Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use of freed value in iteration at perlbug line 6 #11287

Open
p5pRT opened this issue Apr 29, 2011 · 4 comments
Open

Use of freed value in iteration at perlbug line 6 #11287

p5pRT opened this issue Apr 29, 2011 · 4 comments

Comments

@p5pRT
Copy link

p5pRT commented Apr 29, 2011

Migrated from rt.perl.org#89548 (status was 'open')

Searchable as RT89548$

@p5pRT
Copy link
Author

p5pRT commented Apr 29, 2011

From perlbug@plan9.de

Created by perlbug@plan9.de

It seems "for" does not keep references to the values it iterates over.

The following script fails with "Use of freed value in iteration at ... line 6"​:

  my $a = my $b = { 1 => 1, 2 => 2 };

  for (values %$a, values %$b) {
  %$b=();
  }

The expected result would be no output (and 4 iterations).

This is especially problematic as for cannot even detect this case
reliably, causing any amount of corruption.

Perl Info

Flags:
    category=core
    severity=low

Site configuration information for perl 5.12.3:

Configured by Marc Lehmann at Wed Feb 23 06:21:02 CET 2011.

Summary of my perl5 (revision 5 version 12 subversion 3) configuration:
   
  Platform:
    osname=linux, osvers=2.6.32-5-amd64, archname=x86_64-linux
    uname='linux cerebro 2.6.32-5-amd64 #1 smp wed jan 12 03:40:32 utc 2011 x86_64 gnulinux '
    config_args='-Duselargefiles -Duse64bitint -Dusemymalloc=n -Dstatic_ext=Fcntl -Dcc=gcc -Dccflags=-DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=16376 -USITEARCH_EXP -USITELIB_EXP -UARCHLIB_EXP -D_GNU_SOURCE  -I/opt/include -ggdb -gdwarf-2 -g3 -Doptimize=-O6 -fno-strict-aliasing -Dcccdlflags=-fPIC -Dldflags=-L/opt/perl/lib -L/opt/lib -Dlibs=-ldl -lm -lcrypt -lgdbm -Dprefix=/opt/perl -Dprivlib=/opt/perl/lib/perl5 -Darchlib=/opt/perl/lib/perl5 -Uusevendorprefix -Dsiteprefix=/opt/perl -Dsitelib=/opt/perl/lib/perl5 -Dsitearch=/opt/perl/lib/perl5 -Dsitebin=/opt/perl/bin -Dman1dir=/opt/perl/man/man1 -Dman3dir=/opt/perl/man/man3 -Dsiteman1dir=/opt/perl/man/man1 -Dsiteman3dir=/opt/perl/man/man3 -Dman1ext=1 -Dman3ext=3 -Dpager=/usr/bin/less -Uafs -Uusesfio -Uusenm -Uuseshrplib -Ud_dosuid -Dusethreads=undef -Duse5005threads=undef -Duseithreads=undef -Dusemultiplicity=undef -Demail=perl-binary@plan9.de -Dcf_email=perl-binary@plan9.de -Dcf_by=Marc Lehmann -Dlocincpth=/opt/perl/include /opt/include -Dmyhostname=localhost -Dmultiarch=undef -Dbin=/opt/perl/bin -Dxxxusedevel -DxxxDEBUGGING -Dxxxuse_debugging_perl -Dxxxuse_debugmalloc -dEs'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=16376 -USITEARCH_EXP -USITELIB_EXP -UARCHLIB_EXP -D_GNU_SOURCE -I/opt/include -ggdb -gdwarf-2 -g3 -fno-strict-aliasing -pipe -I/opt/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O6 -fno-strict-aliasing',
    cppflags='-DPERL_DISABLE_PMC -DPERL_ARENA_SIZE=16376 -USITEARCH_EXP -USITELIB_EXP -UARCHLIB_EXP -D_GNU_SOURCE -I/opt/include -ggdb -gdwarf-2 -g3 -fno-strict-aliasing -pipe -I/opt/include'
    ccversion='', gccversion='4.4.5', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags ='-L/opt/perl/lib -L/opt/lib -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
    libs=-ldl -lm -lcrypt -lgdbm
    perllibs=-ldl -lm -lcrypt
    libc=/lib/libc-2.11.2.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.11.2'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O6 -fno-strict-aliasing -L/opt/perl/lib -L/opt/lib -L/usr/local/lib'

Locally applied patches:
    


@INC for perl 5.12.3:
    /root/src/sex
    /opt/perl/lib/perl5
    /opt/perl/lib/perl5
    .


Environment for perl 5.12.3:
    HOME=/root
    LANG (unset)
    LANGUAGE (unset)
    LC_CTYPE=en_US.UTF-8
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/root/s2:/root/s:/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11/bin:/usr/games:/usr/local/bin:/usr/local/sbin:/root/pserv:.
    PERL5LIB=/root/src/sex
    PERL5_CPANPLUS_CONFIG=/root/.cpanplus/config
    PERLDB_OPTS=ornaments=0
    PERL_ANYEVENT_DBI_TESTS=1
    PERL_ANYEVENT_EDNS0=1
    PERL_ANYEVENT_NET_TESTS=1
    PERL_ANYEVENT_PROTOCOLS=ipv4,ipv6
    PERL_ANYEVENT_STRICT=1
    PERL_BADLANG (unset)
    PERL_UNICODE=E
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Apr 29, 2011

From @Abigail

On Fri, Apr 29, 2011 at 02​:21​:40AM -0700, perlbug@​plan9.de wrote​:

# New Ticket Created by perlbug@​plan9.de
# Please include the string​: [perl #89548]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=89548 >

This is a bug report for perl from perlbug@​plan9.de,
generated with the help of perlbug 1.39 running under perl 5.12.3.

-----------------------------------------------------------------
[Please describe your issue here]

It seems "for" does not keep references to the values it iterates over.

The following script fails with "Use of freed value in iteration at ... line 6"​:

my $a = my $b = { 1 => 1, 2 => 2 };

for (values %$a, values %$b) {
%$b=();
}

The expected result would be no output (and 4 iterations).

This is especially problematic as for cannot even detect this case
reliably, causing any amount of corruption.

The values entry in perlfunc says that values returned by C<< values >>
aren't copied; you get aliases. Considering that you wipe out %$b before
it's going to iterate over its values, bad things are bound to happen.

A work-around​:

  for (@​{[values %$a, values %$b]}) {
  %$b=();
  }

which forces copying the values.

Abigail

@p5pRT
Copy link
Author

p5pRT commented Apr 29, 2011

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Apr 29, 2011

From @Leont

On Fri, Apr 29, 2011 at 12​:41 PM, Abigail <abigail@​abigail.be> wrote​:

The values entry in perlfunc says that values returned by C<< values >>
aren't copied; you get aliases. Considering that you wipe out %$b before
it's going to iterate over its values, bad things are bound to happen.

The real issue it not that the values are aliases, but that the stack
isn't refcounted. If it was the aliases would survive until the end of
the loop.

Leon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants