segfault on goto &xs_sub when calling sub is replaced

[haarg]

The commit 58cf041 is causing segfaults when you goto an XS sub, if the calling sub has been replaced.

This is breaking the module Types::ReadOnly. https://rt.cpan.org/Ticket/Display.html?id=143710

Steps to Reproduce

$ perl -e'sub foo { *foo = sub {}; goto &utf8::is_utf8 }; foo "";'
Segmentation fault: 11

The choice of utf8::is_utf8 is arbitrary, it can be any XS sub.

Perl configuration

Summary of my perl5 (revision 5 version 37 subversion 2) configuration:
  Commit id: 60c3737a8ae6b878a89eaa470cda07c95d83fe9c
  Platform:
    osname=darwin
    osvers=21.5.0
    archname=darwin-2level
    uname='darwin fvffn10wq05q 21.5.0 darwin kernel version 21.5.0: tue apr 26 21:08:29 pdt 2022; root:xnu-8020.121.3~4release_arm64_t8101 arm64 '
    config_args='-des -Dusedevel -Uversiononly -Dprefix=/Users/gknop/perl5/perls/v5.37.1-98-g60c3737a8a -Uman1dir -Uman3dir'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
  Compiler:
    cc='cc'
    ccflags ='-fno-common -DPERL_DARWIN -mmacosx-version-min=12.4 -fno-strict-aliasing -pipe -fstack-protector-strong'
    optimize='-O3'
    cppflags='-fno-common -DPERL_DARWIN -mmacosx-version-min=12.4 -fno-strict-aliasing -pipe -fstack-protector-strong'
    ccversion=''
    gccversion='Apple LLVM 13.1.6 (clang-1316.0.21.2.5)'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=8
    longdblkind=0
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc'
    ldflags =' -mmacosx-version-min=12.4 -fstack-protector-strong -L/usr/local/lib'
    libpth=/opt/homebrew/lib /Library/Developer/CommandLineTools/usr/lib/clang/13.1.6/lib /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib /Library/Developer/CommandLineTools/usr/lib /usr/local/lib /usr/lib
    libs=-lgdbm
    perllibs=
    libc=
    so=dylib
    useshrplib=false
    libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=bundle
    d_dlsymun=undef
    ccdlflags=' '
    cccdlflags=' '
    lddlflags=' -mmacosx-version-min=12.4 -bundle -undefined dynamic_lookup -L/usr/local/lib -fstack-protector-strong'


Characteristics of this binary (from libperl):
  Compile-time options:
    HAS_TIMES
    PERLIO_LAYERS
    PERL_COPY_ON_WRITE
    PERL_DONT_CREATE_GVSV
    PERL_MALLOC_WRAP
    PERL_OP_PARENT
    PERL_PRESERVE_IVUV
    PERL_USE_DEVEL
    PERL_USE_SAFE_PUTENV
    USE_64_BIT_ALL
    USE_64_BIT_INT
    USE_LARGE_FILES
    USE_LOCALE
    USE_LOCALE_COLLATE
    USE_LOCALE_CTYPE
    USE_LOCALE_NUMERIC
    USE_LOCALE_TIME
    USE_PERLIO
    USE_PERL_ATOF
  Built under darwin
  Compiled at Jul  9 2022 08:28:00
  %ENV:
    PERL5LIB="/Users/gknop/perl5/libs/5.37.2-darwin-2level/lib/perl5:/Users/gknop/perl5/local-lib/lib/perl5"
    PERL_CPANM_OPT="--mirror https://cpan.metacpan.org/ --no-uninst-shadows"
    PERL_LOCAL_LIB_ROOT="/Users/gknop/perl5/libs/5.37.2-darwin-2level"
    PERL_MB_OPT="--install_base "/Users/gknop/perl5/libs/5.37.2-darwin-2level""
    PERL_MM_OPT="INSTALL_BASE=/Users/gknop/perl5/libs/5.37.2-darwin-2level"
    PERL_VERSION_ACTIVE="v5.37.1-98-g60c3737a8a"
  @INC:
    /Users/gknop/perl5/libs/5.37.2-darwin-2level/lib/perl5/5.37.2/darwin-2level
    /Users/gknop/perl5/libs/5.37.2-darwin-2level/lib/perl5/5.37.2
    /Users/gknop/perl5/libs/5.37.2-darwin-2level/lib/perl5/darwin-2level
    /Users/gknop/perl5/libs/5.37.2-darwin-2level/lib/perl5
    /Users/gknop/perl5/local-lib/lib/perl5/darwin-2level
    /Users/gknop/perl5/local-lib/lib/perl5
    /Users/gknop/perl5/perls/v5.37.1-98-g60c3737a8a/lib/site_perl/5.37.2/darwin-2level
    /Users/gknop/perl5/perls/v5.37.1-98-g60c3737a8a/lib/site_perl/5.37.2
    /Users/gknop/perl5/perls/v5.37.1-98-g60c3737a8a/lib/5.37.2/darwin-2level
    /Users/gknop/perl5/perls/v5.37.1-98-g60c3737a8a/lib/5.37.2

[jkeenan]

Sample CPANtesters failure report:
http://www.cpantesters.org/cpan/report/821c3a0a-ff20-11ec-88a5-4c6571bcbff5

@iabyn, can you take a look?

commit 58cf04199f69d7a775bc88024df0bbb48712ea37
Author:     David Mitchell <davem@iabyn.nospamdeletethisbit.com>
AuthorDate: Wed Jul 6 11:14:22 2022 +0100
Commit:     David Mitchell <davem@iabyn.nospamdeletethisbit.com>
CommitDate: Wed Jul 6 11:23:56 2022 +0100

    goto(&xs_sub): provide correct caller context
    
    GH #19188

[iabyn]

On Fri, Jul 08, 2022 at 11:41:58PM -0700, Graham Knop wrote: The commit 58cf041 is causing segfaults when you goto an XS sub, if the calling sub has been replaced. This is breaking the module Types::ReadOnly. https://rt.cpan.org/Ticket/Display.html?id=143710 **Steps to Reproduce** ``` $ perl -e'sub foo { *foo = sub {}; goto &utf8::is_utf8 }; foo "";' Segmentation fault: 11 ```

Turns out this was a pre-existing bug; my recent change just made it more noticeable. Should be fixed how by v5.37.1-102-gf4cc8ab9db : commit f4cc8ab Author: David Mitchell ***@***.***> AuthorDate: Sat Jul 9 19:03:10 2022 +0100 Commit: David Mitchell ***@***.***> CommitDate: Sat Jul 9 19:03:10 2022 +0100 avoid SEGVs on goto &xs_sub GH #19936 When the sub which is being left gets freed, like: sub foo { *foo = sub {}; goto &xs_sub } it can leave PL_op as a NULL pointer while the XS sub is being executed. My recent commit v5.37.1-83-g58cf04199f, which fixed the value of GIMME_V in such XS subs, made the problem more noticeable, since it caused PL_op to always be accessed. The fix is to defer the freeing of the old sub when goto'ing an XS sub. M pp_ctl.c M t/op/goto.t

…

-- I thought I was wrong once, but I was mistaken.