Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PATCH] Another SEGV in Data::Dumper #10106

Closed
p5pRT opened this issue Jan 24, 2010 · 10 comments
Closed

[PATCH] Another SEGV in Data::Dumper #10106

p5pRT opened this issue Jan 24, 2010 · 10 comments

Comments

@p5pRT
Copy link

@p5pRT p5pRT commented Jan 24, 2010

Migrated from rt.perl.org#72332 (status was 'resolved')

Searchable as RT72332$

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 24, 2010

From @cpansprout

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can* stringify
emptily (see bug 65582). The forthcoming patch makes DD more resilient.

Use of uninitialized value $category in concatenation (.) or string
at /usr/bin/perlbug line 639.
Use of uninitialized value $severity in concatenation (.) or string
at /usr/bin/perlbug line 639.


Flags​:
  category=high
  severity=library


This perlbug was built using Perl 5.10.1 - Thu Sep 24 18​:07​:44 PDT 2009
It is being executed now by Perl 5.11.4 - Wed Jan 20 14​:43​:32 PST 2010.

Site configuration information for perl 5.11.4​:

Configured by sprout at Wed Jan 20 14​:43​:32 PST 2010.

Summary of my perl5 (revision 5 version 11 subversion 4) configuration​:

  Platform​:
  osname=darwin, osvers=10.0.0, archname=darwin-2level
  uname='darwin pint.local 10.0.0 darwin kernel version 10.0.0​: fri
jul 31 22​:47​:34 pdt 2009; root​:xnu-1456.1.25~1release_i386 i386 '
  config_args='-de -Dusedevel'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  useperlio=define, d_sfio=undef, uselargefiles=define,
usesocks=undef
  use64bitint=undef, use64bitall=undef, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-fno-common -DPERL_DARWIN -no-cpp-precomp -fno-
strict-aliasing -pipe -fstack-protector -I/usr/local/include',
  optimize='-O3',
  cppflags='-no-cpp-precomp -fno-common -DPERL_DARWIN -no-cpp-
precomp -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/
include'
  ccversion='', gccversion='4.2.1 (Apple Inc. build 5646)',
gccosandvers=''
  intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=4, nvtype='double', nvsize=8,
Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-
protector -L/usr/local/lib'
  libpth=/usr/local/lib /usr/lib
  libs=-ldbm -ldl -lm -lutil -lc
  perllibs=-ldl -lm -lutil -lc
  libc=/usr/lib/libc.dylib, so=dylib, useshrplib=false,
libperl=libperl.a
  gnulibc_version=''
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
  cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup -L/
usr/local/lib -fstack-protector'

Locally applied patches​:


@​INC for perl 5.11.4​:
  /usr/local/lib/perl5/site_perl/5.11.4/darwin-2level
  /usr/local/lib/perl5/site_perl/5.11.4
  /usr/local/lib/perl5/5.11.4/darwin-2level
  /usr/local/lib/perl5/5.11.4
  /usr/local/lib/perl5/site_perl
  .


Environment for perl 5.11.4​:
  DYLD_LIBRARY_PATH (unset)
  HOME=/Users/sprout
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/usr/bin​:/bin​:/usr/sbin​:/sbin​:/usr/local/bin​:/usr/X11/bin​:/
usr/local/bin
  PERL_BADLANG (unset)
  SHELL=/bin/bash

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 25, 2010

From @cpansprout

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR
{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can*
stringify emptily (see bug 65582). The forthcoming patch makes DD
more resilient.

Here is the patch.

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 25, 2010

From @cpansprout

Inline Patch
diff -Nurp blead/dist/Data-Dumper/Dumper.xs blead-dd-segv/dist/Data-Dumper/Dumper.xs
--- blead/dist/Data-Dumper/Dumper.xs	2009-11-19 08:51:38.000000000 -0800
+++ blead-dd-segv/dist/Data-Dumper/Dumper.xs	2010-01-23 09:21:15.000000000 -0800
@@ -909,7 +909,7 @@ DD_dump(pTHX_ SV *val, const char *name,
 	}
 	else if (realtype == SVt_PVGV) {/* GLOBs can end up with scribbly names */
 	    c = SvPV(val, i);
-	    ++c; --i;			/* just get the name */
+	    if(i) ++c, --i;			/* just get the name */
 	    if (i >= 6 && strncmp(c, "main::", 6) == 0) {
 		c += 4;
 		i -= 4;
diff -Nurp blead/dist/Data-Dumper/t/bugs.t blead-dd-segv/dist/Data-Dumper/t/bugs.t
--- blead/dist/Data-Dumper/t/bugs.t	2009-11-19 08:51:38.000000000 -0800
+++ blead-dd-segv/dist/Data-Dumper/t/bugs.t	2010-01-22 22:26:55.000000000 -0800
@@ -12,7 +12,7 @@ BEGIN {
 }
 
 use strict;
-use Test::More tests => 5;
+use Test::More tests => 6;
 use Data::Dumper;
 
 {
@@ -80,4 +80,9 @@ sub doh
 doh('fixed');
 ok(1, "[perl #56766]"); # Still no core dump? We are fine.
 
+# [perl #72332] Segfault on empty-string glob
+Data::Dumper->Dump([*{*STDERR{IO}}]);
+ok("ok", #ok
+   "empty-string glob [perl #72332]");
+
 # EOF

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 25, 2010

From @tsee

Hi all,

Father Chrysostomos wrote​:

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can* stringify
emptily (see bug 65582). The forthcoming patch makes DD more resilient.

Should this be in 5.12?

If so, I can check and apply it tonight.

Best regards,
Steffen

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 25, 2010

The RT System itself - Status changed from 'new' to 'open'

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 25, 2010

From @obra

Should this be in 5.12?

If so, I can check and apply it tonight.

If it's on this list​: http​://tinyurl.com/ygo9awx, then the answer is
yes. If it's not, then the answer is no.

http​://www.nntp.perl.org/group/perl.perl5.porters/2010/01/msg155374.html
has all the gory details.

Best regards,
Steffen

--

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Jan 25, 2010

From @tsee

Hi Jesse,

jesse wrote​:

Should this be in 5.12?

If so, I can check and apply it tonight.

If it's on this list​: http​://tinyurl.com/ygo9awx, then the answer is
yes. If it's not, then the answer is no.

http​://www.nntp.perl.org/group/perl.perl5.porters/2010/01/msg155374.html
has all the gory details.

I have the attention span of a slug. :)

Anyhow, the bug in question is sort of a follow-up on something that was
on the list, thus the question. But I'd consider the issue obscure
enough to wait until after 5.12. Besides, unlike the previous patch,
this one can be fixed in a new DDumper CPAN release.

--Steffen

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Sep 26, 2010

From @cpansprout

On Mon Jan 25 00​:48​:48 2010, sprout wrote​:

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR
{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can*
stringify emptily (see bug 65582). The forthcoming patch makes DD
more resilient.

Here is the patch.

Applied as ecf0432
Applied as

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Sep 26, 2010

From [Unknown Contact. See original ticket]

On Mon Jan 25 00​:48​:48 2010, sprout wrote​:

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR
{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can*
stringify emptily (see bug 65582). The forthcoming patch makes DD
more resilient.

Here is the patch.

Applied as ecf0432
Applied as

Loading

@p5pRT
Copy link
Author

@p5pRT p5pRT commented Sep 26, 2010

@cpansprout - Status changed from 'open' to 'resolved'

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant