New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attempt to free unreferenced scalar #6854
Comments
From perl-5.8.0@ton.iguana.beCreated by perl-5.8.0@ton.iguana.beperl -e 'map eval"exit",1 for 1' (In more complex cases this actually causes segmentation faults) Perl Info
|
From @schwernOn Mon, Oct 20, 2003 at 12:59:16PM -0000, perl-5.8.0@ton.iguana.be (via RT) wrote:
Still exists in 5.8.1. -- |
From perl-bug@ton.iguana.be
I seem to keep running into what looks like variations of this bug. perl -e 'my @foo=1..2; for(1) { () = map z(), @foo }' So it seems that a non-local exit out of the map inside for triggers it. I did a bit more internals tracking here, and the unreferenced scalar A traceback at that moment when i was triggering it in another program The av on frame 1 is @foo. |
From @salvathis bug still exists on perl 4.8.4 yet another way to trigger it: for (1) { map { die } 2 } or inside an eval block: eval { for (1) { map { die } 2 } }; cheers. |
From @salvaI have been looking at this bug and I know why it's happening: $ ./miniperl -Dlt -e 'for (125) { map { exit } (213)}' ... EXECUTING... (-e:0) Entering new RUNOPS level (-e:1) ENTER scope 3 at pp_ctl.c:1805 (-e:1) iter (-e:1) and (-e:1) exit Leaving block 0, type BLOCK (-e:0) popping jumplevel was bffff950, now 817d700 Attempt to free unreferenced scalar: SV 0x8190428 = IV(213) |
From chris@heathens.co.nzI have been looking at this off and on over the past couple of months I have attached a patch that appears to work, and I'll try to explain my First, some more test cases: perl -e 'map die,4 for 3' There are two underlying issues, which contribute to this bug: * map, grep, sort, and possibly others, automatically localize certain * when unwinding due to an exception, there are two stacks (context Now for a perfectly good (non-buggy) example, to show how... umm... odd For ease of later reference, I have labeled each SV that $_ points to. $ perl -Dlt -e 'for (3) {local $_=4;die}' (-e:0) enter (-e:0) ENTER scope 2 at pp_hot.c:1701 (-e:1) ENTER scope 3 at pp_ctl.c:1682 (-e:1) and (-e:1) sassign Leaving block 0, type BLOCK (-e:0) Setting up jumplevel bfd489e0, was 830319c In summary, there are no leaks in this example. Every variable's Even if I didn't know about the buggy test cases, I would still call Now for the buggy case. For brevity, I'll only give the summary of what $ perl -e 'grep die,4 for 3' Summary: SV3: NOT incremented by grep, i.e. when in scope 2. Because grep doesn't increment the refcount of $_ as it traverses So, I thought, the obvious solution is to make POPLOOP not modify the That's why my patch keeps the old behavior when SvPADMY(itervar) is |
From chris@heathens.co.nzfor.patch--- cop.h.orig 2005-09-24 11:15:09.000000000 -0400
+++ cop.h 2005-11-06 11:30:59.000000000 -0500
@@ -407,9 +407,14 @@
#define POPLOOP(cx) \
SvREFCNT_dec(cx->blk_loop.iterlval); \
if (CxITERVAR(cx)) { \
- SV **s_v_p = CxITERVAR(cx); \
- sv_2mortal(*s_v_p); \
- *s_v_p = cx->blk_loop.itersave; \
+ if (SvPADMY(cx->blk_loop.itersave)) { \
+ SV **s_v_p = CxITERVAR(cx); \
+ sv_2mortal(*s_v_p); \
+ *s_v_p = cx->blk_loop.itersave; \
+ } \
+ else { \
+ SvREFCNT_dec(cx->blk_loop.itersave); \
+ } \
} \
if (cx->blk_loop.iterary && cx->blk_loop.iterary != PL_curstack)\
SvREFCNT_dec(cx->blk_loop.iterary);
|
From @rgsChris Heath via RT wrote:
Thanks, your patch applied as change #26027 to bleadperl. |
@rgs - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#24254 (status was 'resolved')
Searchable as RT24254$
The text was updated successfully, but these errors were encountered: