[PATCH] Another SEGV in Data::Dumper

[p5pRT]

Migrated from rt.perl.org#72332 (status was 'resolved')

Searchable as RT72332$

[p5pRT]

From @cpansprout

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can* stringify
emptily (see bug 65582). The forthcoming patch makes DD more resilient.

Use of uninitialized value $category in concatenation (.) or string
at /usr/bin/perlbug line 639.
Use of uninitialized value $severity in concatenation (.) or string
at /usr/bin/perlbug line 639.

---

Flags​:
  category=high
  severity=library

---

This perlbug was built using Perl 5.10.1 - Thu Sep 24 18​:07​:44 PDT 2009
It is being executed now by Perl 5.11.4 - Wed Jan 20 14​:43​:32 PST 2010.

Site configuration information for perl 5.11.4​:

Configured by sprout at Wed Jan 20 14​:43​:32 PST 2010.

Summary of my perl5 (revision 5 version 11 subversion 4) configuration​:

  Platform​:
  osname=darwin, osvers=10.0.0, archname=darwin-2level
  uname='darwin pint.local 10.0.0 darwin kernel version 10.0.0​: fri
jul 31 22​:47​:34 pdt 2009; root​:xnu-1456.1.25~1release_i386 i386 '
  config_args='-de -Dusedevel'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  useperlio=define, d_sfio=undef, uselargefiles=define,
usesocks=undef
  use64bitint=undef, use64bitall=undef, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-fno-common -DPERL_DARWIN -no-cpp-precomp -fno-
strict-aliasing -pipe -fstack-protector -I/usr/local/include',
  optimize='-O3',
  cppflags='-no-cpp-precomp -fno-common -DPERL_DARWIN -no-cpp-
precomp -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/
include'
  ccversion='', gccversion='4.2.1 (Apple Inc. build 5646)',
gccosandvers=''
  intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=4, nvtype='double', nvsize=8,
Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='env MACOSX_DEPLOYMENT_TARGET=10.3 cc', ldflags =' -fstack-
protector -L/usr/local/lib'
  libpth=/usr/local/lib /usr/lib
  libs=-ldbm -ldl -lm -lutil -lc
  perllibs=-ldl -lm -lutil -lc
  libc=/usr/lib/libc.dylib, so=dylib, useshrplib=false,
libperl=libperl.a
  gnulibc_version=''
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=bundle, d_dlsymun=undef, ccdlflags=' '
  cccdlflags=' ', lddlflags=' -bundle -undefined dynamic_lookup -L/
usr/local/lib -fstack-protector'

Locally applied patches​:

---

@​INC for perl 5.11.4​:
  /usr/local/lib/perl5/site_perl/5.11.4/darwin-2level
  /usr/local/lib/perl5/site_perl/5.11.4
  /usr/local/lib/perl5/5.11.4/darwin-2level
  /usr/local/lib/perl5/5.11.4
  /usr/local/lib/perl5/site_perl
  .

---

Environment for perl 5.11.4​:
  DYLD_LIBRARY_PATH (unset)
  HOME=/Users/sprout
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/usr/bin​:/bin​:/usr/sbin​:/sbin​:/usr/local/bin​:/usr/X11/bin​:/
usr/local/bin
  PERL_BADLANG (unset)
  SHELL=/bin/bash

[p5pRT]

From @cpansprout

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR
{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can*
stringify emptily (see bug 65582). The forthcoming patch makes DD
more resilient.

Here is the patch.

[p5pRT]

From @cpansprout

Inline Patch

diff -Nurp blead/dist/Data-Dumper/Dumper.xs blead-dd-segv/dist/Data-Dumper/Dumper.xs
--- blead/dist/Data-Dumper/Dumper.xs	2009-11-19 08:51:38.000000000 -0800
+++ blead-dd-segv/dist/Data-Dumper/Dumper.xs	2010-01-23 09:21:15.000000000 -0800
@@ -909,7 +909,7 @@ DD_dump(pTHX_ SV *val, const char *name,
 	}
 	else if (realtype == SVt_PVGV) {/* GLOBs can end up with scribbly names */
 	    c = SvPV(val, i);
-	    ++c; --i;			/* just get the name */
+	    if(i) ++c, --i;			/* just get the name */
 	    if (i >= 6 && strncmp(c, "main::", 6) == 0) {
 		c += 4;
 		i -= 4;
diff -Nurp blead/dist/Data-Dumper/t/bugs.t blead-dd-segv/dist/Data-Dumper/t/bugs.t
--- blead/dist/Data-Dumper/t/bugs.t	2009-11-19 08:51:38.000000000 -0800
+++ blead-dd-segv/dist/Data-Dumper/t/bugs.t	2010-01-22 22:26:55.000000000 -0800
@@ -12,7 +12,7 @@ BEGIN {
 }
 
 use strict;
-use Test::More tests => 5;
+use Test::More tests => 6;
 use Data::Dumper;
 
 {
@@ -80,4 +80,9 @@ sub doh
 doh('fixed');
 ok(1, "[perl #56766]"); # Still no core dump? We are fine.
 
+# [perl #72332] Segfault on empty-string glob
+Data::Dumper->Dump([*{*STDERR{IO}}]);
+ok("ok", #ok
+   "empty-string glob [perl #72332]");
+
 # EOF

[p5pRT]

From @tsee

Hi all,

Father Chrysostomos wrote​:

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can* stringify
emptily (see bug 65582). The forthcoming patch makes DD more resilient.

Should this be in 5.12?

If so, I can check and apply it tonight.

Best regards,
Steffen

[p5pRT]

The RT System itself - Status changed from 'new' to 'open'

[p5pRT]

From @obra

Should this be in 5.12?

If so, I can check and apply it tonight.

If it's on this list​: http​://tinyurl.com/ygo9awx, then the answer is
yes. If it's not, then the answer is no.

http​://www.nntp.perl.org/group/perl.perl5.porters/2010/01/msg155374.html
has all the gory details.

Best regards,
Steffen

--

[p5pRT]

From @tsee

Hi Jesse,

jesse wrote​:

Should this be in 5.12?

If so, I can check and apply it tonight.

If it's on this list​: http​://tinyurl.com/ygo9awx, then the answer is
yes. If it's not, then the answer is no.

http​://www.nntp.perl.org/group/perl.perl5.porters/2010/01/msg155374.html
has all the gory details.

I have the attention span of a slug. :)

Anyhow, the bug in question is sort of a follow-up on something that was
on the list, thus the question. But I'd consider the issue obscure
enough to wait until after 5.12. Besides, unlike the previous patch,
this one can be fixed in a new DDumper CPAN release.

--Steffen

[p5pRT]

From @cpansprout

On Mon Jan 25 00​:48​:48 2010, sprout wrote​:

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR
{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can*
stringify emptily (see bug 65582). The forthcoming patch makes DD
more resilient.

Here is the patch.

Applied as ecf0432
Applied as

[p5pRT]

From [Unknown Contact. See original ticket]

On Mon Jan 25 00​:48​:48 2010, sprout wrote​:

On Jan 24, 2010, at 1​:50 PM, Father Chrysostomos wrote​:

$ perl5.6.2 -MData​::Dumper -le' Data​::Dumper->Dumpxs([*{*STDERR
{IO}}])'
Bus error

Same in 5.11.4.
This is related to bug 71254. It turns out that globs *can*
stringify emptily (see bug 65582). The forthcoming patch makes DD
more resilient.

Here is the patch.

Applied as ecf0432
Applied as

[p5pRT]

@cpansprout - Status changed from 'open' to 'resolved'