From @nwc10

Jerry Hedden mailed p5p in 1ff86f510805081400l1fd9b9das47034600aee20390@​mail.gmail.com
http​://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2008-05/msg00254.html

Dave notes​:

a regression since 5.10.0 - present in B,M

From @jimc

On Thu May 28 08​:09​:27 2009, nicholas wrote​:

Jerry Hedden mailed p5p in
1ff86f510805081400l1fd9b9das47034600aee20390@​mail.gmail.com
http​://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2008-
05/msg00254.html

Dave notes​:

a regression since 5.10.0 - present in B,M

another data point.

I ran DaveM's simpler code using -Dm,
this coaxes a segfault out of perl.
Hopefully its related (it has the clone Dave cited

gdb ./perl -- -Dm -Ilib ../bisect.pl

#0 Perl_sv_setpvn (my_perl=0x8364958, sv=0xabababab, ptr=0x82579ea "",
len=0) at sv.c​:4296
#1 0x08171529 in Perl_sv_vsetpvfn (my_perl=0x8364958, sv=0xabababab,
pat=0x825786c "%s", patlen=2,
  args=0xbfffed14, svargs=0x0, svmax=0, maybe_tainted=0x0) at sv.c​:9114
#2 0x080fcfe3 in Perl_vmess (my_perl=0x8364958, pat=0x825786c "%s",
args=0xbfffed14) at util.c​:1203
#3 0x080fdff5 in S_vdie_croak_common (my_perl=0x8364958,
  pat=0xbfffed14 "$���H���\207S\032\blx%\b�\026-\bj\033'\b",
args=0x4e007325, msglen=0xbfffecdc,
  utf8=0xbfffecd8) at util.c​:1345
#4 0x080fe48c in Perl_vcroak (my_perl=0x8364958, pat=0x825786c "%s",
args=0xbfffed14) at util.c​:1417
#5 0x08102b1f in Perl_croak_nocontext (pat=0x825786c "%s") at util.c​:1438
#6 0x081a5387 in Perl_tmps_grow (my_perl=0x8364958, n=1) at scope.c​:146
#7 0x081394f0 in Perl_sv_2mortal (my_perl=0x8364958, sv=0x837a874) at
sv.c​:7590
#8 0x081151cd in Perl_mg_get (my_perl=0x8364958, sv=0x837a874) at mg.c​:205
#9 0x0814963f in Perl_sv_2pv_flags (my_perl=0x8364958, sv=0x837a874,
lp=0xbfffee78,
  flags=<value optimized out>) at sv.c​:2741
#10 0x0815f318 in Perl_sv_pvn_force_flags (my_perl=0x8364958,
sv=0x837a874, lp=0xbfffef9c, flags=2) at sv.c​:8302
#11 0x081434b2 in Perl_sv_vcatpvfn (my_perl=0x8364958, sv=0x837a874,
  pat=0x8280324 "0x%lx​: (%05ld) malloc %ld bytes\n", patlen=32,
args=0xbffff0b8, svargs=0x0, svmax=0,
  maybe_tainted=0x0) at sv.c​:9217
#12 0x08171911 in Perl_vnewSVpvf (my_perl=0x8364958, pat=0x8280324
"0x%lx​: (%05ld) malloc %ld bytes\n",
  args=0xbffff0b8) at sv.c​:7817
#13 0x08228e7e in PerlIO_vprintf (f=0xabababb7, fmt=0x8280324 "0x%lx​:
(%05ld) malloc %ld bytes\n",
  ap=0xbffff0d8 " �/\b����\234\001") at perlio.c​:5120
#14 0x0822901f in PerlIO_printf (f=0xabababb7, fmt=0x8280324 "0x%lx​:
(%05ld) malloc %ld bytes\n")
  at perlio.c​:5135
#15 0x081033a2 in Perl_safesysmalloc (size=<value optimized out>) at
util.c​:96
#16 0x08116667 in Perl_reentrant_init (my_perl=0x8364958) at reentr.c​:148
#17 0x081639c0 in perl_clone (proto_perl=0x82db008, flags=2) at sv.c​:11838
#18 0x007a8a3e in S_ithread_create () at threads.xs​:758
#19 XS_threads_create (my_perl=0x82db008, cv=0x83415fc) at threads.xs​:1052
#20 0x08128001 in Perl_pp_entersub (my_perl=0x82db008) at pp_hot.c​:2878
#21 0x080f1cc7 in Perl_runops_debug (my_perl=0x82db008) at dump.c​:1981
#22 0x0807f523 in S_run_body () at perl.c​:2275
#23 perl_run (my_perl=0x82db008) at perl.c​:2201
#24 0x0805fb25 in main (argc=4, argv=0xbffff4b4, env=0xbffff4c8) at
perlmain.c​:117
(gdb)

BTW, adding an __END__ does NOT give me a 3rd attempt to free.

The RT System itself - Status changed from 'new' to 'open'

From p5p@spam.wizbit.be

Bisect of Dave's test case​:

Running the prog '/tmp/rt-66108-2.pl' for installed-perls/perl/pSgz7tX/
perl-5.9.4@​28770/bin/perl and installed-perls/perl/pz0rj1d/perl-
5.9.4@​28771/bin/perl
----Program----
#!/usr/bin/perl -l

my $out = qx#$^X /tmp/rt-66108.pl 2>&1#;
$out =~ s/0x......./0xFFFFFFF/g;
print $out;

----Output of .../pSgz7tX/perl-5.9.4@​28770/bin/perl----

----EOF ($?='0')----
----Output of .../pz0rj1d/perl-5.9.4@​28771/bin/perl----
Attempt to free unreferenced scalar​: SV 0xFFFFFFF, Perl interpreter​:
0xFFFFFFF at /tmp/rt-66108.pl line 24.
Attempt to free unreferenced scalar​: SV 0xFFFFFFF, Perl interpreter​:
0xFFFFFFF at /tmp/rt-66108.pl line 24.
Scalars leaked​: 2

----EOF ($?='0')----

http​://perl5.git.perl.org/perl.git/commit/
78c7203
author Nicholas Clark <nick@​ccl4.org>
  Thu, 31 Aug 2006 09​:05​:50 +0000 (09​:05 +0000)
committer Nicholas Clark <nick@​ccl4.org>
  Thu, 31 Aug 2006 09​:05​:50 +0000 (09​:05 +0000)
commit 78c7203
tree a16b884a1b38e00a54fe96eb7fe890408d6abb13 tree | snapshot
parent 2e0df0e commit | diff

Change the generation of {} and [] from 3 ops to 1, and avoid 1 mortal
on the tempstack, by augmenting pp_anonlist and pp_anonhash to accept
OPf_SPECIAL to mean "return a reference to the aggregate" on the stack
rather than the aggregate itself.

p4raw-id​: //depot/perl@​28771

From [Unknown Contact. See original ticket]

Bisect of Dave's test case​:

Running the prog '/tmp/rt-66108-2.pl' for installed-perls/perl/pSgz7tX/
perl-5.9.4@​28770/bin/perl and installed-perls/perl/pz0rj1d/perl-
5.9.4@​28771/bin/perl
----Program----
#!/usr/bin/perl -l

my $out = qx#$^X /tmp/rt-66108.pl 2>&1#;
$out =~ s/0x......./0xFFFFFFF/g;
print $out;

----Output of .../pSgz7tX/perl-5.9.4@​28770/bin/perl----

----EOF ($?='0')----
----Output of .../pz0rj1d/perl-5.9.4@​28771/bin/perl----
Attempt to free unreferenced scalar​: SV 0xFFFFFFF, Perl interpreter​:
0xFFFFFFF at /tmp/rt-66108.pl line 24.
Attempt to free unreferenced scalar​: SV 0xFFFFFFF, Perl interpreter​:
0xFFFFFFF at /tmp/rt-66108.pl line 24.
Scalars leaked​: 2

----EOF ($?='0')----

http​://perl5.git.perl.org/perl.git/commit/
78c7203
author Nicholas Clark <nick@​ccl4.org>
  Thu, 31 Aug 2006 09​:05​:50 +0000 (09​:05 +0000)
committer Nicholas Clark <nick@​ccl4.org>
  Thu, 31 Aug 2006 09​:05​:50 +0000 (09​:05 +0000)
commit 78c7203
tree a16b884a1b38e00a54fe96eb7fe890408d6abb13 tree | snapshot
parent 2e0df0e commit | diff

Change the generation of {} and [] from 3 ops to 1, and avoid 1 mortal
on the tempstack, by augmenting pp_anonlist and pp_anonhash to accept
OPf_SPECIAL to mean "return a reference to the aggregate" on the stack
rather than the aggregate itself.

p4raw-id​: //depot/perl@​28771

From @iabyn

On Thu, May 28, 2009 at 08​:09​:27AM -0700, Nicholas Clark wrote​:

# New Ticket Created by Nicholas Clark
# Please include the string​: [perl #66108]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=66108 >

Jerry Hedden mailed p5p in 1ff86f510805081400l1fd9b9das47034600aee20390@​mail.gmail.com
http​://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2008-05/msg00254.html

Dave notes​:

a regression since 5.10.0 - present in B,M

Now fixed​:

commit 7fa3829
Author​: David Mitchell <davem@​iabyn.com>
AuthorDate​: Fri Jan 8 23​:31​:45 2010 +0000
Commit​: David Mitchell <davem@​iabyn.com>
CommitDate​: Fri Jan 8 23​:31​:45 2010 +0000

  fix for [perl #66108] Leaked scalars
 
  @​DB​::args is a hack​: it gets set with non-refcounted aliases of the
  caller's @​_ elements.
 
  Once the sub that ran caller() has exited, @​DB​::args will contain garbage​:
  elements will be SVs that have been freed, re-assigned etc.
 
  So as a minimum, when cloning an interpreter, skip cloning @​DB​::args.

Affected files ...
 
  M sv.c

Differences ...

diff --git a/sv.c b/sv.c
index 38a9140..c2757d6 100644
--- a/sv.c
+++ b/sv.c
@@ -11913,6 +11913,10 @@ perl_clone_using(PerlInterpreter *proto_perl, UV flags,
     SvNV_set(&PL_sv_yes, 1);
     ptr_table_store(PL_ptr_table, &proto_perl->Isv_yes, &PL_sv_yes);
 
+    /* dbargs array probably holds garbage; give the child a clean array */
+    PL_dbargs		= newAV();
+    ptr_table_store(PL_ptr_table, proto_perl->Idbargs, PL_dbargs);
+
     /* create (a non-shared!) shared string table */
     PL_strtab		= newHV();
     HvSHAREKEYS_off(PL_strtab);
@@ -12039,7 +12043,6 @@ perl_clone_using(PerlInterpreter *proto_perl, UV flags,
     PL_DBsingle		= sv_dup(proto_perl->IDBsingle, param);
     PL_DBtrace		= sv_dup(proto_perl->IDBtrace, param);
     PL_DBsignal		= sv_dup(proto_perl->IDBsignal, param);
-    PL_dbargs		= av_dup(proto_perl->Idbargs, param);
 
     /* symbol tables */
     PL_defstash		= hv_dup_inc(proto_perl->Idefstash, param);


-- 

Lady Nancy Astor​: If you were my husband, I would flavour your coffee
with poison.
Churchill​: Madam - if I were your husband, I would drink it.

@iabyn - Status changed from 'open' to 'resolved'