-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SIGBUS in Perl_leave_adjust_stacks() #16017
Comments
From @geeknikTriggered with Perl v5.27.0-97-gd555ed0, compiled with afl-clang-fast on Program received signal SIGBUS, Bus error. |
From @geeknik |
From @tonycozOn Tue, 13 Jun 2017 13:02:33 -0700, brian.carpenter@gmail.com wrote:
I wasn't able to minimize your test case significantly, but I did track down the cause. The temps stack entry allocated in pp_aassign: /* an unrolled sv_2mortal */ wasn't being used, since the value of ix is overwritten by the call to tmps_grow_p().[1] Removing the assignment per the attached patch prevents the crash (and means the temp is actually freed too.) I don't have a test for it at this point, I may end up just using the original test case. Tony [1] I ran until it crashed, saved the value of the top pointer (which is where the sv value came from), and watchpointed that address in a new run, which was only touched when the temps were reallocated my tmps_grow_p(). |
From @tonycoz0001-perl-131570-don-t-skip-the-temps-stack-entry-we-just.patchFrom 5a9032e65282dceec6d65ee9a6e3abe2b90b9929 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Wed, 21 Jun 2017 15:00:56 +1000
Subject: (perl #131570) don't skip the temps stack entry we just allocated
---
pp_hot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pp_hot.c b/pp_hot.c
index 7c98c90..f445fd9 100644
--- a/pp_hot.c
+++ b/pp_hot.c
@@ -1736,7 +1736,7 @@ PP(pp_aassign)
if (UNLIKELY(ix >= PL_tmps_max))
/* speculatively grow enough to cover other
* possible refs */
- ix = tmps_grow_p(ix + (lastlelem - lelem));
+ (void)tmps_grow_p(ix + (lastlelem - lelem));
PL_tmps_stack[ix] = ref;
}
--
2.1.4
|
The RT System itself - Status changed from 'new' to 'open' |
@tonycoz - Status changed from 'open' to 'pending release' |
From @khwilliamsonThank you for filing this report. You have helped make Perl better. With the release yesterday of Perl 5.28.0, this and 185 other issues have been Perl 5.28.0 may be downloaded via: If you find that the problem persists, feel free to reopen this ticket. |
@khwilliamson - Status changed from 'pending release' to 'resolved' |
Migrated from rt.perl.org#131570 (status was 'resolved')
Searchable as RT131570$
The text was updated successfully, but these errors were encountered: