Assert fail in gv.c without other symptoms: use re%:=0

[p5pRT]

Migrated from rt.perl.org#128238 (status was 'resolved')

Searchable as RT128238$

[p5pRT]

From @dcollinsn

Greetings Porters,

I have compiled bleadperl with the afl-gcc compiler using​:

./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Uuselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -Dusequadmath -des
AFL_HARDEN=1 make && make test

And then fuzzed the resulting binary using​:

AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @​@​

After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers an assert fail in debug buids of the perl interpreter. The testcase is the file below. On normal builds, this throws the expected error. On debug builds, this returns an assert fail.

use re%​:=0

dcollins@​nightshade64​:~/perl$ ./perl -Ilib -e "use re%​:=0"
Unknown "re" subpragma '0' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in exists at lib/re.pm line 150.
Use of uninitialized value $s in hash element at lib/re.pm line 152.
Use of uninitialized value $s in string eq at lib/re.pm line 155.
Use of uninitialized value $s in substitution (s///) at lib/re.pm line 180.
Use of uninitialized value $s in concatenation (.) or string at lib/re.pm line 246.
Unknown "re" subpragma '' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
dcollins@​nightshade64​:~/perl$ cd ../perldebug/
dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -e "use re%​:=0"
Unknown "re" subpragma '0' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in exists at lib/re.pm line 150.
Use of uninitialized value $s in hash element at lib/re.pm line 152.
Use of uninitialized value $s in string eq at lib/re.pm line 155.
Use of uninitialized value $s in substitution (s///) at lib/re.pm line 180.
Use of uninitialized value $s in concatenation (.) or string at lib/re.pm line 246.
Unknown "re" subpragma '' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
perl​: gv.c​:2423​: Perl_gv_check​: Assertion `((stash)->sv_flags & 0x02000000)' failed.
Aborted

Debugging tool output is below. A git bisect was performed and reported the following, which is the commit in which the assert was initially added.

9075437 is the first bad commit
commit 9075437
Author​: David Mitchell <davem@​iabyn.com>
Date​: Sat Feb 15 16​:38​:31 2014 +0000

  gv_check()​: use aux flag rather than IsCOW

  Currently the SVf_IsCOW flag doesn't have any meaning for HVs,
  except that it is used in the specific case of gv_check() to temporarily
  mark a stash as being scanned. Since stashes will have the HV_AUX fields,
  we can use a flags bit in the new xhv_aux_flags field instead.

  This then potentially frees up the SVf_IsCOW for use as a new general flag
  bit for *all* HVs (including non-stash ones).

:100644 100644 42cd69cb1626c962cf97c9516e254119919d0680 4a10f9b8adf98fe5f2dc72888ab3dcbcd08ef77f M gv.c
:100644 100644 498e6f01f64c6294576e14ee2a4f389a0502e0bf 5ad1459a2e3463cc4fe28f73ae4c5858e31556ac M hv.h
:100644 100644 715b12447fcf2a8e70be4dcb35ea01edb30013a9 a54fd8f55ceb284d743fd1e5d9ed839f9adbdfb6 M sv.h
bisect run success

**GDB**

(gdb) run
Starting program​: /home/dcollins/perldebug/perl -Ilib -e use\ re%​:=0
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Unknown "re" subpragma '0' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in exists at lib/re.pm line 150.
Use of uninitialized value $s in hash element at lib/re.pm line 152.
Use of uninitialized value $s in string eq at lib/re.pm line 155.
Use of uninitialized value $s in substitution (s///) at lib/re.pm line 180.
Use of uninitialized value $s in concatenation (.) or string at lib/re.pm line 246.
Unknown "re" subpragma '' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
perl​: gv.c​:2423​: Perl_gv_check​: Assertion `((stash)->sv_flags & 0x02000000)' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff6cf9478 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff6cf9478 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff6cfa8fa in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff6cf23a7 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff6cf2452 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x0000000000482322 in Perl_gv_check (stash=0xab2a48) at gv.c​:2423
#5 0x000000000048250d in Perl_gv_check (stash=0xa9dff8) at gv.c​:2439
#6 0x000000000046152d in S_parse_body (env=0x0, xsinit=0x41e979 <xs_init>) at perl.c​:2386
#7 0x000000000045f846 in perl_parse (my_perl=0xa9c010, xsinit=0x41e979 <xs_init>, argc=4, argv=0x7fffffffe628, env=0x0) at perl.c​:1681
#8 0x000000000041e8d8 in main (argc=4, argv=0x7fffffffe628, env=0x7fffffffe650) at perlmain.c​:114
(gdb) f 4
#4 0x0000000000482322 in Perl_gv_check (stash=0xab2a48) at gv.c​:2423
2423 assert(SvOOK(stash));
(gdb) l
2418 PERL_ARGS_ASSERT_GV_CHECK;
2419
2420 if (!HvARRAY(stash))
2421 return;
2422
2423 assert(SvOOK(stash));
2424
2425 for (i = 0; i <= (I32) HvMAX(stash); i++) {
2426 const HE *entry;
2427 /* mark stash is being scanned, to avoid recursing */
(gdb)

**VALGRIND**

dcollins@​nightshade64​:~/perldebug$ valgrind ./perl -Ilib -e "use re%​:=0"
==45407== Memcheck, a memory error detector
==45407== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==45407== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==45407== Command​: ./perl -Ilib -e use\ re%​:=0
==45407==
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.22.so​:
--45407-- Ignoring non-Dwarf2/3/4 block in .debug_info
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.22.so​:
--45407-- Last block truncated in .debug_info; ignoring
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.22.so​:
--45407-- parse_CU_Header​: is neither DWARF2 nor DWARF3 nor DWARF4
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libnsl-2.22.so​:
--45407-- Ignoring non-Dwarf2/3/4 block in .debug_info
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libnsl-2.22.so​:
--45407-- Last block truncated in .debug_info; ignoring
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libnsl-2.22.so​:
--45407-- parse_CU_Header​: is neither DWARF2 nor DWARF3 nor DWARF4
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libdl-2.22.so​:
--45407-- Ignoring non-Dwarf2/3/4 block in .debug_info
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libdl-2.22.so​:
--45407-- Last block truncated in .debug_info; ignoring
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libdl-2.22.so​:
--45407-- parse_CU_Header​: is neither DWARF2 nor DWARF3 nor DWARF4
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libm-2.22.so​:
--45407-- Ignoring non-Dwarf2/3/4 block in .debug_info
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libm-2.22.so​:
--45407-- Last block truncated in .debug_info; ignoring
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libm-2.22.so​:
--45407-- parse_CU_Header​: is neither DWARF2 nor DWARF3 nor DWARF4
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libcrypt-2.22.so​:
--45407-- Ignoring non-Dwarf2/3/4 block in .debug_info
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libcrypt-2.22.so​:
--45407-- Last block truncated in .debug_info; ignoring
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libcrypt-2.22.so​:
--45407-- parse_CU_Header​: is neither DWARF2 nor DWARF3 nor DWARF4
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libutil-2.22.so​:
--45407-- Ignoring non-Dwarf2/3/4 block in .debug_info
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libutil-2.22.so​:
--45407-- Last block truncated in .debug_info; ignoring
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libutil-2.22.so​:
--45407-- parse_CU_Header​: is neither DWARF2 nor DWARF3 nor DWARF4
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so​:
--45407-- Ignoring non-Dwarf2/3/4 block in .debug_info
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so​:
--45407-- Last block truncated in .debug_info; ignoring
--45407-- WARNING​: Serious error when reading debug info
--45407-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so​:
--45407-- parse_CU_Header​: is neither DWARF2 nor DWARF3 nor DWARF4
Unknown "re" subpragma '0' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 128.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in string eq at lib/re.pm line 146.
Use of uninitialized value $s in exists at lib/re.pm line 150.
Use of uninitialized value $s in hash element at lib/re.pm line 152.
Use of uninitialized value $s in string eq at lib/re.pm line 155.
Use of uninitialized value $s in substitution (s///) at lib/re.pm line 180.
Use of uninitialized value $s in concatenation (.) or string at lib/re.pm line 246.
Unknown "re" subpragma '' (known ones are​: 'debug', 'debugcolor', 'eval', 'taint') at -e line 1.
perl​: gv.c​:2423​: Perl_gv_check​: Assertion `((stash)->sv_flags & 0x02000000)' failed.
==45407==
==45407== Process terminating with default action of signal 6 (SIGABRT)
==45407== at 0x5BD8478​: raise (in /lib/x86_64-linux-gnu/libc-2.22.so)
==45407== by 0x5BD98F9​: abort (in /lib/x86_64-linux-gnu/libc-2.22.so)
==45407== by 0x5BD13A6​: __assert_fail_base (in /lib/x86_64-linux-gnu/libc-2.22.so)
==45407== by 0x5BD1451​: __assert_fail (in /lib/x86_64-linux-gnu/libc-2.22.so)
==45407== by 0x482321​: Perl_gv_check (gv.c​:2423)
==45407== by 0x48250C​: Perl_gv_check (gv.c​:2439)
==45407== by 0x46152C​: S_parse_body (perl.c​:2386)
==45407== by 0x45F845​: perl_parse (perl.c​:1681)
==45407== by 0x41E8D7​: main (perlmain.c​:114)
==45407==
==45407== HEAP SUMMARY​:
==45407== in use at exit​: 861,161 bytes in 3,199 blocks
==45407== total heap usage​: 9,155 allocs, 5,956 frees, 1,640,397 bytes allocated
==45407==
==45407== LEAK SUMMARY​:
==45407== definitely lost​: 192 bytes in 1 blocks
==45407== indirectly lost​: 2,009 bytes in 22 blocks
==45407== possibly lost​: 511,553 bytes in 668 blocks
==45407== still reachable​: 347,407 bytes in 2,508 blocks
==45407== of which reachable via heuristic​:
==45407== newarray : 3,768 bytes in 118 blocks
==45407== suppressed​: 0 bytes in 0 blocks
==45407== Rerun with --leak-check=full to see details of leaked memory
==45407==
==45407== For counts of detected and suppressed errors, rerun with​: -v
==45407== ERROR SUMMARY​: 0 errors from 0 contexts (suppressed​: 0 from 0)
Aborted

**PERL -V**

dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -V
Summary of my perl5 (revision 5 version 25 subversion 1) configuration​:
  Commit id​: 9e17953
  Platform​:
  osname=linux, osvers=4.5.0-2-amd64, archname=x86_64-linux
  uname='linux nightshade64 4.5.0-2-amd64 #1 smp debian 4.5.3-2 (2016-05-08) x86_64 gnulinux '
  config_args='-Dusedevel -Dcc=ccache gcc-6.1 -DDEBUGGING -Doptimize=-g -des'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='ccache gcc-6.1', ccflags ='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-g',
  cppflags='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
  ccversion='', gccversion='6.1.0', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='ccache gcc-6.1', ldflags =' -fstack-protector-strong -L/usr/local/lib'
  libpth=/usr/local/lib /usr/local/lib/gcc/x86_64-pc-linux-gnu/6.1.0/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
  libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
  perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
  libc=libc-2.22.so, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.22'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -g -L/usr/local/lib -fstack-protector-strong'

Characteristics of this binary (from libperl)​:
  Compile-time options​: DEBUGGING HAS_TIMES PERLIO_LAYERS PERL_COPY_ON_WRITE
  PERL_DONT_CREATE_GVSV
  PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_MALLOC_WRAP
  PERL_OP_PARENT PERL_PRESERVE_IVUV PERL_USE_DEVEL
  USE_64_BIT_ALL USE_64_BIT_INT USE_LARGE_FILES
  USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE
  USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_PERLIO
  USE_PERL_ATOF
  Built under linux
  Compiled at May 18 2016 19​:50​:06
  @​INC​:
  lib
  /usr/local/lib/perl5/site_perl/5.25.1/x86_64-linux
  /usr/local/lib/perl5/site_perl/5.25.1
  /usr/local/lib/perl5/5.25.1/x86_64-linux
  /usr/local/lib/perl5/5.25.1
  .

[p5pRT]

From @cpansprout

On Wed May 25 15​:58​:12 2016, dcollinsn@​gmail.com wrote​:

use re%​:=0

Less noisy version​:

use less %​: = 0

A git bisect was performed and
reported the following, which is the commit in which the assert was
initially added.

9075437 is the first bad commit
commit 9075437
Author​: David Mitchell <davem@​iabyn.com>
Date​: Sat Feb 15 16​:38​:31 2014 +0000

gv_check()​: use aux flag rather than IsCOW

The assertion seems to be wrong.

In fact, it seems that a BEGIN-time require *and* %​: assignment are sufficient to trigger it.

I don’t understand why ‘require’ is affecting it. It happens with re.pm and less.pm, but not utf8.pm, so presumably a line of code common to the first two is helping to trigger this.

$ ./miniperl -Ilib -e 'BEGIN { require re; %​: = 0}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c, line 2417.
Abort trap​: 6
$ ./miniperl -Ilib -e 'BEGIN { require utf8; %​: = 0}'
$ ./miniperl -Ilib -e 'BEGIN { require less; %​: = 0}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c, line 2417.
Abort trap​: 6

--

Father Chrysostomos

[p5pRT]

The RT System itself - Status changed from 'new' to 'open'

[p5pRT]

From @cpansprout

On Wed May 25 18​:11​:15 2016, sprout wrote​:

On Wed May 25 15​:58​:12 2016, dcollinsn@​gmail.com wrote​:

use re%​:=0

Less noisy version​:

use less %​: = 0

A git bisect was performed and
reported the following, which is the commit in which the assert was
initially added.

9075437 is the first bad commit
commit 9075437
Author​: David Mitchell <davem@​iabyn.com>
Date​: Sat Feb 15 16​:38​:31 2014 +0000

gv_check()​: use aux flag rather than IsCOW

The assertion seems to be wrong.

In fact, it seems that a BEGIN-time require *and* %​: assignment are
sufficient to trigger it.

I don’t understand why ‘require’ is affecting it. It happens with
re.pm and less.pm, but not utf8.pm, so presumably a line of code
common to the first two is helping to trigger this.

$ ./miniperl -Ilib -e 'BEGIN { require re; %​: = 0}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c,
line 2417.
Abort trap​: 6
$ ./miniperl -Ilib -e 'BEGIN { require utf8; %​: = 0}'
$ ./miniperl -Ilib -e 'BEGIN { require less; %​: = 0}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c,
line 2417.
Abort trap​: 6

Anything that enables warnings (of course, since without warnings enabled at least somewhere gv_check doesn’t get called).

$ ./miniperl -Ilib -e 'BEGIN { %​: = 0; $^W=1}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c, line 2417.
Abort trap​: 6

--

Father Chrysostomos

[p5pRT]

From @iabyn

On Wed, May 25, 2016 at 08​:12​:32PM -0700, Father Chrysostomos via RT wrote​:

Anything that enables warnings (of course, since without warnings enabled at least somewhere gv_check doesn’t get called).

$ ./miniperl -Ilib -e 'BEGIN { %​: = 0; $^W=1}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c, line 2417.

Fixed with this​:

  commit e7acdfe
  Author​: David Mitchell <davem@​iabyn.com>
  AuthorDate​: Tue Jun 21 17​:06​:52 2016 +0100
  Commit​: David Mitchell <davem@​iabyn.com>
  CommitDate​: Tue Jun 21 17​:06​:52 2016 +0100

  only treat stash entries with .*​:: as sub-stashes
 
  RT #128238
 
  %​: = 0 would cause an assertion failure in Perl_gv_check(), since when
  it searched a stash for substashes, it assumed anything ending in '​:' was
  a substash, whereas substashes end in '​::'. So check for a double colon
  before recursing.

--
Never work with children, animals, or actors.

[p5pRT]

@cpansprout - Status changed from 'open' to 'pending release'

[p5pRT]

From @cpansprout

On Tue Jun 21 09​:12​:49 2016, davem wrote​:

On Wed, May 25, 2016 at 08​:12​:32PM -0700, Father Chrysostomos via RT
wrote​:

Anything that enables warnings (of course, since without warnings
enabled at least somewhere gv_check doesn’t get called).

$ ./miniperl -Ilib -e 'BEGIN { %​: = 0; $^W=1}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c,
line 2417.

Fixed with this​:

commit e7acdfe
Author​: David Mitchell <davem@​iabyn.com>
AuthorDate​: Tue Jun 21 17​:06​:52 2016 +0100
Commit​: David Mitchell <davem@​iabyn.com>
CommitDate​: Tue Jun 21 17​:06​:52 2016 +0100

only treat stash entries with .*​:: as sub-stashes

RT #128238

%​: = 0 would cause an assertion failure in Perl_gv_check(), since when
it searched a stash for substashes, it assumed anything ending in '​:'
was
a substash, whereas substashes end in '​::'. So check for a double
colon
before recursing.

Apologies if this sounds rude, but that is not a very robust fix.

This code is naughty, but it still should not crash​:

$ ./perl -Ilib -MDevel​::Peek -e 'BEGIN { $​::{"foo​::"} = *ENV; $^W=1}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c, line 2417.
Abort trap​: 6

--

Father Chrysostomos

[p5pRT]

@cpansprout - Status changed from 'pending release' to 'open'

[p5pRT]

From @iabyn

On Wed, Jun 22, 2016 at 01​:23​:47PM -0700, Father Chrysostomos via RT wrote​:

Apologies if this sounds rude, but that is not a very robust fix.

This code is naughty, but it still should not crash​:

$ ./perl -Ilib -MDevel​::Peek -e 'BEGIN { $​::{"foo​::"} = *ENV; $^W=1}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c, line 2417.
Abort trap​: 6

Ah, so its still possible to put substash-like entries in stashes that
aren't actually stashes.

I don't know whether the correct fix is stashify values put into stashes
whose keys end in '​::', or make core code robust against non-stashiness.

This isn't an area I'm very conversant with. Do you have any opinions?

--
Never do today what you can put off till tomorrow.

[p5pRT]

From @cpansprout

On Thu Jun 23 05​:57​:27 2016, davem wrote​:

On Wed, Jun 22, 2016 at 01​:23​:47PM -0700, Father Chrysostomos via RT
wrote​:

Apologies if this sounds rude, but that is not a very robust fix.

This code is naughty, but it still should not crash​:

$ ./perl -Ilib -MDevel​::Peek -e 'BEGIN { $​::{"foo​::"} = *ENV;
$^W=1}'
Assertion failed​: (SvOOK(stash)), function Perl_gv_check, file gv.c,
line 2417.
Abort trap​: 6

Ah, so its still possible to put substash-like entries in stashes that
aren't actually stashes.

I don't know whether the correct fix is stashify values put into
stashes
whose keys end in '​::', or make core code robust against non-
stashiness.

This isn't an area I'm very conversant with. Do you have any opinions?

Since this code is just for a warning, I would suggest skipping sub-stashes that are not SvOOK. In fact, if we do that at the beginning of gv_check, we don’t need to check HvARRAY (we can switch the conditions in the if() and the assert() around). In fact, I might go ahead and write the patch within the next day or two. :-)

--

Father Chrysostomos

[p5pRT]

From @cpansprout

On Thu Jun 23 06​:36​:48 2016, sprout wrote​:

On Thu Jun 23 05​:57​:27 2016, davem wrote​:

Ah, so its still possible to put substash-like entries in stashes
that
aren't actually stashes.

I don't know whether the correct fix is stashify values put into
stashes
whose keys end in '​::', or make core code robust against non-
stashiness.

This isn't an area I'm very conversant with. Do you have any
opinions?

Since this code is just for a warning, I would suggest skipping sub-
stashes that are not SvOOK. In fact, if we do that at the beginning
of gv_check, we don’t need to check HvARRAY (we can switch the
conditions in the if() and the assert() around). In fact, I might go
ahead and write the patch within the next day or two. :-)

Fixed in 9e5cda6.

--

Father Chrysostomos

[p5pRT]

@cpansprout - Status changed from 'open' to 'pending release'

[p5pRT]

From @khwilliamson

Thank you for filing this report. You have helped make Perl better.

With the release today of Perl 5.26.0, this and 210 other issues have been
resolved.

Perl 5.26.0 may be downloaded via​:
https://metacpan.org/release/XSAWYERX/perl-5.26.0

If you find that the problem persists, feel free to reopen this ticket.

[p5pRT]

@khwilliamson - Status changed from 'pending release' to 'resolved'