New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
COW bug in :encoding layer #16408
Comments
From @paliFollowing code modifies variable $valid: use strict; my $valid = "\x61\x00\x00\x00"; Output is: $VAR1 = 'a'; This is perl 5, version 24, subversion 1 (v5.24.1) built for x86_64-linux-gnu-thread-multi |
From @tonycozOn Thu, 08 Feb 2018 12:16:59 -0800, pali@cpan.org wrote:
This appears to be a bug in Unicode::decode() - it's modifying a buffer that doesn't belong to it (SvLEN() for the SV is zero). Adding a call to SvGROW() fixes it: Inline Patchdiff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
index b3b1d2fea8..2a5c647625 100644
--- a/cpan/Encode/Unicode/Unicode.xs
+++ b/cpan/Encode/Unicode/Unicode.xs
@@ -328,6 +328,7 @@ CODE:
}
}
if (check && !(check & ENCODE_LEAVE_SRC)) {
+ SvGROW(str, 1+e-s);
if (s < e) {
Move(s,SvPVX(str),e-s,U8);
SvCUR_set(str,(e-s));
/* Create a "dummy" SV to represent the available data from layer below */ since SvPVX(sv) might not point to the beginning of the allocated block with an SvOOK() SV. Tony |
The RT System itself - Status changed from 'new' to 'open' |
From @paliOn Sunday 11 February 2018 23:11:26 Tony Cook via RT wrote:
But Unicode::decode() calls SvPV_force_nomg(). Is not this enough? And
|
From @tonycozOn Mon, 12 Feb 2018 01:02:37 -0800, pali@cpan.org wrote:
I was surprised that it didn't, but it doesn't. It's possible I'm wrong in saying Encode is doing the wrong thing here. SvGROW() (or sv_chop()) will allocate a new buffer and copy the from the original buffer into a new string, which belongs to the SV (rather than the SvLEN()== 0 meaning it belongs to something else). Tony |
From @paliOn Monday 12 February 2018 15:21:31 Tony Cook via RT wrote:
Anyway, exactly same pattern of code is in UTF-8 decoder (in Encode.xs) |
From @iabynOn Tue, Feb 13, 2018 at 09:21:03AM +0100, pali@cpan.org wrote:
SvLEN() is set to zero here in ext/PerlIO-encoding/encoding.xs: SvPV_set(e->dataSV, (char *) ptr); I'm not completely sure how core and other XS code should handle Clearly if code *was* to GROW such an SV, then at a minimum, the previous So I have a vague felling that Enocde is ok, and that the real bug is in But I haven't looked very closely at the whole system. -- |
From zefram@fysh.org
Actually you don't need to see the modification of $valid to see that -zefram |
From @jkeenanOn Thu, 15 Feb 2018 20:02:17 GMT, zefram@fysh.org wrote:
I.e., with the attachment: ##### |
From @tonycozOn Thu, Feb 15, 2018 at 08:01:48PM +0000, Zefram wrote:
The issue is where the bug is. PerlIO::encoding creates a SvLEN()==0 variable and passes it to Is passing the len==0 SV through to Encode the error? Or should SvPV_force/sv_force_normal remove len == 0 from the SV? Or should Encode be doing something to prevent the problem? (SvGROW Tony |
From zefram@fysh.orgDave Mitchell wrote:
To be precise: is it legitimate for an SV to have SvLEN==0 without also It appears to me that SvPV_force*() are intended to leave the scalar If SvLEN==0 with !SvREADONLY is legitimate, then SvPV_force*() need to Do we have other cases of SvLEN==0 with !SvREADONLY? If not, I'd Meanwhile, PerlIO::encoding should be setting the flags differently on -zefram |
From @LeontOn Fri, Feb 16, 2018 at 12:38 AM, Zefram <zefram@fysh.org> wrote:
In File::Map I use such strings, and writing operations work fine on
The code is depending on Encode modifying dataSV.
IME it's generally a safe bet that PerlIO::encoding is doing the Leon |
From zefram@fysh.orgLeon Timmermans wrote:
Ah, thanks. I hadn't thought about the writability of the unowned FWIW, the File::Map usage seems dubious, because SV-related functions -zefram |
From @LeontOn Fri, Feb 16, 2018 at 6:25 PM, Zefram <zefram@fysh.org> wrote:
The main innovation of File::Map over previous modules like Sys::Mmap Leon |
@tonycoz - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release yesterday of Perl 5.28.0, this and 185 other issues have been Perl 5.28.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#132833 (status was 'resolved')
Searchable as RT132833$
The text was updated successfully, but these errors were encountered: