From chrishammond@ymail.com

Created by chrishammond@ymail.com

Hi,

I've got an instance of Perl 5.12.1 which has been compiled using the PERL_USE_SAFE_PUTENV flag defined, and have noted that it segfaults if you try to clear a non-existent value from the magic %ENV hash if local'ed.

Using 5.12.1 compiled with with​:
config_args="-Accflags=-DPERL_USE_SAFE_PUTENV"

perl -e "local %ENV;delete $ENV{q{UNDEFINED}}"
or
DEFINED=YES perl -e "local %ENV;delete $ENV{q{DEFINED}}"

Segmentation fault (core dumped)

Process terminating with default action of signal 11 (SIGSEGV)​: dumping core

Invalid read of size 8
unsetenv (setenv.c​:295)
by Perl_magic_clearenv

No seg fault from​:

DEFINED=YES perl -e "delete local $ENV{q{DEFINED}}"
or
perl -e "delete local $ENV{q{UNDEFINED}}"
or
DEFINED=YES perl -e "local %ENV=%ENV;delete $ENV{q{DEFINED}}"
or
perl -e "local %ENV=%ENV;delete $ENV{q{UNDEFINED}}"

Some code that does this​:
Math​::Pari utils/Math/PariBuild.pm
Some code that did this​:
Google-Chart 0.05014 t/90_env_proxy.t

Thanks,

Chris

Flags:
    category=core
    severity=low

Site configuration information for perl 5.12.1:

Configured by pmbuild at Wed Aug 18 04:31:57 EDT 2010.

Summary of my perl5 (revision 5 version 12 subversion 1) configuration:
   
  Platform:
    osname=linux, osvers=2.6.18-194.3.1.el5, archname=x86_64-linux-thread-multi
    uname='linux ngbuilda01 2.6.18-194.3.1.el5 #1 smp sun may 2 04:17:42 edt 2010 x86_64 x86_64 x86_64 gnulinux '
    config_args='-des -Dprefix=/home/chammond/perl -Duseshrplib -Dusethreads -Accflags=-DPERL_USE_SAFE_PUTENV'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.3.2 20081105 (Red Hat 4.3.2-14)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 /usr/local/lib64
    libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.5'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/home/chammond/perl/lib/5.12.1/x86_64-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector'

Locally applied patches:
    


@INC for perl 5.12.1:
    /home/chammond/perl/lib/site_perl/5.12.1/x86_64-linux-thread-multi
    /home/chammond/perl/lib/site_perl/5.12.1
    /home/chammond/perl/lib/5.12.1/x86_64-linux-thread-multi
    /home/chammond/perl/lib/5.12.1
    .


Environment for perl 5.12.1:
    HOME=/home/chammond
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/chammond/perl/bin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

chrishammond@ymail.com - Status changed from 'new' to 'open'

From @iabyn

On Mon, Aug 23, 2010 at 02​:08​:21AM -0700, chrishammond@​ymail.com wrote​:

I've got an instance of Perl 5.12.1 which has been compiled using the
PERL_USE_SAFE_PUTENV flag defined, and have noted that it segfaults if
you try to clear a non-existent value from the magic %ENV hash if
local'ed.

Using 5.12.1 compiled with with​:
config_args="-Accflags=-DPERL_USE_SAFE_PUTENV"

perl -e "local %ENV;delete $ENV{q{UNDEFINED}}"
or
DEFINED=YES perl -e "local %ENV;delete $ENV{q{DEFINED}}"

Segmentation fault (core dumped)

Process terminating with default action of signal 11 (SIGSEGV)​: dumping core

Invalid read of size 8
unsetenv (setenv.c​:295)
by Perl_magic_clearenv

I'm unable to reproduce this, either on blead, nor with a 5.12.1
configured as close as possible to the OPs. Can anyone else do better?

Here's my config​:

Summary of my perl5 (revision 5 version 12 subversion 1) configuration​:
 
  Platform​:
  osname=linux, osvers=2.6.18-194.3.1.el5, archname=x86_64-linux-thread-multi
  uname='linux ngbuilda01 2.6.18-194.3.1.el5 #1 smp sun may 2 04​:17​:42 edt 2010 x86_64 x86_64 x86_64 gnulinux '
  config_args='-des -Dprefix=/home/chammond/perl -Duseshrplib -Dusethreads -Accflags=-DPERL_USE_SAFE_PUTENV'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.3.2 20081105 (Red Hat 4.3.2-14)', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 /usr/local/lib64
  libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
  libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so
  gnulibc_version='2.5'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/home/chammond/perl/lib/5.12.1/x86_64-linux-thread-multi/CORE'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector'

Locally applied patches​:
 

@​INC for perl 5.12.1​:
  /home/chammond/perl/lib/site_perl/5.12.1/x86_64-linux-thread-multi
  /home/chammond/perl/lib/site_perl/5.12.1
  /home/chammond/perl/lib/5.12.1/x86_64-linux-thread-multi
  /home/chammond/perl/lib/5.12.1
  .

Environment for perl 5.12.1​:
  HOME=/home/chammond
  LANG (unset)
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/chammond/perl/bin​:/bin​:/usr/sbin​:/usr/bin​:/usr/local/bin​:/usr/local/sbin
  PERL_BADLANG (unset)
  SHELL=/bin/bash

Summary of my perl5 (revision 5 version 12 subversion 1) configuration​:

Platform​:
osname=linux, osvers=2.6.18-194.3.1.el5, archname=x86_64-linux-thread-multi
uname='linux ngbuilda01 2.6.18-194.3.1.el5 #1 smp sun may 2 04​:17​:42 edt 2010 x86_64 x86_64 x86_64 gnulinux '
config_args='-des -Dprefix=/home/chammond/perl -Duseshrplib -Dusethreads -Accflags=-DPERL_USE_SAFE_PUTENV'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler​:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
ccversion='', gccversion='4.3.2 20081105 (Red Hat 4.3.2-14)', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries​:
ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 /usr/local/lib64
libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so
gnulibc_version='2.5'
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/home/chammond/perl/lib/5.12.1/x86_64-linux-thread-multi/CORE'
cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector'

Locally applied patches​:

---
@​INC for perl 5.12.1​:
/home/chammond/perl/lib/site_perl/5.12.1/x86_64-linux-thread-multi
/home/chammond/perl/lib/site_perl/5.12.1
/home/chammond/perl/lib/5.12.1/x86_64-linux-thread-multi
/home/chammond/perl/lib/5.12.1
.

---
Environment for perl 5.12.1​:
HOME=/home/chammond
LANG (unset)
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/home/chammond/perl/bin​:/bin​:/usr/sbin​:/usr/bin​:/usr/local/bin​:/usr/local/sbin
PERL_BADLANG (unset)
SHELL=/bin/bash

--
Lear​: Dost thou call me fool, boy?
Fool​: All thy other titles thou hast given away; that thou wast born with.

From @doughera88

On Wed, 25 Aug 2010, Dave Mitchell wrote​:

On Mon, Aug 23, 2010 at 02​:08​:21AM -0700, chrishammond@​ymail.com wrote​:

I've got an instance of Perl 5.12.1 which has been compiled using the
PERL_USE_SAFE_PUTENV flag defined, and have noted that it segfaults if
you try to clear a non-existent value from the magic %ENV hash if
local'ed.

Using 5.12.1 compiled with with​:
config_args="-Accflags=-DPERL_USE_SAFE_PUTENV"

perl -e "local %ENV;delete $ENV{q{UNDEFINED}}"
or
DEFINED=YES perl -e "local %ENV;delete $ENV{q{DEFINED}}"

Segmentation fault (core dumped)

Process terminating with default action of signal 11 (SIGSEGV)​: dumping core

Invalid read of size 8
unsetenv (setenv.c​:295)
by Perl_magic_clearenv

I'm unable to reproduce this, either on blead, nor with a 5.12.1
configured as close as possible to the OPs. Can anyone else do better?

I was able to reproduce it on Debian Linux/x86. The 'local' is essential
to producing the crash. I don't know why. I'm hoping that tomorrow I'll
have a chance to examine it further.

myuname='linux xxx 2.6.26-2-686 #1 smp thu aug 19 03​:44​:10 utc 2010 i686 gnulinux '
config_args='-des -Doptimize=-g -Accflags=-DPERL_USE_SAFE_PUTENV'

(gdb) run -e 'local %ENV; delete $ENV{q{UNDEFINED}};'
Starting program​: /dev/shm/perl-5.12.1/perl -e 'local %ENV; delete $ENV{q{UNDEFINED}};'

Program received signal SIGSEGV, Segmentation fault.
0xb75c14bf in unsetenv () from /lib/i686/cmov/libc.so.6
(gdb) where
#0 0xb75c14bf in unsetenv () from /lib/i686/cmov/libc.so.6
#1 0x08140f24 in Perl_my_setenv (nam=0x98056e0 "UNDEFINED", val=0x0) at util.c​:1728
#2 0x08150a95 in Perl_magic_clearenv (sv=0x97fb298, mg=0x9805080) at mg.c​:1194
#3 0x0814b765 in Perl_mg_clear (sv=0x97fb298) at mg.c​:406
#4 0x0816639e in S_hv_delete_common (hv=0x97fb158, keysv=0x98096f0, key=0x980b900 "UNDEFINED", klen=9, k_flags=0,
  d_flags=68, hash=0) at hv.c​:943
#5 0x08164e8c in Perl_hv_common (hv=0x97fb158, keysv=0x98096f0, key=0x980b900 "UNDEFINED", klen=9, flags=0,
  action=68, val=0x0, hash=0) at hv.c​:406
#6 0x0821d390 in Perl_pp_delete () at pp.c​:4876
#7 0x0813a010 in Perl_runops_debug () at dump.c​:2049
#8 0x0808c48d in S_run_body (oldscope=1) at perl.c​:2308
#9 0x0808b96c in perl_run (my_perl=0x97f8008) at perl.c​:2233
#10 0x08062c4b in main (argc=3, argv=0xbf82ad24, env=0xbf82ad34) at perlmain.c​:117

--
  Andy Dougherty doughera@​lafayette.edu

From @doy

I can't reproduce this either. Is this still a problem?

-doy