Assert fail in Perl_magic_get without other symptoms - '{tell$0;i${^LAST_FH}}'

[p5pRT]

Migrated from rt.perl.org#128263 (status was 'resolved')

Searchable as RT128263$

[p5pRT]

From @dcollinsn

Greetings Porters,

I have compiled bleadperl with the afl-gcc compiler using​:

./Configure -Dusedevel -Dprefix='/usr/local/perl-afl' -Dcc='ccache afl-gcc' -Uuselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -Dusequadmath -des
AFL_HARDEN=1 make && make test

And then fuzzed the resulting binary using​:

AFL_NO_VAR_CHECK=1 afl-fuzz -i in -o out bin/perl @​@​

After reducing testcases using `afl-tmin` and performing additional minimization by hand, I have located the following testcase that triggers an assert fail in debug buids of the perl interpreter. The testcase is the file below. On normal builds, this runs normally. On debug builds, this returns an assert fail.

dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -e '{tell$0;i${^LAST_FH}}'
perl​: mg.c​:964​: Perl_magic_get​: Assertion `((((PL_last_in_gv)->sv_flags & (0x00004000|0x00008000)) == 0x00008000) && (((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVGV || ((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVLV))' failed.
Aborted

Debugging tool output is below. A git bisect was performed and reported the following, which is presumably the commit where the assert was initially added.

8561ea1 is the first bad commit
commit 8561ea1
Author​: Father Chrysostomos <sprout@​cpan.org>
Date​: Mon Sep 17 23​:18​:08 2012 -0700

  ${^LAST_FH}

  This was brought up in ticket #96672.

  This variable gives access to the last-read filehandle that Perl uses
  when it appends ", <STDIN> line 1" to a warning or error message.

:100644 100644 55666f44cc99fb578eb299e45dc6c2b534094a96 08d41db074a06015b595273e07c4e11603544f22 M gv.c
:100644 100644 26cabbe62790425030531b111ae6fc0433363697 cbae42135884ed699c254aca1685fe728902dba5 M mg.c
:040000 040000 5562f9bc7ca8edc3abd731fecdc93c5a59d68230 653ba43ff406d65ff5fa01c522d0140b244b21cf M pod
:040000 040000 f6638536166828af1bf573afebb12ab50d924b24 21a91ab3598eac7dff8e7d4d9b20e8f04231190c M t
bisect run success

**GDB**

(gdb) run
Starting program​: /home/dcollins/perldebug/miniperl -Ilib -e \{tell\$0\;i\$\{\^LAST_FH\}\}
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
miniperl​: mg.c​:964​: Perl_magic_get​: Assertion `((((PL_last_in_gv)->sv_flags & (0x00004000|0x00008000)) == 0x00008000) && (((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVGV || ((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVLV))' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff6cf9478 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff6cf9478 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff6cfa8fa in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff6cf23a7 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff6cf2452 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x0000000000555c52 in Perl_magic_get (sv=0xa95a50, mg=0xa86400) at mg.c​:964
#5 0x00000000005532eb in Perl_mg_get (sv=0xa95a50) at mg.c​:197
#6 0x00000000005a71c9 in S_opmethod_stash (meth=0xa95ab0) at pp_hot.c​:4150
#7 0x00000000005a80cf in Perl_pp_method_named () at pp_hot.c​:4258
#8 0x000000000053fac1 in Perl_runops_debug () at dump.c​:2239
#9 0x00000000004482ec in S_run_body (oldscope=1) at perl.c​:2517
#10 0x0000000000447917 in perl_run (my_perl=0xa7f010) at perl.c​:2440
#11 0x000000000072760b in main (argc=4, argv=0x7fffffffe618, env=0x7fffffffe640)
  at miniperlmain.c​:122

**VALGRIND**

No reported memory management errors.

**PERL -V**

dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -V
Summary of my perl5 (revision 5 version 25 subversion 2) configuration​:
  Commit id​: c29dfc6
  Platform​:
  osname=linux, osvers=4.5.0-2-amd64, archname=x86_64-linux-ld
  uname='linux nightshade64 4.5.0-2-amd64 #1 smp debian 4.5.3-2 (2016-05-08) x86_64 gnulinux '
  config_args='-Dusedevel -Dprefix=/usr/local/perl-afl -Dcc=ccache gcc-6.1 -Duselongdouble -Duse64bitall -Doptimize=-g -Uversiononly -Uman1dir -Uman3dir -DDEBUGGING -DPERL_POISON -des'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  use64bitint=define, use64bitall=define, uselongdouble=define
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='ccache gcc-6.1', ccflags ='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-g',
  cppflags='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
  ccversion='', gccversion='6.1.0', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, doublekind=3
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16, longdblkind=3
  ivtype='long', ivsize=8, nvtype='long double', nvsize=16, Off_t='off_t', lseeksize=8
  alignbytes=16, prototype=define
  Linker and Libraries​:
  ld='ccache gcc-6.1', ldflags =' -fstack-protector-strong -L/usr/local/lib'
  libpth=/usr/local/lib /usr/local/lib/gcc/x86_64-pc-linux-gnu/6.1.0/include-fixed /usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
  libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
  perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
  libc=libc-2.22.so, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.22'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -g -L/usr/local/lib -fstack-protector-strong'

Characteristics of this binary (from libperl)​:
  Compile-time options​: DEBUGGING HAS_TIMES PERLIO_LAYERS PERL_COPY_ON_WRITE
  PERL_DONT_CREATE_GVSV
  PERL_HASH_FUNC_ONE_AT_A_TIME_HARD PERL_MALLOC_WRAP
  PERL_OP_PARENT PERL_PRESERVE_IVUV PERL_USE_DEVEL
  USE_64_BIT_ALL USE_64_BIT_INT USE_LARGE_FILES
  USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE
  USE_LOCALE_NUMERIC USE_LOCALE_TIME USE_LONG_DOUBLE
  USE_PERLIO USE_PERL_ATOF
  Built under linux
  Compiled at May 26 2016 17​:57​:37
  @​INC​:
  lib
  /usr/local/perl-afl/lib/site_perl/5.25.2/x86_64-linux-ld
  /usr/local/perl-afl/lib/site_perl/5.25.2
  /usr/local/perl-afl/lib/5.25.2/x86_64-linux-ld
  /usr/local/perl-afl/lib/5.25.2
  /usr/local/perl-afl/lib/site_perl/5.25.1
  /usr/local/perl-afl/lib/site_perl/5.24.0
  /usr/local/perl-afl/lib/site_perl
  .

[p5pRT]

From @cpansprout

On Thu May 26 19​:24​:25 2016, dcollinsn@​gmail.com wrote​:

dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -e
'{tell$0;i${^LAST_FH}}'
perl​: mg.c​:964​: Perl_magic_get​: Assertion `((((PL_last_in_gv)-

sv_flags & (0x00004000|0x00008000)) == 0x00008000) &&
(((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVGV ||
((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVLV))' failed.
Aborted

Here is a clearer test case​:

$ ./perl -Ilib -e 'tell $0; ${^LAST_FH}->i'
Assertion failed​: (isGV_with_GP(PL_last_in_gv)), function Perl_magic_get, file mg.c, line 964.
Abort trap​: 6

Without the method call, it doesn’t fail.

--

Father Chrysostomos

[p5pRT]

The RT System itself - Status changed from 'new' to 'open'

[p5pRT]

From @tonycoz

On Thu May 26 19​:44​:50 2016, sprout wrote​:

On Thu May 26 19​:24​:25 2016, dcollinsn@​gmail.com wrote​:

dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -e
'{tell$0;i${^LAST_FH}}'
perl​: mg.c​:964​: Perl_magic_get​: Assertion `((((PL_last_in_gv)-

sv_flags & (0x00004000|0x00008000)) == 0x00008000) &&
(((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVGV ||
((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVLV))' failed.
Aborted

Here is a clearer test case​:

$ ./perl -Ilib -e 'tell $0; ${^LAST_FH}->i'
Assertion failed​: (isGV_with_GP(PL_last_in_gv)), function
Perl_magic_get, file mg.c, line 964.
Abort trap​: 6

Without the method call, it doesn’t fail.

It's pretty much any reference to ${^LAST_FH), since the assertion is in the magic for ${^LAST_FH}.

The attached fixes it for me.

Tony

[p5pRT]

From @tonycoz

0001-perl-128263-don-t-leave-LAST_FH-as-a-non-GV.patch

From 3dff64555e9806caef34ea3fbe92d3734c268615 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Thu, 11 Aug 2016 11:37:07 +1000
Subject: (perl #128263) don't leave ${^LAST_FH} as a non-GV

---
 doio.c       |  7 ++++++-
 t/op/magic.t | 11 ++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/doio.c b/doio.c
index 2dc7082..241534a 100644
--- a/doio.c
+++ b/doio.c
@@ -1151,8 +1151,10 @@ Perl_do_eof(pTHX_ GV *gv)
 
     PERL_ARGS_ASSERT_DO_EOF;
 
-    if (!io)
+    if (!io) {
+        PL_last_in_gv = NULL;
 	return TRUE;
+    }
     else if (IoTYPE(io) == IoTYPE_WRONLY)
 	report_wrongway_fh(gv, '>');
 
@@ -1199,6 +1201,7 @@ Perl_do_tell(pTHX_ GV *gv)
     if (io && (fp = IoIFP(io))) {
 	return PerlIO_tell(fp);
     }
+    PL_last_in_gv = NULL;
     report_evil_fh(gv);
     SETERRNO(EBADF,RMS_IFI);
     return (Off_t)-1;
@@ -1213,6 +1216,7 @@ Perl_do_seek(pTHX_ GV *gv, Off_t pos, int whence)
     if (io && (fp = IoIFP(io))) {
 	return PerlIO_seek(fp, pos, whence) >= 0;
     }
+    PL_last_in_gv = NULL;
     report_evil_fh(gv);
     SETERRNO(EBADF,RMS_IFI);
     return FALSE;
@@ -1235,6 +1239,7 @@ Perl_do_sysseek(pTHX_ GV *gv, Off_t pos, int whence)
             return PerlLIO_lseek(fd, pos, whence);
         }
     }
+    PL_last_in_gv = NULL;
     report_evil_fh(gv);
     SETERRNO(EBADF,RMS_IFI);
     return (Off_t)-1;
diff --git a/t/op/magic.t b/t/op/magic.t
index f8c822b..79b4559 100644
--- a/t/op/magic.t
+++ b/t/op/magic.t
@@ -5,7 +5,7 @@ BEGIN {
     chdir 't' if -d 't';
     @INC = '../lib';
     require './test.pl';
-    plan (tests => 192);
+    plan (tests => 196);
 }
 
 # Test that defined() returns true for magic variables created on the fly,
@@ -642,6 +642,15 @@ is ${^LAST_FH}, \*STDIN, '${^LAST_FH} after another tell';
 # This also tests that ${^LAST_FH} is a weak reference:
 is ${^LAST_FH}, undef, '${^LAST_FH} is undef when PL_last_in_gv is NULL';
 
+# all of these would set PL_last_in_gv to a non-GV which would 
+# assert when referenced by the magic for ${^LAST_FH}.
+# Instead it should act like <$0> which NULLs PL_last_in_gv and the magic
+# returns that as undef.
+for my $code ('tell $0', 'sysseek $0, 0, 0', 'seek $0, 0, 0', 'eof $0') {
+    fresh_perl_is("$code; print defined \${^LAST_FH} ? qq(not ok\n) : qq(ok\n)", "ok\n",
+                  undef, "check $code doesn't define \${^LAST_FH}");
+}
+
 
 # $|
 fresh_perl_is 'print $| = ~$|', "1\n", {switches => ['-l']},
-- 
2.1.4

[p5pRT]

From @cpansprout

On Wed Aug 10 18​:40​:21 2016, tonyc wrote​:

On Thu May 26 19​:44​:50 2016, sprout wrote​:

On Thu May 26 19​:24​:25 2016, dcollinsn@​gmail.com wrote​:

dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -e
'{tell$0;i${^LAST_FH}}'
perl​: mg.c​:964​: Perl_magic_get​: Assertion `((((PL_last_in_gv)-

sv_flags & (0x00004000|0x00008000)) == 0x00008000) &&
(((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVGV ||
((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVLV))' failed.
Aborted

Here is a clearer test case​:

$ ./perl -Ilib -e 'tell $0; ${^LAST_FH}->i'
Assertion failed​: (isGV_with_GP(PL_last_in_gv)), function
Perl_magic_get, file mg.c, line 964.
Abort trap​: 6

Without the method call, it doesn’t fail.

It's pretty much any reference to ${^LAST_FH), since the assertion is
in the magic for ${^LAST_FH}.

The attached fixes it for me.

Before$ ./miniperl -le '*$0; tell $0; print *${^LAST_FH}'
*main​::-e
After$ ./miniperl -le '*$0; tell $0; print *${^LAST_FH}'
Can't use an undefined value as a symbol reference at -e line 1.

I would have expected the rv2gv op to prevent PL_last_in_gv from being set to a non-glob.

$ ./perl -Ilib -MO=Concise -e 'tell $0'
6 <@​> leave[1 ref] vKP/REFC ->(end)
1 <0> enter ->2
2 <;> nextstate(main 1 -e​:1) v​:{ ->3
5 <1> tell[t1] vK/1 ->6
4 <1> rv2gv sK*/FAKE,1 ->5
- <1> ex-rv2sv sK/1 ->4
3 <$> gvsv(*0) s ->4
-e syntax OK

But rv2gv can sometimes return &PL_sv_undef. To avoid a change in behaviour, I think a better fix would be to use

  if (PL_last_in_gv && PL_last_in_gv != &PL_sv_undef) {

in mg.c (and to leave the assertion as-is, since having PL_last_in_gv set to anything else is a bug we want to be alerted about).

--

Father Chrysostomos

[p5pRT]

From @tonycoz

On Wed Aug 10 19​:50​:01 2016, sprout wrote​:

But rv2gv can sometimes return &PL_sv_undef. To avoid a change in
behaviour, I think a better fix would be to use

if (PL_last_in_gv && PL_last_in_gv != &PL_sv_undef) {

in mg.c (and to leave the assertion as-is, since having PL_last_in_gv
set to anything else is a bug we want to be alerted about).

With that change (with a cast to make the pointers the same type),
should this from pp_readline be simplified?​:

  PL_last_in_gv = MUTABLE_GV(*PL_stack_sp--);
  if (PL_last_in_gv == (GV *)&PL_sv_undef)
  PL_last_in_gv = NULL;
  else
  assert(isGV_with_GP(PL_last_in_gv));

Tony

[p5pRT]

From @cpansprout

On Mon Sep 05 21​:34​:29 2016, tonyc wrote​:

On Wed Aug 10 19​:50​:01 2016, sprout wrote​:

But rv2gv can sometimes return &PL_sv_undef. To avoid a change in
behaviour, I think a better fix would be to use

if (PL_last_in_gv && PL_last_in_gv != &PL_sv_undef) {

in mg.c (and to leave the assertion as-is, since having PL_last_in_gv
set to anything else is a bug we want to be alerted about).

With that change (with a cast to make the pointers the same type),
should this from pp_readline be simplified?​:

    PL\_last\_in\_gv = MUTABLE\_GV\(\*PL\_stack\_sp\-\-\);
    if \(PL\_last\_in\_gv == \(GV \*\)&PL\_sv\_undef\)
    PL\_last\_in\_gv = NULL;
    else
    assert\(isGV\_with\_GP\(PL\_last\_in\_gv\)\);

Aha! I’m not consistent, am I?

commit 84ee769
Author​: Father Chrysostomos <sprout@​cpan.org>
Date​: Mon Dec 15 09​:41​:54 2014 -0800

  pp_readline​: Don’t set PL_last_in_gv to &PL_sv_undef

Yes, I do think 84ee769 can be reverted (except for the test). It did not occur to me at the time that many other ops are likewise affected, and that the much cleaner approach is to check in just one spot in mg.c.

--

Father Chrysostomos

[p5pRT]

From @tonycoz

On Mon, 05 Sep 2016 21​:50​:43 -0700, sprout wrote​:

On Mon Sep 05 21​:34​:29 2016, tonyc wrote​:

On Wed Aug 10 19​:50​:01 2016, sprout wrote​:

But rv2gv can sometimes return &PL_sv_undef. To avoid a change in
behaviour, I think a better fix would be to use

if (PL_last_in_gv && PL_last_in_gv != &PL_sv_undef) {

in mg.c (and to leave the assertion as-is, since having
PL_last_in_gv
set to anything else is a bug we want to be alerted about).

With that change (with a cast to make the pointers the same type),
should this from pp_readline be simplified?​:

PL_last_in_gv = MUTABLE_GV(*PL_stack_sp--);
if (PL_last_in_gv == (GV *)&PL_sv_undef)
PL_last_in_gv = NULL;
else
assert(isGV_with_GP(PL_last_in_gv));

Aha! I’m not consistent, am I?

commit 84ee769
Author​: Father Chrysostomos <sprout@​cpan.org>
Date​: Mon Dec 15 09​:41​:54 2014 -0800

pp_readline​: Don’t set PL_last_in_gv to &PL_sv_undef

Yes, I do think 84ee769 can be reverted (except for the test). It
did not occur to me at the time that many other ops are likewise
affected, and that the much cleaner approach is to check in just one
spot in mg.c.

Something like the attached, I presume.

Tony

[p5pRT]

From @tonycoz

0001-perl-128263-handle-PL_last_in_gv-being-PL_sv_undef.patch

From eb5f9c4a74fe61c3fcff32dbabac036d8c37588d Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Thu, 9 Feb 2017 15:47:48 +1100
Subject: (perl #128263) handle PL_last_in_gv being &PL_sv_undef

rv2gv will return &PL_sv_undef when it can't get a GV, previously
this could cause an assertion failure in mg.c

My original fix for this changed each op that deals with GVs for I/O
to set PL_last_in_gv to NULL if there was no io object in the GV, but
this changes other behaviour as noted by FatherC.

Also partly reverts 84ee769f, which did the
---
 mg.c         |  2 +-
 pp_hot.c     |  5 +----
 t/op/magic.t | 12 +++++++++++-
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/mg.c b/mg.c
index 172127c..bddde19 100644
--- a/mg.c
+++ b/mg.c
@@ -951,7 +951,7 @@ Perl_magic_get(pTHX_ SV *sv, MAGIC *mg)
 	break;
     case '\014':		/* ^LAST_FH */
 	if (strEQ(remaining, "AST_FH")) {
-	    if (PL_last_in_gv) {
+	    if (PL_last_in_gv && (SV*)PL_last_in_gv != &PL_sv_undef) {
 		assert(isGV_with_GP(PL_last_in_gv));
 		SV_CHECK_THINKFIRST_COW_DROP(sv);
 		prepare_SV_for_RV(sv);
diff --git a/pp_hot.c b/pp_hot.c
index a3ee2a7..ea4f01e 100644
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -445,10 +445,7 @@ PP(pp_readline)
 	    PUTBACK;
 	    Perl_pp_rv2gv(aTHX);
 	    PL_last_in_gv = MUTABLE_GV(*PL_stack_sp--);
-	    if (PL_last_in_gv == (GV *)&PL_sv_undef)
-		PL_last_in_gv = NULL;
-	    else
-		assert(isGV_with_GP(PL_last_in_gv));
+            assert((SV*)PL_last_in_gv == &PL_sv_undef || isGV_with_GP(PL_last_in_gv));
 	}
     }
     return do_readline();
diff --git a/t/op/magic.t b/t/op/magic.t
index 3f71f8e..36abafb 100644
--- a/t/op/magic.t
+++ b/t/op/magic.t
@@ -5,7 +5,7 @@ BEGIN {
     chdir 't' if -d 't';
     require './test.pl';
     set_up_inc( '../lib' );
-    plan (tests => 192); # some tests are run in BEGIN block
+    plan (tests => 196); # some tests are run in BEGIN block
 }
 
 # Test that defined() returns true for magic variables created on the fly,
@@ -643,6 +643,16 @@ is ${^LAST_FH}, \*STDIN, '${^LAST_FH} after another tell';
 # This also tests that ${^LAST_FH} is a weak reference:
 is ${^LAST_FH}, undef, '${^LAST_FH} is undef when PL_last_in_gv is NULL';
 
+# all of these would set PL_last_in_gv to a non-GV which would
+# assert when referenced by the magic for ${^LAST_FH}.
+# Instead it should act like <$0> which NULLs PL_last_in_gv and the magic
+# returns that as undef.
+# The approach to fixing this has changed (#128263), but it's still useful
+# to check each op.
+for my $code ('tell $0', 'sysseek $0, 0, 0', 'seek $0, 0, 0', 'eof $0') {
+    fresh_perl_is("$code; print defined \${^LAST_FH} ? qq(not ok\n) : qq(ok\n)", "ok\n",
+                  undef, "check $code doesn't define \${^LAST_FH}");
+}
 
 # $|
 fresh_perl_is 'print $| = ~$|', "1\n", {switches => ['-l']},
-- 
2.1.4

[p5pRT]

From @tonycoz

On Wed, 10 Aug 2016 18​:40​:21 -0700, tonyc wrote​:

On Thu May 26 19​:44​:50 2016, sprout wrote​:

On Thu May 26 19​:24​:25 2016, dcollinsn@​gmail.com wrote​:

dcollins@​nightshade64​:~/perldebug$ ./perl -Ilib -e
'{tell$0;i${^LAST_FH}}'
perl​: mg.c​:964​: Perl_magic_get​: Assertion `((((PL_last_in_gv)-

sv_flags & (0x00004000|0x00008000)) == 0x00008000) &&
(((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVGV ||
((svtype)((PL_last_in_gv)->sv_flags & 0xff)) == SVt_PVLV))' failed.
Aborted

Here is a clearer test case​:

$ ./perl -Ilib -e 'tell $0; ${^LAST_FH}->i'
Assertion failed​: (isGV_with_GP(PL_last_in_gv)), function
Perl_magic_get, file mg.c, line 964.
Abort trap​: 6

Without the method call, it doesn’t fail.

It's pretty much any reference to ${^LAST_FH), since the assertion is
in the magic for ${^LAST_FH}.

The attached fixes it for me.

Applied as 745e740, fixing the incomplete sentence at the end.

Tony

[p5pRT]

@tonycoz - Status changed from 'open' to 'pending release'

[p5pRT]

From @khwilliamson

Thank you for filing this report. You have helped make Perl better.

With the release yesterday of Perl 5.28.0, this and 185 other issues have been
resolved.

Perl 5.28.0 may be downloaded via​:
https://metacpan.org/release/XSAWYERX/perl-5.28.0

If you find that the problem persists, feel free to reopen this ticket.

[p5pRT]

@khwilliamson - Status changed from 'pending release' to 'resolved'