  sub import {

  my %store;
  $store{$_} = 1 for 1..8;

  $^H{'xxx'} = bless [ sub { foo(keys %store) } ];
  }
  sub DESTROY {
  $_[0][0]->();
  }

  1;

main script​:

  #!/usr/bin/perl

  use F1;

  sub bar {
  my ($x,$y);
  for my @​e ( @​args ) { }
  }

It appears that bar()'s pad is freed during error cleanup *before*
some of the ops on the parse stack are freed, resulting in ops-with-targs
that refer to that pad doing Bad Things when freed.

I've kind of of run out of time to look at this any further for a bit.

--
Monto Blanco... scorchio!

The RT System itself - Status changed from 'new' to 'open'

From @nwc10

Dave notes​:

coredump on bleed, maint. regression since 5.8.8
I think its the pad-already-freed-ibn yy_stack_clear() issue

From p5p@spam.wizbit.be

On Thu May 28 07​:28​:55 2009, nicholas wrote​:

Dave notes​:

coredump on bleed, maint. regression since 5.8.8
I think its the pad-already-freed-ibn yy_stack_clear() issue

Binary search​:

Running the prog '/tmp/rt-58614/script.pl' for installed-perls/perl/
p9sdLdP/perl-5.9.4@​29542/bin/perl and installed-perls/perl/pbRb9Qz/perl-
5.9.4@​29543/bin/perl
----Program----
  #!/usr/bin/perl
  use lib qw#/tmp/rt-58614/#;

  use F1;

  sub bar {
  my ($x,$y);
  for my @​e ( @​args ) { }
  }

----Output of .../p9sdLdP/perl-5.9.4@​29542/bin/perl----
Missing $ on loop variable at /tmp/rt-58614/script.pl line 9.

----EOF ($?='65280')----
----Output of .../pbRb9Qz/perl-5.9.4@​29543/bin/perl----
Missing $ on loop variable at /tmp/rt-58614/script.pl line 9.

----EOF ($?='11')----

http​://public.activestate.com/cgi-bin/perlbrowse/p/29543
Change 29543 by davem@​davem-monkey on 2006/12/13 01​:47​:34

  fix parser leaks caused by croaking while shifting or reducing
  e.g. these no longer leak​:
  eval q[my $x; local $x] while 1;
  eval q[$s = sub <> {}] while 1;

From @schwern

This appears to have been fixed at some point in blead, but its still
broken in 5.10.1 RC0.

Attached is a test. I can't even fathom what to call it or where it
would go.

From @schwern

From fe8f92b3738c369dc737e04125efd17ed03a11eb Mon Sep 17 00:00:00 2001
From: Michael G. Schwern <schwern@pobox.com>
Date: Sun, 12 Jul 2009 03:19:24 -0700
Subject: [PATCH] A test for rt.cpan.org 58614 which I can't fathom where it would go or what to call it.

---
 t/rt.cpan.org-58614.t |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 48 insertions(+), 0 deletions(-)
 create mode 100644 t/rt.cpan.org-58614.t

diff --git a/t/rt.cpan.org-58614.t b/t/rt.cpan.org-58614.t
new file mode 100644
index 0000000..71a12af
--- /dev/null
+++ b/t/rt.cpan.org-58614.t
@@ -0,0 +1,48 @@
+#!./perl
+
+# A test for rt.cpan.org 58614
+
+BEGIN {
+    chdir 't' if -d 't';
+    @INC = '../lib';
+    require './test.pl';
+}
+
+use strict;
+plan tests => 1;
+
+{
+    # Write out a module which is necessary to reproduce the failure
+    my $module = "TestModule$$";
+    END { 1 while unlink "$module.pm" }
+    open my $fh, ">", "$module.pm";
+    print $fh sprintf <<'MODULE', $module;
+package %s;
+
+sub foo { };
+
+sub import {
+    my %%store;
+    $store{$_} = 1 for 1..8;
+
+    $^H{'xxx'} = bless [ sub { foo(keys %%store) } ];
+}
+
+sub DESTROY {
+    $_[0][0]->();
+}
+
+1;
+MODULE
+    close $fh;
+
+    # This code would segfault in 5.10.0.
+    fresh_perl_like(sprintf(<<'CODE', $module), qr/^Missing \$ on loop variable/, {});
+use %s;
+
+sub bar {
+    my ($x,$y);
+    for my @e ( @args ) { }
+}
+CODE
+}
-- 
1.6.2.4

From @schwern

A bisect shows this was the fix​:

commit a8ba03f
Author​: Marcus Holland-Moritz <mhx-perl@​gmx.net>
Date​: Wed Apr 8 09​:49​:19 2009 +0200

  Use of freed comppad array during clear_yystack()
 
  Message-ID​: <20081026231720.34258457@​r2d2>

From @obra

On Sun Jul 12 04​:21​:40 2009, schwern wrote​:

A bisect shows this was the fix​:

commit a8ba03f
Author​: Marcus Holland-Moritz <mhx-perl@​gmx.net>
Date​: Wed Apr 8 09​:49​:19 2009 +0200

Use of freed comppad array during clear\_yystack\(\)

Message\-ID&#8203;: \<20081026231720\.34258457@&#8203;r2d2>

Confirmed fixed in 5.11. Resolving.

@obra - Status changed from 'open' to 'resolved'