New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Perl debugger runs out of memory, hangs or segfaults on XML::Parser::Lite #9753
Comments
From @nwc10Avar mailed p5p in 51dd1af80807190107h30b8626ct6d4d0a825abe4b3b@mail.gmail.com perl 5.10 and blead will do various combinations of running of of Dave notes: possibly a 5.10.0 regression |
From p5p@spam.wizbit.beOn Thu May 28 08:14:52 2009, nicholas wrote:
Change 1: Leaking memory when run interactive in the debugger. ----Program---- $ENV{PERL_SIGNALS} = "unsafe"; my my $pid = fork(); if ($pid) { ----Output of .../pXYMq0N/perl-5.9.1@23371/bin/perl---- ----EOF ($?='0')---- ----EOF ($?='9')---- http://public.activestate.com/cgi-bin/perlbrowse/p/23372 Implement a new -dt command-line flag, to enable threads under $ perl-p-5.9.1\@23371/perl -d /tmp/rt-66110.pl Loading DB routines from perl5db.pl version 1.27 Enter h or `h h' for help, or `man perldebug' for more help. main::(/tmp/rt-66110.pl:71): setHandlers(); $ perl-p-5.9.1\@23372/perl -d /tmp/rt-66110.pl Loading DB routines from perl5db.pl version 1.28 Enter h or `h h' for help, or `man perldebug' for more help. main::(/tmp/rt-66110.pl:71): setHandlers(); => Keeps running (100% CPU) and starts leaking memory (Small note: /tmp/rt-66110.pl does not contain a shebang line) Change 2: Segmentation fault (but not always) (Small note: /tmp/rt-66110.pl contains the shebang #!/usr/bin/perl -d) $ PERLDB_OPTS="NonStop=1" perl-p-5.9.2@26537/perl /tmp/rt-66110.pl # $ PERLDB_OPTS="NonStop=1" perl-p-5.9.2@26539/perl /tmp/rt-66110.pl http://public.activestate.com/cgi-bin/perlbrowse/p/26538 In the shared string table, if we add new entries to the head Not sure if this last change is really the cause of the segmentation Best regards, Bram |
The RT System itself - Status changed from 'new' to 'open' |
From @craigberryOn Thu, May 28, 2009 at 10:14 AM, Nicholas Clark
In Perl_regexec_flags (called from Perl_pp_match), after the got_it: if (flags & REXEC_COPY_STR) { < ifdef snipped> Some values of interest, including those that make up i, are as follows: REGEXEC\Perl_regexec_flags\my_perl->Ireg_state.re_state_regeol: 15380736 The string we are currently matching is: *PP_HOT\Perl_pp_match\s: "<foo>bar</foo>" To me that looks just a tad less than 3.9 million bytes :-), but it is I think that's about as far as I'm going to get with this but thought |
From @craigberryOn Sat, May 30, 2009 at 9:39 AM, Craig A. Berry <craig.a.berry@gmail.com> wrote:
Curiosity kept me going a bit farther, so here's some more analysis DBG> sh calls The noteworthy bit is that Perl_pp_match appears twice, so we are case EVAL: /* /(?{A})B/ /(??{A})B/ and /(?(?{A})X|Y)B/ */ and does: CALLRUNOPS(aTHX); /* Scalar context. */ which in turn initiates another match operation. So we have inner and It may not be a general case of a problem with evals in regexen, but Inline Patch--- xpl-testcase.pl;-0 2009-05-28 06:59:18 -0500
+++ xpl-testcase.pl 2009-05-31 10:29:23 -0500
@@ -61,7 +61,7 @@ sub regexp {
sub compile { local $^W;
# try regexp as it should be, apply patch if doesn't work
foreach (regexp(), regexp('??')) {
- eval qq{sub parse_re { use re "eval"; 1 while \$_[0] =~ m{$_}go
[end] I don't know why that sub declaration was inside an eval in the first place. |
From p5p@spam.wizbit.beA trimmed down version attached. When you run it you may or may not get an 'Out of memory error!'. Summary: running the test seems to depend on: Test 1: perl-5.10.0, file: test.pl: user 'perl' and using 'next' in the Test 4: perl-5.10.0, file: test.pl: user 'bram' and using 'next' in the Test 7: blead, file: test.pl: user 'perl' and using 'next' in the
Test 13: blead, file: test_15.pl: user 'perl' and using 'next' in the (Details are at end) Valgrind (from Vincent): Loading DB routines from perl5db.pl version 1.30000000000000004 Enter h or `h h' for help, or `man perldebug' for more help. main::(z.pl:1): *c = sub {}; The details: perl -V used in the following tests: Characteristics of this binary (from libperl): Test 1: perl-5.10.0, file: test.pl: user 'perl' and using 'next' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 2: perl-5.10.0, file: test.pl: user 'perl' and using 'run' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 3: perl-5.10.0, file: test.pl: user 'perl' and running with Test 4: perl-5.10.0, file: test.pl: user 'bram' and using 'next' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 5: perl-5.10.0, file: test.pl: user 'bram' and using 'run' in the Loading DB routines from perl5db.pl version 1.3 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 6: perl-5.10.0, file: test.pl: user 'bram' and running with Test 7: blead, file: test.pl: user 'perl' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 8: blead, file: test.pl: user 'perl' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 9: blead, file: test.pl: user 'perl' and running with NonStop=1 -> Test 10: blead, file: test.pl: user 'bram' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 11: blead, file: test.pl: user 'bram' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test.pl:1): *c = sub {}; Test 12: blead, file: test.pl: user 'bram' and running with NonStop=1 -
Changing the name of the test script: test.pl -> test_15.pl $ md5sum test.pl test_15.pl $ diff -Naur test.pl test_15.pl Test 13: blead, file: test_15.pl: user 'perl' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 14: blead, file: test_15.pl: user 'perl' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 15: blead, file: test_15.pl: user 'perl' and running with Test 16: blead, file: test_15.pl: user 'bram' and using 'next' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 17: blead, file: test_15.pl: user 'bram' and using 'run' in the Loading DB routines from perl5db.pl version 1.33 Enter h or `h h' for help, or `man perldebug' for more help. main::(test_15.pl:1): *c = sub {}; Test 18: blead, file: test_15.pl: user 'bram' and running with Best regards, Bram |
From p5p@perl.wizbit.be
Some more debugging (and trimming perl5db.pl to 19 lines) revealed the In perl5db.pl in sub sub: http://perl5.git.perl.org/perl.git/blob/85bdf03b25729816eedfea55a7f2c32c4bb80fba:/lib/perl5db.pl The trimmed test case from some earlier debugging: *c = sub {}; What happens: The end result is that a new regex is being executed inside a regex This also means it is reproduciable without the debugger: #!/usr/bin/perl -l print $]; (Of course since it is a memory corruption it may not be reproducible I'll submit a patch and a test case later today. Best regards, Bram |
From p5p@perl.wizbit.beCiteren Bram <p5p@perl.wizbit.be>:
Patch attached. Best regards, Bram |
From p5p@perl.wizbit.be0001-perl-66110-Do-not-use-a-regex-in-DB-sub.patchFrom f33b9071bf2d82a22bb2cb2ea5115d362f881159 Mon Sep 17 00:00:00 2001
From: Bram <p5p@perl.wizbit.be>
Date: Sat, 25 Jul 2009 16:26:45 +0200
Subject: [PATCH] [perl #66110]: Do not use a regex in DB::sub
---
MANIFEST | 1 +
lib/perl5db.pl | 4 +++-
lib/perl5db.t | 10 +++++++++-
lib/perl5db/t/rt-66110 | 36 ++++++++++++++++++++++++++++++++++++
4 files changed, 49 insertions(+), 2 deletions(-)
create mode 100644 lib/perl5db/t/rt-66110
diff --git a/MANIFEST b/MANIFEST
index f26ec98..90f1156 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -2807,6 +2807,7 @@ lib/perl5db/t/eval-line-bug Tests for the Perl debugger
lib/perl5db/t/lvalue-bug Tests for the Perl debugger
lib/perl5db/t/proxy-constants Tests for the Perl debugger
lib/perl5db/t/rt-61222 Tests for the Perl debugger
+lib/perl5db/t/rt-66110 Tests for the Perl debugger
lib/perl5db/t/symbol-table-bug Tests for the Perl debugger
lib/PerlIO.pm PerlIO support module
lib/PerlIO/via/QuotedPrint.pm PerlIO::via::QuotedPrint
diff --git a/lib/perl5db.pl b/lib/perl5db.pl
index 03ef2a2..33bbc47 100644
--- a/lib/perl5db.pl
+++ b/lib/perl5db.pl
@@ -3639,6 +3639,8 @@ arguments with which the subroutine was invoked
=cut
sub sub {
+ # Do not use a regex in this subroutine -> results in corrupted memory
+ # See: [perl #66110]
# lock ourselves under threads
lock($DBGR);
@@ -3647,7 +3649,7 @@ sub sub {
# sub's return value in (if needed), and an array to put the sub's
# return value in (if needed).
my ( $al, $ret, @ret ) = "";
- if ($sub =~ /^threads::new$/ && $ENV{PERL5DB_THREADED}) {
+ if ($sub eq 'threads::new' && $ENV{PERL5DB_THREADED}) {
print "creating new thread\n";
}
diff --git a/lib/perl5db.t b/lib/perl5db.t
index 6e57c9f..59acd7a 100644
--- a/lib/perl5db.t
+++ b/lib/perl5db.t
@@ -27,7 +27,7 @@ my $dev_tty = '/dev/tty';
}
}
-plan(7);
+plan(8);
sub rc {
open RC, ">", ".perldb" or die $!;
@@ -160,6 +160,14 @@ SKIP: {
}
+# [perl #66110] Call a subroutine inside a regex
+{
+ local $ENV{PERLDB_OPTS} = "ReadLine=0 NonStop=1";
+ my $output = runperl(switches => [ '-d' ], stderr => 1, progfile => '../lib/perl5db/t/rt-66110');
+ like($output, "All tests successful.", "[perl #66110]");
+}
+
+
# clean up.
END {
diff --git a/lib/perl5db/t/rt-66110 b/lib/perl5db/t/rt-66110
new file mode 100644
index 0000000..7ba6c36
--- /dev/null
+++ b/lib/perl5db/t/rt-66110
@@ -0,0 +1,36 @@
+#!/usr/bin/perl
+#
+# This code is used by lib/perl5db.t !!!
+#
+
+$all_ok = 1;
+*c = sub { };
+
+if ("abcdefghi" =~ m/(abc)(def)(?{ c() })(ghi)/) {
+ print "ok 1\n";
+
+ $all_ok = 0, print "not " if $1 ne 'abc';
+ print "ok 2\n";
+
+ $all_ok = 0, print "not " if $2 ne 'def';
+ print "ok 3\n";
+
+ $all_ok = 0, print "not " if $3 ne 'ghi';
+ print "ok 4\n";
+
+ $all_ok = 0, print "not " if $& ne 'abcdefghi';
+ print "ok 5\n";
+}
+else {
+ $all_ok = 0;
+ print "not ok 1\n";
+ print "not ok 2\n";
+ print "not ok 3\n";
+ print "not ok 4\n";
+ print "not ok 5\n";
+}
+
+if ($all_ok) {
+ print "All tests successful.";
+}
+
--
1.6.3.2
|
From @craigberryOn Sat, Jul 25, 2009 at 9:38 AM, Bram<p5p@perl.wizbit.be> wrote:
Thanks, now in blead at: http://perl5.git.perl.org/perl.git/commitdiff/b7bfa85 |
p5p@spam.wizbit.be - Status changed from 'open' to 'resolved' |
From @craigberryOn Sat, Jul 25, 2009 at 2:03 PM, Craig A. Berry<craig.a.berry@gmail.com> wrote:
Bram's change prevents the debugger from exercising the pathology reported. My change here: http://perl5.git.perl.org/perl.git/commitdiff/d80618d prevents the regex engine from losing track of where its strings end Note that other aspects of regex state are not saved and restored and |
From @druud62Craig A. Berry wrote:
IIRC, code similar to the following is somewhere in the documentation. perl -wle' -- |
From @jbenjore"Dr.Ruud" <rvtol+usenet@isolution.nl> writes:
No. That's ok. What's dodgy is: m{ This shows up when calling functions within (?{}) and (??{}). Josh |
From @demerphq2009/8/2 Josh ben Jore <twists@gmail.com>:
Hmm, i remember it being dodgy too. Are you sure its not? Yves -- |
Migrated from rt.perl.org#66110 (status was 'resolved')
Searchable as RT66110$
The text was updated successfully, but these errors were encountered: