From @nwc10

Created by @nwc10

Perl_new_version() is being caught out by the fact that sv_derived_from()
can return true for a non-object.

$ ./perl -Ilib -e 'version->new("version")'Assertion failed​: (SvTYPE(hv) == SVt_PVHV), function Perl_hv_common, file hv.c, line 352.
Abort trap

Perl_xs_version_bootcheck() has a similar problem​:

$ ./perl -Ilib -e '$​::{"1.11​::"} = $​::{"version​::"}; require Fcntl'
Invalid version object at lib/Fcntl.pm line 66.
Compilation failed in require at -e line 1.

This patch seems to fix the problems above. I'm not sure if it's either
complete or correct.

diff --git a/util.c b/util.c
index 221dee5..882086b 100644
--- a/util.c
+++ b/util.c
@@ -4857,7 +4857,7 @@ Perl_new_version(pTHX_ SV *ver)
     dVAR;
     SV * const rv = newSV(0);
     PERL_ARGS_ASSERT_NEW_VERSION;
-    if ( sv_derived_from(ver,"version") ) /* can just copy directly */
+    if ( SvROK(ver) && sv_derived_from(ver,"version") ) /* can just copy directly */
     {
 	I32 key;
 	AV * const av = newAV();
@@ -6429,7 +6429,7 @@ Perl_xs_version_bootcheck(pTHX_ U32 items, U32 ax, const char *xs_p,
     }
     if (sv) {
 	SV *xssv = Perl_newSVpvn_flags(aTHX_ xs_p, xs_len, SVs_TEMP);
-	SV *pmsv = sv_derived_from(sv, "version")
+	SV *pmsv = SvROK(sv) && sv_derived_from(sv, "version")
 	    ? sv : sv_2mortal(new_version(sv));
 	xssv = upg_version(xssv, 0);
 	if ( vcmp(pmsv,xssv) ) {


Nicholas Clark

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.15.4:

Configured by nick at Mon Oct 31 11:25:06 GMT 2011.

Summary of my perl5 (revision 5 version 15 subversion 4) configuration:
  Commit id: 3ea0c581844689aba7e3d1f0effa285f332662f4
  Platform:
    osname=darwin, osvers=10.8.0, archname=darwin-2level
    uname='darwin mouse-mill.local 10.8.0 darwin kernel version 10.8.0: tue jun 7 16:33:36 pdt 2011; root:xnu-1504.15.3~1release_i386 i386 '
    config_args='-Dusedevel=y -Dcc=ccache gcc -Dld=gcc -Ubincompat5005 -Uinstallusrbinperl -Dcf_email=nick@ccl4.org -Dperladmin=nick@ccl4.org -Dinc_version_list=  -Dinc_version_list_init=0 -Dstatic_ext=Fcntl -DDEBUGGING -Doptimize=-g -Uusethreads -Uuse64bitall -Uuselongdouble -Uusemymalloc -Duseperlio -Dprefix=~/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i -Dinstallman1dir=none -Dinstallman3dir=none -Dusevendorprefix -Dvendorprefix=~/Sandpit/vendor -Uuserelocatableinc -Ud_dosuid -Uuseshrplib -de -Accccflags=-fcatch-undefined-behavior -Accflags=-DNO_MATHOMS -Umad'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='ccache gcc', ccflags ='-fno-common -DPERL_DARWIN -no-cpp-precomp -DNO_MATHOMS -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/opt/local/include',
    optimize='-g',
    cppflags='-no-cpp-precomp -fno-common -DPERL_DARWIN -no-cpp-precomp -DNO_MATHOMS -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/opt/local/include'
    ccversion='', gccversion='4.2.1 (Apple Inc. build 5666) (dot 3)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-protector -L/usr/local/lib -L/opt/local/lib'
    libpth=/usr/local/lib /opt/local/lib /usr/lib
    libs=-lgdbm -ldbm -ldl -lm -lutil -lc
    perllibs=-ldl -lm -lutil -lc
    libc=, so=dylib, useshrplib=false, libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup -L/usr/local/lib -L/opt/local/lib -fstack-protector'

Locally applied patches:
    


@INC for perl 5.15.4:
    lib
    /Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/site_perl/5.15.4/darwin-2level
    /Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/site_perl/5.15.4
    /Users/nick/Sandpit/vendor/lib/perl5/vendor_perl/5.15.4/darwin-2level
    /Users/nick/Sandpit/vendor/lib/perl5/vendor_perl/5.15.4
    /Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/5.15.4/darwin-2level
    /Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/5.15.4
    .


Environment for perl 5.15.4:
    DYLD_LIBRARY_PATH (unset)
    HOME=/Users/nick
    LANG=en_GB.ISO8859-1
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/opt/local/bin:/opt/local/sbin:/Users/nick/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin:/usr/local/sbin:/sbin:/usr/sbin
    PERL_BADLANG (unset)
    SHELL=/bin/bash

From @Hugmeir

On Mon, Oct 31, 2011 at 12​:08 PM, Nicholas Clark
<perlbug-followup@​perl.org>wrote​:

# New Ticket Created by Nicholas Clark
# Please include the string​: [perl #102586]
# in the subject line of all future correspondence about this issue.
# <URL​: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=102586 >

This is a bug report for perl from nick@​ccl4.org,
generated with the help of perlbug 1.39 running under perl 5.15.4.

-----------------------------------------------------------------
[Please describe your issue here]

Perl_new_version() is being caught out by the fact that sv_derived_from()
can return true for a non-object.

$ ./perl -Ilib -e 'version->new("version")'Assertion failed​: (SvTYPE(hv)
== SVt_PVHV), function Perl_hv_common, file hv.c, line 352.
Abort trap

Perl_xs_version_bootcheck() has a similar problem​:

$ ./perl -Ilib -e '$​::{"1.11​::"} = $​::{"version​::"}; require Fcntl'
Invalid version object at lib/Fcntl.pm line 66.
Compilation failed in require at -e line 1.

This patch seems to fix the problems above. I'm not sure if it's either
complete or correct.

diff --git a/util.c b/util.c
index 221dee5..882086b 100644
--- a/util.c
+++ b/util.c
@​@​ -4857,7 +4857,7 @​@​ Perl_new_version(pTHX_ SV *ver)
dVAR;
SV * const rv = newSV(0);
PERL_ARGS_ASSERT_NEW_VERSION;
- if ( sv_derived_from(ver,"version") ) /* can just copy directly */
+ if ( SvROK(ver) && sv_derived_from(ver,"version") ) /* can just copy
directly */
{
I32 key;
AV * const av = newAV();
@​@​ -6429,7 +6429,7 @​@​ Perl_xs_version_bootcheck(pTHX_ U32 items, U32 ax,
const char *xs_p,
}
if (sv) {
SV *xssv = Perl_newSVpvn_flags(aTHX_ xs_p, xs_len, SVs_TEMP);
- SV *pmsv = sv_derived_from(sv, "version")
+ SV *pmsv = SvROK(sv) && sv_derived_from(sv, "version")
? sv : sv_2mortal(new_version(sv));
xssv = upg_version(xssv, 0);
if ( vcmp(pmsv,xssv) ) {

Nicholas Clark

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags​:
category=core
severity=medium
---
Site configuration information for perl 5.15.4​:

Configured by nick at Mon Oct 31 11​:25​:06 GMT 2011.

Summary of my perl5 (revision 5 version 15 subversion 4) configuration​:
Commit id​: 3ea0c58
Platform​:
osname=darwin, osvers=10.8.0, archname=darwin-2level
uname='darwin mouse-mill.local 10.8.0 darwin kernel version 10.8.0​: tue
jun 7 16​:33​:36 pdt 2011; root​:xnu-1504.15.31release_i386 i386 '
config_args='-Dusedevel=y -Dcc=ccache gcc -Dld=gcc -Ubincompat5005
-Uinstallusrbinperl -Dcf_email=nick@​ccl4.org -Dperladmin=nick@​ccl4.org-Dinc_version_list= -Dinc_version_list_init=0 -Dstatic_ext=Fcntl
-DDEBUGGING -Doptimize=-g -Uusethreads -Uuse64bitall -Uuselongdouble
-Uusemymalloc -Duseperlio
-Dprefix=/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i -Dinstallman1dir=none
-Dinstallman3dir=none -Dusevendorprefix -Dvendorprefix=~/Sandpit/vendor
-Uuserelocatableinc -Ud_dosuid -Uuseshrplib -de
-Accccflags=-fcatch-undefined-behavior -Accflags=-DNO_MATHOMS -Umad'
hint=recommended, useposix=true, d_sigaction=define
useithreads=undef, usemultiplicity=undef
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=undef, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler​:
cc='ccache gcc', ccflags ='-fno-common -DPERL_DARWIN -no-cpp-precomp
-DNO_MATHOMS -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/opt/local/include',
optimize='-g',
cppflags='-no-cpp-precomp -fno-common -DPERL_DARWIN -no-cpp-precomp
-DNO_MATHOMS -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector
-I/opt/local/include'
ccversion='', gccversion='4.2.1 (Apple Inc. build 5666) (dot 3)',
gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries​:
ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-protector
-L/usr/local/lib -L/opt/local/lib'
libpth=/usr/local/lib /opt/local/lib /usr/lib
libs=-lgdbm -ldbm -ldl -lm -lutil -lc
perllibs=-ldl -lm -lutil -lc
libc=, so=dylib, useshrplib=false, libperl=libperl.a
gnulibc_version=''
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup
-L/usr/local/lib -L/opt/local/lib -fstack-protector'

Locally applied patches​:

---
@​INC for perl 5.15.4​:
lib

/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/site_perl/5.15.4/darwin-2level

/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/site_perl/5.15.4
/Users/nick/Sandpit/vendor/lib/perl5/vendor_perl/5.15.4/darwin-2level
/Users/nick/Sandpit/vendor/lib/perl5/vendor_perl/5.15.4

/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/5.15.4/darwin-2level
/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i/lib/perl5/5.15.4
.

---
Environment for perl 5.15.4​:
DYLD_LIBRARY_PATH (unset)
HOME=/Users/nick
LANG=en_GB.ISO8859-1
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)

PATH=/opt/local/bin​:/opt/local/sbin​:/Users/nick/bin​:/usr/bin​:/bin​:/usr/sbin​:/sbin​:/usr/local/bin​:/usr/X11/bin​:/usr/local/sbin​:/sbin​:/usr/sbin
PERL_BADLANG (unset)
SHELL=/bin/bash

There's a couple other uses of sv_derived_from that check for version
objects, like line 618 of universal.c. Should those get the added guards
too?

The RT System itself - Status changed from 'new' to 'open'

From @cpansprout

On Mon Oct 31 08​:08​:31 2011, nicholas wrote​:

Perl_new_version() is being caught out by the fact that
sv_derived_from()
can return true for a non-object.

$ ./perl -Ilib -e 'version->new("version")'Assertion failed​:
(SvTYPE(hv) == SVt_PVHV), function Perl_hv_common, file hv.c, line
352.
Abort trap

Perl_xs_version_bootcheck() has a similar problem​:

$ ./perl -Ilib -e '$​::{"1.11​::"} = $​::{"version​::"}; require Fcntl'
Invalid version object at lib/Fcntl.pm line 66.
Compilation failed in require at -e line 1.

This patch seems to fix the problems above. I'm not sure if it's
either
complete or correct.

You probably suspected I would come up with this​:

sub TIESCALAR { bless[] }
sub FETCH { "version" }
sub STORE{}
tie my $v, "";
$v = $^V;
version->new($v);

See also Brian Fraser’s response.

diff --git a/util.c b/util.c
index 221dee5..882086b 100644
--- a/util.c
+++ b/util.c
@​@​ -4857,7 +4857,7 @​@​ Perl_new_version(pTHX_ SV *ver)
dVAR;
SV * const rv = newSV(0);
PERL_ARGS_ASSERT_NEW_VERSION;
- if ( sv_derived_from(ver,"version") ) /* can just copy directly
*/
+ if ( SvROK(ver) && sv_derived_from(ver,"version") ) /* can just
copy directly */
{
I32 key;
AV * const av = newAV();
@​@​ -6429,7 +6429,7 @​@​ Perl_xs_version_bootcheck(pTHX_ U32 items, U32
ax, const char *xs_p,
}
if (sv) {
SV *xssv = Perl_newSVpvn_flags(aTHX_ xs_p, xs_len, SVs_TEMP);
- SV *pmsv = sv_derived_from(sv, "version")
+ SV *pmsv = SvROK(sv) && sv_derived_from(sv, "version")
? sv : sv_2mortal(new_version(sv));
xssv = upg_version(xssv, 0);
if ( vcmp(pmsv,xssv) ) {

Nicholas Clark

[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags​:
category=core
severity=medium
---
Site configuration information for perl 5.15.4​:

Configured by nick at Mon Oct 31 11​:25​:06 GMT 2011.

Summary of my perl5 (revision 5 version 15 subversion 4)
configuration​:
Commit id​: 3ea0c58
Platform​:
osname=darwin, osvers=10.8.0, archname=darwin-2level
uname='darwin mouse-mill.local 10.8.0 darwin kernel version
10.8.0​: tue jun 7 16​:33​:36 pdt 2011; root​:xnu-
1504.15.31release_i386 i386 '
config_args='-Dusedevel=y -Dcc=ccache gcc -Dld=gcc -Ubincompat5005
-Uinstallusrbinperl -Dcf_email=nick@​ccl4.org
-Dperladmin=nick@​ccl4.org -Dinc_version_list=
-Dinc_version_list_init=0 -Dstatic_ext=Fcntl -DDEBUGGING
-Doptimize=-g -Uusethreads -Uuse64bitall -Uuselongdouble
-Uusemymalloc -Duseperlio
-Dprefix=/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-i
-Dinstallman1dir=none -Dinstallman3dir=none -Dusevendorprefix
-Dvendorprefix=~/Sandpit/vendor -Uuserelocatableinc -Ud_dosuid
-Uuseshrplib -de -Accccflags=-fcatch-undefined-behavior
-Accflags=-DNO_MATHOMS -Umad'
hint=recommended, useposix=true, d_sigaction=define
useithreads=undef, usemultiplicity=undef
useperlio=define, d_sfio=undef, uselargefiles=define,
usesocks=undef
use64bitint=define, use64bitall=undef, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler​:
cc='ccache gcc', ccflags ='-fno-common -DPERL_DARWIN
-no-cpp-precomp -DNO_MATHOMS -DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector -I/opt/local/include',
optimize='-g',
cppflags='-no-cpp-precomp -fno-common -DPERL_DARWIN
-no-cpp-precomp -DNO_MATHOMS -DDEBUGGING -fno-strict-aliasing -pipe
-fstack-protector -I/opt/local/include'
ccversion='', gccversion='4.2.1 (Apple Inc. build 5666) (dot 3)',
gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define,
longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries​:
ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags ='
-fstack-protector -L/usr/local/lib -L/opt/local/lib'
libpth=/usr/local/lib /opt/local/lib /usr/lib
libs=-lgdbm -ldbm -ldl -lm -lutil -lc
perllibs=-ldl -lm -lutil -lc
libc=, so=dylib, useshrplib=false, libperl=libperl.a
gnulibc_version=''
Dynamic Linking​:
dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup
-L/usr/local/lib -L/opt/local/lib -fstack-protector'

Locally applied patches​:

---
@​INC for perl 5.15.4​:
lib
/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-
i/lib/perl5/site_perl/5.15.4/darwin-2level
/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-
i/lib/perl5/site_perl/5.15.4
/Users/nick/Sandpit/vendor/lib/perl5/vendor_perl/5.15.4/darwin-
2level
/Users/nick/Sandpit/vendor/lib/perl5/vendor_perl/5.15.4
/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-
i/lib/perl5/5.15.4/darwin-2level
/Users/nick/Sandpit/snap5.9.x-v5.15.4-107-ga1da11a-
i/lib/perl5/5.15.4
.

---
Environment for perl 5.15.4​:
DYLD_LIBRARY_PATH (unset)
HOME=/Users/nick
LANG=en_GB.ISO8859-1
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)

PATH=/opt/local/bin​:/opt/local/sbin​:/Users/nick/bin​:/usr/bin​:/bin​:/usr/sbin​:/sbin​:/usr/local/bin​:/usr/X11/bin​:/usr/local/sbin​:/sbin​:/usr/sbin

PERL\_BADLANG \(unset\)
SHELL=/bin/bash

--

Father Chrysostomos

From @nwc10

On Mon, Oct 31, 2011 at 12​:17​:08PM -0300, Brian Fraser wrote​:

On Mon, Oct 31, 2011 at 12​:08 PM, Nicholas Clark

This patch seems to fix the problems above. I'm not sure if it's either
complete or correct.

There's a couple other uses of sv_derived_from that check for version
objects, like line 618 of universal.c. Should those get the added guards
too?

I don't know. I felt I'd already been distracted too much by this bug by
the time I sent the bug report, and stopped looking.

At least 2 other people are far more familiar with the internals of this
code - I was hoping that they'd immediately know the answer.

You probably suspected I would come up with this​:

sub TIESCALAR { bless[] }
sub FETCH { "version" }
sub STORE{}
tie my $v, "";
$v = $^V;
version->new($v);

No, I didn't suspect anything. I decided that I couldn't actually fix the
problem, so logged everything I had to an RT ticket and got back to what I
was actually trying to do.

Nicholas Clark

From @cpansprout

On Thu Nov 03 07​:48​:29 2011, nicholas wrote​:

No, I didn't suspect anything. I decided that I couldn't actually fix the
problem, so logged everything I had to an RT ticket and got back to what I
was actually trying to do.

That sounds familiar, except I usually put a few notes in a text file
with the intention of fixing or reporting it later. Now I have about 35
unreported bugs. Hmmm....

--

Father Chrysostomos

From @nwc10

On Thu, Nov 03, 2011 at 08​:17​:41AM -0700, Father Chrysostomos via RT wrote​:

On Thu Nov 03 07​:48​:29 2011, nicholas wrote​:

No, I didn't suspect anything. I decided that I couldn't actually fix the
problem, so logged everything I had to an RT ticket and got back to what I
was actually trying to do.

That sounds familiar, except I usually put a few notes in a text file
with the intention of fixing or reporting it later. Now I have about 35
unreported bugs. Hmmm....

You'd wipe the floor on the "open bug" stats if you do report all of those.
Zefram and I will never catch up.

Nicholas Clark

From @xdg

On Mon, Oct 31, 2011 at 11​:17 AM, Brian Fraser <fraserbn@​gmail.com> wrote​:

There's a couple other uses of sv_derived_from that check for version
objects, like line 618 of universal.c. Should those get the added guards
too?

Yes.

Or maybe we need a "sv_obj_isa" function/macro to encapsulate the concept.

Nicholas -- I believe the patch is correct enough, though a segfault
is still possible if someone creates a bogus object and blesses it to
'version' or a subclass thereof.

-- David

From @JohnPeacock

On 11/03/2011 12​:08 PM, David Golden wrote​:

On Mon, Oct 31, 2011 at 11​:17 AM, Brian Fraser<fraserbn@​gmail.com> wrote​:

There's a couple other uses of sv_derived_from that check for version
objects, like line 618 of universal.c. Should those get the added guards
too?

Yes.

Or maybe we need a "sv_obj_isa" function/macro to encapsulate the concept.

Sorry I took so long to respond to this. Yes, I think sv_obj_isa would
be the right way to go with this. I actually added this to the CPAN
version.pm distro​:

#define ISA_VERSION_OBJ(v,c) (SvROK(v) && sv_derived_from(v,c))

though there is nothing about that define that is specific to version
objects.

Nicholas -- I believe the patch is correct enough, though a segfault
is still possible if someone creates a bogus object and blesses it to
'version' or a subclass thereof.

There is already a vverify() routine, which should protect the vast
majority of the possible problems with bogus objects.

John

From @cpansprout

On Sat Nov 12 05​:16​:34 2011, john.peacock@​havurah-software.org wrote​:

On 11/03/2011 12​:08 PM, David Golden wrote​:

On Mon, Oct 31, 2011 at 11​:17 AM, Brian Fraser<fraserbn@​gmail.com>
wrote​:

There's a couple other uses of sv_derived_from that check for version
objects, like line 618 of universal.c. Should those get the added
guards
too?

Yes.

Or maybe we need a "sv_obj_isa" function/macro to encapsulate the
concept.

Sorry I took so long to respond to this. Yes, I think sv_obj_isa would
be the right way to go with this. I actually added this to the CPAN
version.pm distro​:

#define ISA_VERSION_OBJ(v,c) (SvROK(v) && sv_derived_from(v,c))

That will still crash on a tied variable returning the string "version",
which variable happens to be ROK before the FETCH.

sv_derived_from in core is now a wrapper around
Perl_sv_derived_from_pvn, which has a flags parameter. I would suggest
we pass a flag (SVs_OBJECT perhaps?), at least till we decide whether
sv_obj_isa is a good name, to tell sv_derived_from_pvn to make sure it
is an object after calling SvGETMAGIC.

Then sv_obj_isa can be made a wrapper around sv_derived_from_pvn that
passes the flag. But should it be called sv_obj_isa? If we already
have _derived_from in core, why not sv_obj_derived_from? Or why not
just let callers pass the flag? (Probably because it would discourage a
good practice, I suppose.)

though there is nothing about that define that is specific to version
objects.

Nicholas -- I believe the patch is correct enough, though a segfault
is still possible if someone creates a bogus object and blesses it to
'version' or a subclass thereof.

There is already a vverify() routine, which should protect the vast
majority of the possible problems with bogus objects.

John

--

Father Chrysostomos

From @cpansprout

On Sat Nov 19 11​:30​:11 2011, sprout wrote​:

On Sat Nov 12 05​:16​:34 2011, john.peacock@​havurah-software.org wrote​:

On 11/03/2011 12​:08 PM, David Golden wrote​:

On Mon, Oct 31, 2011 at 11​:17 AM, Brian Fraser<fraserbn@​gmail.com>
wrote​:

There's a couple other uses of sv_derived_from that check for version
objects, like line 618 of universal.c. Should those get the added
guards
too?

Yes.

Or maybe we need a "sv_obj_isa" function/macro to encapsulate the
concept.

Sorry I took so long to respond to this. Yes, I think sv_obj_isa would
be the right way to go with this. I actually added this to the CPAN
version.pm distro​:

#define ISA_VERSION_OBJ(v,c) (SvROK(v) && sv_derived_from(v,c))

That will still crash on a tied variable returning the string "version",
which variable happens to be ROK before the FETCH.

sv_derived_from in core is now a wrapper around
Perl_sv_derived_from_pvn, which has a flags parameter. I would suggest
we pass a flag (SVs_OBJECT perhaps?), at least till we decide whether
sv_obj_isa is a good name, to tell sv_derived_from_pvn to make sure it
is an object after calling SvGETMAGIC.

Then sv_obj_isa can be made a wrapper around sv_derived_from_pvn that
passes the flag. But should it be called sv_obj_isa? If we already
have _derived_from in core, why not sv_obj_derived_from? Or why not
just let callers pass the flag? (Probably because it would discourage a
good practice, I suppose.)

Actually, sv_derived_from does *three* things. isa([], 'ARRAY'),
isa(bless([],"foo"),"foo") and isa("foo","foo").

Just to get this bug patch up, I’ll implement a flags & SVf_ROK check in
sv_derived_from_pvn. We can always change it before 5.16, once we
(i.e., someone other than yours truly) decide what the interface should be.

--

Father Chrysostomos

From @cpansprout

On Sat Nov 19 12​:02​:51 2011, sprout wrote​:

On Sat Nov 19 11​:30​:11 2011, sprout wrote​:

On Sat Nov 12 05​:16​:34 2011, john.peacock@​havurah-software.org wrote​:

On 11/03/2011 12​:08 PM, David Golden wrote​:

On Mon, Oct 31, 2011 at 11​:17 AM, Brian Fraser<fraserbn@​gmail.com>
wrote​:

There's a couple other uses of sv_derived_from that check for
version
objects, like line 618 of universal.c. Should those get the added
guards
too?

Yes.

Or maybe we need a "sv_obj_isa" function/macro to encapsulate the
concept.

Sorry I took so long to respond to this. Yes, I think sv_obj_isa
would
be the right way to go with this. I actually added this to the CPAN
version.pm distro​:

#define ISA_VERSION_OBJ(v,c) (SvROK(v) && sv_derived_from(v,c))

That will still crash on a tied variable returning the string "version",
which variable happens to be ROK before the FETCH.

sv_derived_from in core is now a wrapper around
Perl_sv_derived_from_pvn, which has a flags parameter. I would suggest
we pass a flag (SVs_OBJECT perhaps?), at least till we decide whether
sv_obj_isa is a good name, to tell sv_derived_from_pvn to make sure it
is an object after calling SvGETMAGIC.

Then sv_obj_isa can be made a wrapper around sv_derived_from_pvn that
passes the flag. But should it be called sv_obj_isa? If we already
have _derived_from in core, why not sv_obj_derived_from? Or why not
just let callers pass the flag? (Probably because it would discourage a
good practice, I suppose.)

Actually, sv_derived_from does *three* things. isa([], 'ARRAY'),
isa(bless([],"foo"),"foo") and isa("foo","foo").

Just to get this bug patch up, I’ll implement a flags & SVf_ROK check in
sv_derived_from_pvn. We can always change it before 5.16, once we
(i.e., someone other than yours truly) decide what the interface
should be.

lib/version.t is dual-lived, so where should I put tests?

--

Father Chrysostomos

From @cpansprout

On Sat Nov 19 12​:09​:10 2011, sprout wrote​:

On Sat Nov 19 12​:02​:51 2011, sprout wrote​:

On Sat Nov 19 11​:30​:11 2011, sprout wrote​:

On Sat Nov 12 05​:16​:34 2011, john.peacock@​havurah-software.org wrote​:

On 11/03/2011 12​:08 PM, David Golden wrote​:

On Mon, Oct 31, 2011 at 11​:17 AM, Brian
Fraser<fraserbn@​gmail.com>
wrote​:

There's a couple other uses of sv_derived_from that check for
version
objects, like line 618 of universal.c. Should those get the added
guards
too?

Yes.

Or maybe we need a "sv_obj_isa" function/macro to encapsulate the
concept.

Sorry I took so long to respond to this. Yes, I think sv_obj_isa
would
be the right way to go with this. I actually added this to the
CPAN
version.pm distro​:

#define ISA_VERSION_OBJ(v,c) (SvROK(v) && sv_derived_from(v,c))

That will still crash on a tied variable returning the string
"version",
which variable happens to be ROK before the FETCH.

sv_derived_from in core is now a wrapper around
Perl_sv_derived_from_pvn, which has a flags parameter. I would
suggest
we pass a flag (SVs_OBJECT perhaps?), at least till we decide whether
sv_obj_isa is a good name, to tell sv_derived_from_pvn to make sure it
is an object after calling SvGETMAGIC.

Then sv_obj_isa can be made a wrapper around sv_derived_from_pvn that
passes the flag. But should it be called sv_obj_isa? If we already
have _derived_from in core, why not sv_obj_derived_from? Or why not
just let callers pass the flag? (Probably because it would
discourage a
good practice, I suppose.)

Actually, sv_derived_from does *three* things. isa([], 'ARRAY'),
isa(bless([],"foo"),"foo") and isa("foo","foo").

Just to get this bug patch up, I’ll implement a flags & SVf_ROK check in
sv_derived_from_pvn. We can always change it before 5.16, once we
(i.e., someone other than yours truly) decide what the interface
should be.

lib/version.t is dual-lived, so where should I put tests?

I just went ahead and added tests to lib/version.t. I used the simplest
approach to fix the bug​: Put SvROK after sv_derived_from, which fixes
the crash with tie as well. See commit bc4eb4d.

--

Father Chrysostomos

@cpansprout - Status changed from 'open' to 'resolved'

From @JohnPeacock

On 11/23/2011 12​:36 AM, Father Chrysostomos via RT wrote​:

I just went ahead and added tests to lib/version.t. I used the simplest
approach to fix the bug​: Put SvROK after sv_derived_from, which fixes
the crash with tie as well. See commit bc4eb4d.

Is there some reason you add the SvROK test _after_ sv_derived_from that
I'm not seeing? The SvROK test is very cheap (just look at the SV
flags) and the sv_derived_from could be extremely expensive (for example
in your totally evil tied class).

John

From @JohnPeacock

On 11/23/2011 09​:36 PM, John Peacock wrote​:

Is there some reason you add the SvROK test _after_ sv_derived_from that
I'm not seeing? The SvROK test is very cheap (just look at the SV flags)
and the sv_derived_from could be extremely expensive (for example in
your totally evil tied class).

Ah, never mind. I've read the log message now. ;-)

John

From @JohnPeacock

On 11/23/2011 12​:36 AM, Father Chrysostomos via RT wrote​:

I just went ahead and added tests to lib/version.t. I used the simplest
approach to fix the bug​: Put SvROK after sv_derived_from, which fixes
the crash with tie as well. See commit bc4eb4d.

I'd like to suggest that this is a better solution​:

#define ISA_CLASS_OBJ(v,c) (SvGMAGICAL(v)\
  ? (sv_derived_from(v,c) && SvROK(v)) \
  : (SvROK(v) && sv_derived_from(v,c)))

This will be faster for the majority of the cases and still handle the
evil tied variable class. By making this a macro, we can also make the
somewhat nasty (!this || !that) uses much more readable.

I've also pulled the test case you've added into the version.pm
(somewhat modified so that it is tested for both contructors and with an
inherited class). I'll supply a patch to bleadperl soonish...

Thoughts?

John

From @cpansprout

On Sun Nov 27 16​:43​:49 2011, john.peacock@​havurah-software.org wrote​:

On 11/23/2011 12​:36 AM, Father Chrysostomos via RT wrote​:

I just went ahead and added tests to lib/version.t. I used the simplest
approach to fix the bug​: Put SvROK after sv_derived_from, which fixes
the crash with tie as well. See commit bc4eb4d.

I'd like to suggest that this is a better solution​:

#define ISA_CLASS_OBJ(v,c) (SvGMAGICAL(v)\
? (sv_derived_from(v,c) && SvROK(v)) \
: (SvROK(v) && sv_derived_from(v,c)))

This will be faster for the majority of the cases and still handle the
evil tied variable class. By making this a macro, we can also make the
somewhat nasty (!this || !that) uses much more readable.

I've also pulled the test case you've added into the version.pm
(somewhat modified so that it is tested for both contructors and with an
inherited class). I'll supply a patch to bleadperl soonish...

Thoughts?

John

Sounds good to me.

--

Father Chrysostomos

From @cpansprout

On Thu Nov 03 08​:20​:43 2011, nicholas wrote​:

On Thu, Nov 03, 2011 at 08​:17​:41AM -0700, Father Chrysostomos via RT
wrote​:

On Thu Nov 03 07​:48​:29 2011, nicholas wrote​:

No, I didn't suspect anything. I decided that I couldn't actually
fix the
problem, so logged everything I had to an RT ticket and got back
to what I
was actually trying to do.

That sounds familiar, except I usually put a few notes in a text
file
with the intention of fixing or reporting it later. Now I have
about 35
unreported bugs. Hmmm....

You'd wipe the floor on the "open bug" stats if you do report all of
those.
Zefram and I will never catch up.

Well, I fixed most of them, but more accumulated. So I have just clean
out half of what was left (the ones that need discussion). Now try
catching up. :-)

--

Father Chrysostomos

From @cpansprout

On Sun Dec 11 14​:03​:25 2011, sprout wrote​:

On Thu Nov 03 08​:20​:43 2011, nicholas wrote​:

On Thu, Nov 03, 2011 at 08​:17​:41AM -0700, Father Chrysostomos via RT
wrote​:

On Thu Nov 03 07​:48​:29 2011, nicholas wrote​:

No, I didn't suspect anything. I decided that I couldn't actually
fix the
problem, so logged everything I had to an RT ticket and got back
to what I
was actually trying to do.

That sounds familiar, except I usually put a few notes in a text
file
with the intention of fixing or reporting it later. Now I have
about 35
unreported bugs. Hmmm....

You'd wipe the floor on the "open bug" stats if you do report all of
those.
Zefram and I will never catch up.

Well, I fixed most of them, but more accumulated. So I have just clean
out half of what was left (the ones that need discussion). Now try
catching up. :-)

s/clean/cleaned/, otherwise it’s completely illiterate. Someone once
told me that intelligent people make the most typos, so that’s
comforting. :-)

--

Father Chrysostomos