Segfault in a custom perl -d:KP after loading Time::HiRes (thanks to “KES”)

[p5pRT]

Migrated from rt.perl.org#126837 (status was 'rejected')

Searchable as RT126837$

[p5pRT]

From @shlomif

Hi all,

The attached files (that can also be cloned from
https://github.com/shlomif/perl5-Time-HiRes-perl-d-segfault ) cause a segfault
in perl-5.20.1-8.mga5 , perl-5.22.0-6.mga6 and bleadperl (on Mageia Linux
x86-64 v5 and v6) when run under the debugger like «perl -d​:KP Test2.pl».

Please look into it. I will also try to investigate further.

Thanks to â��KESâ�� for the original report here​:

http​://www.nntp.perl.org/group/perl.debugger/2015/12/msg166.html

Regards,

  Shlomi Fish

--
Shlomi Fish

[p5pRT]

From @shlomif

Test2.pl

[p5pRT]

From @shlomif

KP.pm

[p5pRT]

The RT System itself - Status changed from 'new' to 'open'

[p5pRT]

From @iabyn

On Mon, Dec 07, 2015 at 08​:00​:58AM -0800, shlomif@​shlomifish.org wrote​:

The attached files (that can also be cloned from
https://github.com/shlomif/perl5-Time-HiRes-perl-d-segfault ) cause a segfault
in perl-5.20.1-8.mga5 , perl-5.22.0-6.mga6 and bleadperl (on Mageia Linux
x86-64 v5 and v6) when run under the debugger like «perl -d​:KP Test2.pl».

Please look into it. I will also try to investigate further.

It can be reduced to​:

Devel/KP.pm​:
  package DB;

  sub sub {
  my $s = "" . $_[0];
  }

  $x++ if $^V; # its actually Config.pm that was testing $^V

  1;

$./perl -d​:KP -e1

DB​::sub is trying to stringify its args. $_[0] is a version object, which
has string overloading. So perl calls the overload method, which, because
the code is running under -d, immediately calls DB​::sub again.
Eventually the recursion blows the C stack and a SEGV ensues.

Whether this is is something the "invoke DB​::sub" code in core is supposed
to be able to detect and avoid, or whether it's a case of "don't do this",
I don't know.

--
O Unicef Clearasil!
Gibberish and Drivel!
  -- "Bored of the Rings"

[p5pRT]

From @tonycoz

On Tue Dec 08 08​:03​:23 2015, davem wrote​:

Whether this is is something the "invoke DB​::sub" code in core is
supposed
to be able to detect and avoid, or whether it's a case of "don't do
this",
I don't know.

I think it's something the debugger author needs to deal with.

Preventing recursion* into DB​::sub in core would also prevent a debugger from doing interesting things.

Preventing this particular case is as simple as something like​:

package DB;
sub sub {
  unless ($in_sub) {
  local $in_sub = 1
  my $s = "" . $_[0];
  }
}

The core should protect against internal use of overloading causing problems (like with #122445).

Tony

* whatever the cause, whether overloading or tie

[p5pRT]

From @KES777

I think it's something the debugger author needs to deal with.
Yes. I should to deal with it.
But it was too implicit that 'print @​_' makes call to object.
You may close ticket.

[p5pRT]

@iabyn - Status changed from 'open' to 'rejected'