Double localization of overload's ::() causes segmentation fault #12112

p5pRT · 2012-05-17T10:11:09Z

Migrated from rt.perl.org#112966 (status was 'resolved')

Searchable as RT112966$

p5pRT · 2012-05-17T10:11:10Z

From @moonlibs

Created by @moonlibs

===============
package Sample;
#use overload
# fallback => 1;

package main;
delete local $Sample::{ '()' };
my $ref = bless {},'Sample';
delete local $Sample::{ '()' };

===============

Segmentation fault: 11 (core dumped)

===============

#0 0x0000000000585282 in Perl_save_helem_flags (hv=0x801060c78, key=0x801060d08, sptr=0x7fffffffe880, flags=2) at scope.c:651
651 SvGETMAGIC(*sptr);
(gdb) bt
#0 0x0000000000585282 in Perl_save_helem_flags (hv=0x801060c78, key=0x801060d08, sptr=0x7fffffffe880, flags=2) at scope.c:651
#1 0x0000000000567525 in Perl_pp_delete () at pp.c:4624
#2 0x00000000004cf5f6 in Perl_runops_debug () at dump.c:2119
#3 0x0000000000449743 in perl_run (my_perl=Variable "my_perl" is not available.
) at perl.c:2402
#4 0x0000000000420841 in main (argc=2, argv=0x7fffffffea28, env=0x7fffffffea40) at perlmain.c:120

===============

Reproducable under 5.12.3, 5.14.2 and 5.16.0-RC2
Not reproducable under 5.10.1

Perl Info


Flags:
    category=core
    severity=medium

Site configuration information for perl 5.16.0:

Configured by mons at Thu May 17 12:40:48 MSK 2012.

Summary of my perl5 (revision 5 version 16 subversion 0) configuration:
   
  Platform:
    osname=freebsd, osvers=8.1-20101027-snap, archname=amd64-freebsd
    uname='freebsd web.rnd.rambler.ru 8.1-20101027-snap freebsd 8.1-20101027-snap #0: wed oct 27 19:23:16 utc 2010 root@nat-sl.rambler.ru:usrobjusrsrcsysdevel amd64 '
    config_args='-des -Dprefix=/home/mons -Duselargefiles -Duse64bitint -DUSEMYMALLOC -DDEBUGGING -Dinc_version_list=none -Doptimize=-march=athlon64 -fomit-frame-pointer -pipe -ggdb -g3 -O2 -Dccflags=-DPIC -fPIC -O2 -march=athlon64 -fomit-frame-pointer -pipe -ggdb -g3 -D cf_email=mons@rambler-co.ru -D perladmin=mons@rambler-co.ru -D locincpth=/home/mons/include /usr/local/include -D loclibpth=/home/mons/lib /usr/local/lib -D privlib=/home/mons/lib/perl5/5.16.0 -D archlib=/home/mons/lib/perl5/5.16.0 -D sitelib=/home/mons/lib/perl5/5.16.0 -D sitearch=/home/mons/lib/perl5/5.16.0 -Uinstallhtml1dir= -Uinstallhtml3dir= -Uinstallman1dir= -Uinstallman3dir= -Uinstallsitehtml1dir= -Uinstallsitehtml3dir= -Uinstallsiteman1dir= -Uinstallsiteman3dir='
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=define, use64bitall=define, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-DPIC -fPIC -O2 -march=athlon64 -fomit-frame-pointer -pipe -ggdb -g3 -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING -fno-strict-aliasing -fstack-protector -I/usr/local/include',
    optimize='-march=athlon64 -fomit-frame-pointer -pipe -ggdb -g3 -O2',
    cppflags='-DPIC -fPIC -O2 -march=athlon64 -fomit-frame-pointer -pipe -ggdb -g3 -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DDEBUGGING -fno-strict-aliasing -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.2.1 20070719  [FreeBSD]', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-Wl,-E  -fstack-protector -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lgdbm -lm -lcrypt -lutil -lc
    perllibs=-lm -lcrypt -lutil -lc
    libc=, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib -fstack-protector'

Locally applied patches:
    RC2


@INC for perl 5.16.0:
    /home/mons/lib/perl5/5.16.0
    /home/mons/lib/perl5/5.16.0
    .


Environment for perl 5.16.0:
    HOME=/home/mons
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/mons/bin:/home/mons/home-bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/home/mons/bin
    PERL_BADLANG (unset)
    PERL_CPANM_OPT=--mirror http://cpan.dev.rambler.ru/local/ --mirror http://cpan.dev.rambler.ru/mirror/ --mirror-only --notest
    SHELL=/usr/local/bin/bash

p5pRT · 2012-05-17T19:54:31Z

From @cpansprout

On Thu May 17 03:11:10 2012, mons wrote:

This is a bug report for perl from mons@cpan.org,
generated with the help of perlbug 1.39 running under perl 5.16.0.

-----------------------------------------------------------------
[Please describe your issue here]

===============
package Sample;
#use overload
# fallback => 1;

package main;
delete local $Sample::{ '()' };
my $ref = bless {},'Sample';
delete local $Sample::{ '()' };

===============

Segmentation fault: 11 (core dumped)

===============

#0 0x0000000000585282 in Perl_save_helem_flags (hv=0x801060c78,
key=0x801060d08, sptr=0x7fffffffe880, flags=2) at scope.c:651
651 SvGETMAGIC(*sptr);
(gdb) bt
#0 0x0000000000585282 in Perl_save_helem_flags (hv=0x801060c78,
key=0x801060d08, sptr=0x7fffffffe880, flags=2) at scope.c:651
#1 0x0000000000567525 in Perl_pp_delete () at pp.c:4624
#2 0x00000000004cf5f6 in Perl_runops_debug () at dump.c:2119
#3 0x0000000000449743 in perl_run (my_perl=Variable "my_perl" is not
available.
) at perl.c:2402
#4 0x0000000000420841 in main (argc=2, argv=0x7fffffffea28,
env=0x7fffffffea40) at perlmain.c:120

===============

Reproducable under 5.12.3, 5.14.2 and 5.16.0-RC2
Not reproducable under 5.10.1

7332a6c is the first bad commit
commit 7332a6c
Author: Vincent Pit <perl@profvince.com>
Date: Fri Jan 2 10:26:57 2009 +0100

Introduce "delete local"

:100644 100644 f1db82301fccf84490680701b2844f5e9afa56b5
3bd60bf31d18674c550f044efed2238e65675ad6 M embed.fnc
:100644 100644 dd7f269eeebd3ebedc2dbf308ad8aa0e3330ee2f
473b9decd62c220618a92f06348a44d86cd66546 M embed.h
:100644 100644 d7ef32c3cd80033fc7baff430a17a14cc6b7c60f
d1ed0807d8d1248877c07892317c5038e5be781a M op.c
:100644 100644 f06dbdc1203462410e62896c5007ab43f0761362
e8ba8ef07a05041abf0463c27e422144fef408e6 M op.h
:100644 100644 107a396681579fc4b76054f4d7790ecee83b45ef
930bc53b7367bcb5f606eef5560841ede15d1087 M pp.c
:100644 100644 61805f61316b3caa6144a7e0d2a0f67eb4cb3779
92ce73899f372c3fbe2cb1ab35e34814699bd5f7 M proto.h
:040000 040000 993f60d5f2fb930aa2c6340c2c011c1e1834409a
9b1045fbd0bd5a301296c14d71abf3b245521221 M t
bisect run success
That took 466 seconds

--

Father Chrysostomos

p5pRT · 2012-05-17T19:54:32Z

The RT System itself - Status changed from 'new' to 'open'

p5pRT · 2012-06-23T21:00:39Z

From @cpansprout

On Thu May 17 12:54:31 2012, sprout wrote:

On Thu May 17 03:11:10 2012, mons wrote:

This is a bug report for perl from mons@cpan.org,
generated with the help of perlbug 1.39 running under perl 5.16.0.

-----------------------------------------------------------------
[Please describe your issue here]

===============
package Sample;
#use overload
# fallback => 1;

package main;
delete local $Sample::{ '()' };
my $ref = bless {},'Sample';
delete local $Sample::{ '()' };

===============

Segmentation fault: 11 (core dumped)

===============

#0 0x0000000000585282 in Perl_save_helem_flags (hv=0x801060c78,
key=0x801060d08, sptr=0x7fffffffe880, flags=2) at scope.c:651
651 SvGETMAGIC(*sptr);
(gdb) bt
#0 0x0000000000585282 in Perl_save_helem_flags (hv=0x801060c78,
key=0x801060d08, sptr=0x7fffffffe880, flags=2) at scope.c:651
#1 0x0000000000567525 in Perl_pp_delete () at pp.c:4624
#2 0x00000000004cf5f6 in Perl_runops_debug () at dump.c:2119
#3 0x0000000000449743 in perl_run (my_perl=Variable "my_perl" is not
available.
) at perl.c:2402
#4 0x0000000000420841 in main (argc=2, argv=0x7fffffffea28,
env=0x7fffffffea40) at perlmain.c:120

===============

Reproducable under 5.12.3, 5.14.2 and 5.16.0-RC2
Not reproducable under 5.10.1

7332a6c is the first bad commit
commit 7332a6c
Author: Vincent Pit <perl@profvince.com>
Date: Fri Jan 2 10:26:57 2009 +0100
Introduce "delete local"
:100644 100644 f1db82301fccf84490680701b2844f5e9afa56b5
3bd60bf31d18674c550f044efed2238e65675ad6 M embed.fnc
:100644 100644 dd7f269eeebd3ebedc2dbf308ad8aa0e3330ee2f
473b9decd62c220618a92f06348a44d86cd66546 M embed.h
:100644 100644 d7ef32c3cd80033fc7baff430a17a14cc6b7c60f
d1ed0807d8d1248877c07892317c5038e5be781a M op.c
:100644 100644 f06dbdc1203462410e62896c5007ab43f0761362
e8ba8ef07a05041abf0463c27e422144fef408e6 M op.h
:100644 100644 107a396681579fc4b76054f4d7790ecee83b45ef
930bc53b7367bcb5f606eef5560841ede15d1087 M pp.c
:100644 100644 61805f61316b3caa6144a7e0d2a0f67eb4cb3779
92ce73899f372c3fbe2cb1ab35e34814699bd5f7 M proto.h
:040000 040000 993f60d5f2fb930aa2c6340c2c011c1e1834409a
9b1045fbd0bd5a301296c14d71abf3b245521221 M t
bisect run success
That took 466 seconds

This bug appears to have been fixed in blead, by commit bee7c57, but
that commit only hid it.

I have now fixed it in commit 2c5f48c.

--

Father Chrysostomos

p5pRT · 2012-06-23T21:00:39Z

@cpansprout - Status changed from 'open' to 'resolved'

p5pRT closed this as completed Jun 23, 2012

p5pRT added Severity Medium distro-freebsd type-core labels Oct 19, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Double localization of overload's ::() causes segmentation fault #12112

Double localization of overload's ::() causes segmentation fault #12112

p5pRT commented May 17, 2012

p5pRT commented May 17, 2012

p5pRT commented May 17, 2012

p5pRT commented May 17, 2012

p5pRT commented Jun 23, 2012

p5pRT commented Jun 23, 2012

Double localization of overload's ::() causes segmentation fault #12112

Double localization of overload's ::() causes segmentation fault #12112

Comments

p5pRT commented May 17, 2012

p5pRT commented May 17, 2012

From @moonlibs

Created by @moonlibs

p5pRT commented May 17, 2012

From @cpansprout

p5pRT commented May 17, 2012

p5pRT commented Jun 23, 2012

From @cpansprout

p5pRT commented Jun 23, 2012