New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hint-hash copying can leak #11822
Comments
From @cpansproutIf the hint hash is tied and a tie method dies, this variable in hv_copy_hints_hv can leak: HV * The obvious patch, below, would break namespace::clean and B::Hooks::EndOfScope. Would wrapping the contents of this function in ENTER/LEAVE work? Inline Patchdiff --git a/hv.c b/hv.c
index 1c5e6bc..0e6ed00 100644
--- a/hv.c
+++ b/hv.c
@@ -1448,7 +1448,7 @@ added to it. A pointer to the new hash is returned.
HV *
Perl_hv_copy_hints_hv(pTHX_ HV *const ohv)
{
- HV * const hv = newHV();
+ HV * const hv = SvREFCNT_inc_NN(sv_2mortal(newHV()));
if (ohv) {
STRLEN hv_max = HvMAX(ohv);
---
Site configuration information for perl 5.15.5: Configured by sprout at Sun Dec 18 11:26:14 PST 2011. Summary of my perl5 (revision 5 version 15 subversion 5) configuration: Locally applied patches: @INC for perl 5.15.5: Environment for perl 5.15.5: |
From zefram@fysh.orgFather Chrysostomos wrote:
Wrong stack. You'd also need some SAVETMPS/FREETMPS, to go with HV *hv; -zefram |
The RT System itself - Status changed from 'new' to 'open' |
From @cpansproutOn Tue Jan 03 04:23:38 2012, zefram@fysh.org wrote:
This little snippet (add it to t/op/svleak.t) shows that the number of # [perl #107000] warn sv_count; This patch only reduces the number to 3, so we have other things Inline Patchdiff --git a/hv.c b/hv.c
index 9c5670b..16bc536 100644
--- a/hv.c
+++ b/hv.c
@@ -1459,6 +1459,9 @@ Perl_hv_copy_hints_hv(pTHX_ HV *const ohv)
const I32 riter = HvRITER_get(ohv);
HE * const eiter = HvEITER_get(ohv);
+ ENTER;
+ SAVEFREESV(hv);
+
while (hv_max && hv_max + 1 >= hv_fill * 2)
hv_max = hv_max / 2;
HvMAX(hv) = hv_max;
@@ -1480,6 +1483,9 @@ Perl_hv_copy_hints_hv(pTHX_ HV *const ohv)
}
HvRITER_set(ohv, riter);
HvEITER_set(ohv, eiter);
+
+ SvREFCNT_inc_simple_void_NN(hv);
+ LEAVE;
}
hv_magic(hv, NULL, PERL_MAGIC_hints);
return hv;
-- Father Chrysostomos |
From [Unknown Contact. See original ticket]On Tue Jan 03 04:23:38 2012, zefram@fysh.org wrote:
This little snippet (add it to t/op/svleak.t) shows that the number of # [perl #107000] warn sv_count; This patch only reduces the number to 3, so we have other things Inline Patchdiff --git a/hv.c b/hv.c
index 9c5670b..16bc536 100644
--- a/hv.c
+++ b/hv.c
@@ -1459,6 +1459,9 @@ Perl_hv_copy_hints_hv(pTHX_ HV *const ohv)
const I32 riter = HvRITER_get(ohv);
HE * const eiter = HvEITER_get(ohv);
+ ENTER;
+ SAVEFREESV(hv);
+
while (hv_max && hv_max + 1 >= hv_fill * 2)
hv_max = hv_max / 2;
HvMAX(hv) = hv_max;
@@ -1480,6 +1483,9 @@ Perl_hv_copy_hints_hv(pTHX_ HV *const ohv)
}
HvRITER_set(ohv, riter);
HvEITER_set(ohv, eiter);
+
+ SvREFCNT_inc_simple_void_NN(hv);
+ LEAVE;
}
hv_magic(hv, NULL, PERL_MAGIC_hints);
return hv;
-- Father Chrysostomos |
From @iabynOn Wed, Jan 04, 2012 at 11:14:30PM -0800, Father Chrysostomos via RT wrote:
failed evals are known to leak OPs during compilation (and this is hard to -- |
From @nwc10On Sun, Jan 08, 2012 at 04:02:57PM +0000, Dave Mitchell wrote:
I had a hunch that an approach that might work to fix this is to a: always use the slab allocator code for OPs but (b) might increase memory use (ends of partial slabs) and (c) might require *removing* current checks which attempt to free OPs It strikes me as a big project. Nicholas Clark * Which is also problematic, because some NULL OPs are still needed. IIRC |
From zefram@fysh.orgNicholas Clark wrote:
You'd need to cope with op freeing more generally anyway: it's a normal
No, the line numbers come from PL_curcop, which is set by pp_nextstate. -zefram |
From @nwc10On Mon, Jan 09, 2012 at 05:35:53PM +0000, Zefram wrote:
Not thought of fragmentation within the slab. It's going to have the same What I was thinking was a: OPs are in stabs. In some way that makes it possible to walk the slab That way, unchained OPs that got lost by a compilation exception (which I
I may have misremembered the details, but this bit of evil is live in /* If the OP_NEXTSTATE has been optimised away we can still use it if (kid->op_type == OP_NULL && kid->op_targ == OP_NEXTSTATE) /* Keep searching, and return when we've found something. */ and IIRC take it out, and tests fail. Nicholas Clark |
From @pjcjOn Mon, Jan 09, 2012 at 05:42:55PM +0000, Nicholas Clark wrote:
Now I'm not sure whether to feel proud or to slink off quietly into the This particular bit of evil is a little over 11 years old and stems from The tests that should fail are those four added in the patch, but it's You're correct that looking at ostensibly dead data structures to get If we went back to the way the line numbers were reported 11 years ago -- |
From @rurbanOn Mon, Jan 9, 2012 at 2:13 PM, Paul Johnson <paul@pjcj.net> wrote:
Dropping the nullified ex-cops at all will be easy with my In my tree just the cop search in case of warnings were the line |
From @timbunceOn Mon, Jan 09, 2012 at 09:13:33PM +0100, Paul Johnson wrote:
The NYTProf statement profiler depends on the same logic.
Ditto.
And wrongly apportioned profile time. Tim. |
From @cpansproutOn Mon Jan 09 12:14:15 2012, paul@pjcj.net wrote:
Now we just need to propagate those same line numbers into caller -- Father Chrysostomos |
From [Unknown Contact. See original ticket]On Mon Jan 09 12:14:15 2012, paul@pjcj.net wrote:
Now we just need to propagate those same line numbers into caller -- Father Chrysostomos |
From @cpansproutOn Mon Jan 09 09:31:19 2012, nicholas wrote:
I had forgotten about this proposal when I started writing a slab When I first read it, it wast mostly jargon and I didn’t understand it. Now that I read it again, I realise I have reinvented it quite closely.
I started with the existing slab allocator but found myself rewriting it
Each op slab is attached to PL_compcv and has an opslab_next pointer,
cv_undef now does that if the CvSLABBED flag is set, but not CvROOT.
This I partially solved by making the first slab quite small (about
Ops on slabs are now marked as being freed (op_type == OP_FREED). After
Not as big as the re-eval rewrite. :-) -- Father Chrysostomos |
From [Unknown Contact. See original ticket]On Mon Jan 09 09:31:19 2012, nicholas wrote:
I had forgotten about this proposal when I started writing a slab When I first read it, it wast mostly jargon and I didn’t understand it. Now that I read it again, I realise I have reinvented it quite closely.
I started with the existing slab allocator but found myself rewriting it
Each op slab is attached to PL_compcv and has an opslab_next pointer,
cv_undef now does that if the CvSLABBED flag is set, but not CvROOT.
This I partially solved by making the first slab quite small (about
Ops on slabs are now marked as being freed (op_type == OP_FREED). After
Not as big as the re-eval rewrite. :-) -- Father Chrysostomos |
From @cpansproutOn Sun Jan 08 08:03:21 2012, davem wrote:
I had a go at it again, but I am running into problems with newSVsv. There are probably many uses of newSVsv that suffer from this. Is the solution to add newSVsv_flags that takes the SVs_TEMP flag? -- Father Chrysostomos "${;s/.*/Just an"; |
From @cpansproutOn Sun Sep 23 06:55:05 2012, sprout wrote:
No. Only a moron would suggest that. The solution is obviously to make This, and hint-hash leaking in general (the subject of this ticket), are -- Father Chrysostomos |
@cpansprout - Status changed from 'open' to 'resolved' |
From @ppisarOn 2012-09-24, Father Chrysostomos via RT <perlbug-followup@perl.org> wrote:
Really? I've just compiled the blead and the test fails. The same happens -- Petr |
From @cpansproutOn Mon Sep 24 05:09:58 2012, ppisar wrote:
I tested it with threads+mad and with neither. What configuration are -- Father Chrysostomos |
From [Unknown Contact. See original ticket]On Mon Sep 24 05:09:58 2012, ppisar wrote:
I tested it with threads+mad and with neither. What configuration are -- Father Chrysostomos |
From @ppisarOn 2012-09-24, Father Chrysostomos via RT <perlbug-comment@perl.org>
I pruned git working directory and rebuilt blead again. Now the test The perl-5.16.1 flaw turned out another patch So current code is Ok. -- Petr |
Migrated from rt.perl.org#107000 (status was 'resolved')
Searchable as RT107000$
The text was updated successfully, but these errors were encountered: