New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak in Perl_yylex (toke.c:7027) #15829
Comments
From @dur-randirCreated by @dur-randirWhile fuzzing perl v5.25.8-216-gfbceb79751 built with afl and run s//'x' ^ -"s:\347"/eeg to cause a memory leak report under ASAN: ================================================================= Direct leak of 4 byte(s) in 1 object(s) allocated from: SUMMARY: AddressSanitizer: 4 byte(s) leaked in 1 allocation(s). Leaked scalar comes from the following line pl_yylval.pval = savepvn(PL_tokenbuf, len+1); In this case PL_tokenbuf is "Us" and len == 2. Amount of memory leaked s//'x' ^ -"s666666666666666k:\347"/eeg while (1) Perl Info
|
From @tonycozOn Tue, 24 Jan 2017 00:19:10 -0800, randir wrote:
This normally freed by newSTATEOP(), but if the label token happens to have been pushed onto the parser shift-reduce stack and the parser aborts, it leaks. The attached fixes it for me. Tony |
From @tonycoz0001-perl-130632-free-label-pvs-from-the-parser-stack.patchFrom 7cc5dfff56d7dfaac8a7f7cbb6c2ff96f3036eb4 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Tue, 7 Feb 2017 15:08:55 +1100
Subject: (perl #130632) free label pvs from the parser stack
For labels, Perl_yylex() generates a LABEL token, with the label name
stored in the pval slot of the yylval, allocated with savepvn().
In the normal course of parsing this is freed by Perl_newSTATEOP(), but
if parsing is aborted with the label on the parser shift-reduce stack
the memory would leak.
Clean up pval entries on the parse stack when clearing the parser
stack.
---
perly.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/perly.c b/perly.c
index 1c018bb..43cc955 100644
--- a/perly.c
+++ b/perly.c
@@ -232,6 +232,10 @@ S_clear_yystack(pTHX_ const yy_parser *parser)
YYDPRINTF ((Perl_debug_log, "(freeing op)\n"));
op_free(ps->val.opval);
}
+ else if (yy_type_tab[yystos[ps->state]] == toketype_pval
+ && ps->val.pval) {
+ Safefree(ps->val.pval);
+ }
SvREFCNT_dec(ps->compcv);
ps--;
}
--
2.1.4
|
The RT System itself - Status changed from 'new' to 'open' |
From @tonycozOn Tue, 24 Jan 2017 00:19:10 -0800, randir wrote:
This looks like it's fixed, I expect by: commit 0171920 parser: change LABEL type from pval to opval Tony |
From @tonycozOn Tue, 11 Jun 2019 23:21:07 -0700, tonyc wrote:
And so closing. Tony |
@tonycoz - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#130632 (status was 'resolved')
Searchable as RT130632$
The text was updated successfully, but these errors were encountered: