PERL-5.26.1 heap_use_after_free WRITE of size 1 #16323
0x60300000e710 is located 0 bytes inside of 32-byte region [0x60300000e710,0x60300000e730)
previously allocated by thread T0 here:
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 __asan_memmove
I get a different stack trace (same with blead or 5.26.1), which reduces to this and looks very like a stack refcounting issue:
On Sun, 07 Jan 2018 04:20:15 -0800, hv wrote:
Yes, it's a stack not refcounted issue.
The $$W is executed first, which since it's executed in lvalue context, auto-vivifies the value of $W into reference to an anonymous scalar, and that anonymous scalar is pushed onto the stack.
Then the $W = 0 is executed, releasing the refercence above, releasing the anonymous scalar.
Finally the assignment to that anonymous scalar is attempted and Bad Things Happen.
I've moved it to the public queue and linked it to the meta ticket.
That seems likely.