Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

panic copying freed scalar in Carp::Heavy #8852

Open
p5pRT opened this issue Mar 29, 2007 · 13 comments
Open

panic copying freed scalar in Carp::Heavy #8852

p5pRT opened this issue Mar 29, 2007 · 13 comments

Comments

@p5pRT
Copy link
Collaborator

@p5pRT p5pRT commented Mar 29, 2007

Migrated from rt.perl.org#42166 (status was 'open')

Searchable as RT42166$

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Mar 29, 2007

From david@mongueurs.net

Created by david@landgren.net

Passing @​ARGV to a function, and then shifting @​ARGV directly and carping the value
results in rather strang errors​:

In blead​:
david@​profane​:~/perl% perl5.9.5 -MCarp -le 'f(@​ARGV); sub f { my $x = shift(@​ARGV); carp($x)}' a v
panic​: attempt to copy freed scalar 8134d84 to 8164194 at /usr/local/lib/perl5/5.9.5/Carp/Heavy.pm line 104.

in 5.8.8​:
david@​profane​:~/perl% perl -MCarp -le 'f(@​ARGV); sub f { my $x = shift(@​ARGV); carp($x)}' a v
Bizarre copy of ARRAY in sassign at /usr/local/lib/perl5/5.8.8/Carp/Heavy.pm line 45.

Someone posted this to Perlmonks​:

  http​://www.perlmonks.org/index.pl?node_id=607210

David

Perl Info

Flags:
    category=core
    severity=medium

Site configuration information for perl 5.9.5:

Configured by david at Fri Mar 23 09:23:03 CET 2007.

Summary of my perl5 (revision 5 version 9 subversion 5 patch 30712) configuration:
  Platform:
    osname=freebsd, osvers=6.0-stable, archname=i386-freebsd
    uname='freebsd profane.mongueurs.net 6.0-stable freebsd 6.0-stable #5: fri feb 24 11:12:56 cet 2006 root@profane.mongueurs.net:usrobjusrsrcsysprofane i386 '
    config_args='-de -Dusemymalloc -Dusedevel -Duseithreads -Accflags=-DPERL_COPY_ON_WRITE -DPERL_DONT_CREATE_GVSV'
    hint=previous, useposix=true, d_sigaction=define
    useithreads=undef, usemultiplicity=undef
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=y, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DPERL_DONT_CREATE_GVSV -fno-strict-aliasing -pipe -I/usr/local/include -DPERL_DONT_CREATE_GVSV -DPERL_COPY_ON_WRITE',
    optimize='-O',
    cppflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DPERL_DONT_CREATE_GVSV -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='3.4.4 [FreeBSD] 20050518', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags ='-Wl,-E  -L/usr/local/lib'
    libpth=/usr/lib /usr/local/lib
    libs=-lgdbm -lm -lcrypt -lutil -lc
    perllibs=-lm -lcrypt -lutil -lc
    libc=, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/usr/local/lib'

Locally applied patches:
    DEVEL


@INC for perl 5.9.5:
    /usr/local/lib/perl5/5.9.5/i386-freebsd
    /usr/local/lib/perl5/5.9.5
    /usr/local/lib/perl5/site_perl/5.9.5/i386-freebsd
    /usr/local/lib/perl5/site_perl/5.9.5
    /usr/local/lib/perl5/site_perl
    .


Environment for perl 5.9.5:
    HOME=/home/david
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/home/david/bin:.
    PERL_BADLANG (unset)
    SHELL=/usr/local/bin/bash

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Jul 25, 2007

From @smpeters

On Thu Mar 29 07​:33​:05 2007, david <!-- x --> at mongueurs.net wrote​:

This is a bug report for perl from david <!-- x --> at landgren.net,
generated with the help of perlbug 1.35 running under perl 5.9.5.

-----------------------------------------------------------------
[Please enter your report here]

Passing @​ARGV to a function, and then shifting @​ARGV directly and
carping the value
results in rather strang errors​:

In blead​:
david@​profane​:~/perl% perl5.9.5 -MCarp -le 'f(@​ARGV); sub f { my $x =
shift(@​ARGV); carp($x)}' a v
panic​: attempt to copy freed scalar 8134d84 to 8164194 at
/usr/local/lib/perl5/5.9.5/Carp/Heavy.pm line 104.

in 5.8.8​:
david@​profane​:~/perl% perl -MCarp -le 'f(@​ARGV); sub f { my $x =
shift(@​ARGV); carp($x)}' a v
Bizarre copy of ARRAY in sassign at
/usr/local/lib/perl5/5.8.8/Carp/Heavy.pm line 45.

Someone posted this to Perlmonks​:

http​://www.perlmonks.org/index.pl?node_id=607210

David

Using Devel​::Peek just before this error shows some really weird data.

SV = PV(0x9f93048) at 0x9f96298
  REFCNT = 1
  FLAGS = (PADMY,POK,pPOK)
  PV = 0x9fa60b8 "a"\0
  CUR = 1
  LEN = 4
SV = UNKNOWN(0xff) (0x9fbc5c8) at 0x9fa5020
  REFCNT = 0
  FLAGS = ()

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Jul 25, 2007

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Nov 29, 2007

From jloverso@mathworks.com

This is also broken in 5.8.8, and it isn't linked to @​ARGV -- any array
can cause it​:

$ /usr/bin/perl -MCarp -le '@​a=(1); f(@​a); sub f { my $x = shift(@​a);
carp($x)}'
Bizarre copy of ARRAY in sassign at /usr/share/perl/5.8/Carp/Heavy.pm
line 39.

I've tried it on several systems with 5.8.8 (including ones I built
myself) and they all fail.

However, this works fine if I use 5.8.6 or older.

Summary of my perl5 (revision 5 version 8 subversion 8) configuration​:
  Platform​:
  osname=linux, osvers=2.6.18.3, archname=i486-linux-gnu-thread-multi
  uname='linux saens 2.6.18.3 #1 smp sat nov 25 13​:39​:52 est 2006 i686
gnulinux '
  config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
-Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr
-Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8
-Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
-Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
-Dsitelib=/usr/local/share/perl/5.8.8
-Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1
-Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
-Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
-Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm
-Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
  hint=recommended, useposix=true, d_sigaction=define
  usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
  useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
  use64bitint=undef use64bitall=undef uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN
-fno-strict-aliasing -pipe -I/usr/local/include'
  ccversion='', gccversion='4.1.2 20061115 (prerelease) (Debian
4.1.1-20)', gccosandvers=''
  intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
  ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
  alignbytes=4, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib
  libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
  perllibs=-ldl -lm -lpthread -lc -lcrypt
  libc=/lib/libc-2.3.6.so, so=so, useshrplib=true,
libperl=libperl.so.5.8.8
  gnulibc_version='2.3.6'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Characteristics of this binary (from libperl)​:
  Compile-time options​: MULTIPLICITY PERL_IMPLICIT_CONTEXT
  PERL_MALLOC_WRAP THREADS_HAVE_PIDS USE_ITHREADS
  USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
  Built under linux
  Compiled at Dec 6 2006 23​:05​:53
  @​INC​:
  /etc/perl
  /usr/local/lib/perl/5.8.8
  /usr/local/share/perl/5.8.8
  /usr/lib/perl5
  /usr/share/perl5
  /usr/lib/perl/5.8
  /usr/share/perl/5.8
  /usr/local/lib/site_perl
  .

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Nov 29, 2007

From jloverso@mathworks.com

This appears to be a duplicate of #41512, which claims this is fixed in
5.8.9​:
http​://rt.perl.org/rt3/Ticket/Display.html?id=41512

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Feb 14, 2009

From p5p@spam.wizbit.be

On Thu Nov 29 11​:41​:45 2007, jlv wrote​:

This appears to be a duplicate of #41512, which claims this is fixed
in
5.8.9​:
http​://rt.perl.org/rt3/Ticket/Display.html?id=41512

Not fixed, just a bit harder to trigger.

See​:
- http​://rt.perl.org/rt3/Ticket/Display.html?id=41512
- http​://rt.perl.org/rt3/Ticket/Display.html?id=52610

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Nov 19, 2011

From zefram@fysh.org

Created by zefram@fysh.org

$ cat t0.pl
use strict;
use warnings;
use Devel​::Peek;
my @​a = qw(a v);
sub bb {
  shift @​a;
  my $x = shift(@​_);
}
bb(@​a);
$ perl t0.pl
panic​: attempt to copy freed scalar 9734768 to 974df08 at t0.pl line 7.

"shift @​a" caused $_[0] to be freed. Doing almost anything other than
"shift(@​_)" next is liable to cause a new Perl object (not necessarily
scalar) to appear in $_[0]. I got "Bizarre copy of UNKNOWN in scalar
assignment" out of one version.

I'm reporting this separately from the @​DB​::args problem seen in a
similar situation (preceding bug report). I'm not sure whether this is
one bug or two. It may well be the case that this is the real bug and
the @​DB​::args behaviour is just a consequence of it.

Perl Info

Flags:
    category=core
    severity=low

Site configuration information for perl 5.14.2:

Configured by zefram at Mon Sep 26 19:44:21 BST 2011.

Summary of my perl5 (revision 5 version 14 subversion 2) configuration:
   
  Platform:
    osname=linux, osvers=2.6.26-2-686, archname=i386-linux-thread-multi
    uname='linux vigo.rous.org 2.6.26-2-686 #1 smp thu jan 27 00:28:05 utc 2011 i686 gnulinux '
    config_args='-des -Darchname=i386-linux -Dcccdlflags=-fPIC -Dccdlflags=-rdynamic -Dprefix=/home/zefram/usr/perl/perl_install/perl-5.14.2-i32-f52 -Dman1ext=1 -Dman3ext=3perl -Duselargefiles -Dusethreads -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dusedevel -Uversiononly -Ui_db'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
    ccversion='', gccversion='4.4.5', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
    libpth=/usr/local/lib /lib/../lib /usr/lib/../lib /lib /usr/lib /usr/lib64
    libs=-lnsl -lgdbm -ldl -lm -lcrypt -lutil -lpthread -lc -lgdbm_compat
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.11.2.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.11.2'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic -Wl,-rpath,/home/zefram/usr/perl/perl_install/perl-5.14.2-i32-f52/lib/5.14.2/i386-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector'

Locally applied patches:
    


@INC for perl 5.14.2:
    /home/zefram/usr/perl/perl_install/perl-5.14.2-i32-f52/lib/site_perl/5.14.2/i386-linux-thread-multi
    /home/zefram/usr/perl/perl_install/perl-5.14.2-i32-f52/lib/site_perl/5.14.2
    /home/zefram/usr/perl/perl_install/perl-5.14.2-i32-f52/lib/5.14.2/i386-linux-thread-multi
    /home/zefram/usr/perl/perl_install/perl-5.14.2-i32-f52/lib/5.14.2
    .


Environment for perl 5.14.2:
    HOME=/home/zefram
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/zefram/usr/perl/perl_install/perl-5.14.2-i32-f52/bin:/home/zefram/usr/perl/util:/home/zefram/pub/i686-pc-linux-gnu/bin:/home/zefram/pub/common/bin:/usr/bin:/bin:/usr/local/bin:/usr/games
    PERL_BADLANG (unset)
    SHELL=/usr/bin/zsh

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Nov 20, 2011

From @cpansprout

On Sat Nov 19 15​:06​:57 2011, zefram@​fysh.org wrote​:

This is a bug report for perl from zefram@​fysh.org,
generated with the help of perlbug 1.39 running under perl 5.14.2.

-----------------------------------------------------------------
[Please describe your issue here]

$ cat t0.pl
use strict;
use warnings;
use Devel​::Peek;
my @​a = qw(a v);
sub bb {
shift @​a;
my $x = shift(@​_);
}
bb(@​a);
$ perl t0.pl
panic​: attempt to copy freed scalar 9734768 to 974df08 at t0.pl line
7.

"shift @​a" caused $_[0] to be freed. Doing almost anything other than
"shift(@​_)" next is liable to cause a new Perl object (not necessarily
scalar) to appear in $_[0]. I got "Bizarre copy of UNKNOWN in scalar
assignment" out of one version.

I'm reporting this separately from the @​DB​::args problem seen in a
similar situation (preceding bug report). I'm not sure whether this
is
one bug or two. It may well be the case that this is the real bug and
the @​DB​::args behaviour is just a consequence of it.

Isn’t this the same as #42166?

--

Father Chrysostomos

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Nov 20, 2011

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Nov 20, 2011

From zefram@fysh.org

Father Chrysostomos via RT wrote​:

Isn't this the same as #42166?

Ah, yes, looks like the same underlying issue. My test case is smaller
than the one in that ticket.

-zefram

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Apr 14, 2012

From douglasg.wilson@gmail.com

Until the root cause is fixed (which I am not holding my breath over),
could the fix/band-aid to Carp be applied that is suggested here​:

https://rt.cpan.org/Public/Bug/Display.html?id=72467

It would at least restore Carp to reporting useful errors (i.e. errors
in code other than the code that is supposed to report errors). I do not
see a down-side to the fix.

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Oct 17, 2013

From michaelhicksis@gmail.com

On Fri Apr 13 23​:15​:32 2012, dougw wrote​:

Until the root cause is fixed (which I am not holding my breath over),
could the fix/band-aid to Carp be applied that is suggested here​:

https://rt.cpan.org/Public/Bug/Display.html?id=72467

It would at least restore Carp to reporting useful errors (i.e. errors
in code other than the code that is supposed to report errors). I do not
see a down-side to the fix.

I'm noting that this is still present in all the perls I have stuff
running in.
v5.10.1
v5.12.4
v5.14.2

  I've taken to using that workaround in the cpan ticket you referenced
and editing Carp to work around this problem rather than stop using it.

@p5pRT
Copy link
Collaborator Author

@p5pRT p5pRT commented Oct 17, 2013

From [Unknown Contact. See original ticket]

On Fri Apr 13 23​:15​:32 2012, dougw wrote​:

Until the root cause is fixed (which I am not holding my breath over),
could the fix/band-aid to Carp be applied that is suggested here​:

https://rt.cpan.org/Public/Bug/Display.html?id=72467

It would at least restore Carp to reporting useful errors (i.e. errors
in code other than the code that is supposed to report errors). I do not
see a down-side to the fix.

I'm noting that this is still present in all the perls I have stuff
running in.
v5.10.1
v5.12.4
v5.14.2

  I've taken to using that workaround in the cpan ticket you referenced
and editing Carp to work around this problem rather than stop using it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.