From 66d795d67dc167b504c2ee985751ed29b4f3cf07 Mon Sep 17 00:00:00 2001 From: Richard Leach Date: Wed, 1 Oct 2025 21:40:19 +0000 Subject: [PATCH] CLEAR_ERRSV: create a new SV if the existing one isGV_with_GP GH #16885 is a fuzzer-identified assert in Perl_sv_grow. Besides the question of how the program should behave, the actual assertion comes via the `SvPVCLEAR()` statement in `CLEAR_ERRSV`, where `svp` is unexpectedly a PVGV with GV. This commit treats this the same as if `svp` was READONLY - the refcount is decremented and `svp` assigned a brand new SVt_PV. --- perl.h | 2 +- t/op/eval.t | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/perl.h b/perl.h index 877b0d61cc7b..58b80cca118d 100644 --- a/perl.h +++ b/perl.h @@ -1947,7 +1947,7 @@ any magic. SV ** const svp = &GvSV(PL_errgv); \ if (!*svp) { \ *svp = newSVpvs(""); \ - } else if (SvREADONLY(*svp)) { \ + } else if (SvREADONLY(*svp) || isGV_with_GP(*svp)) { \ SvREFCNT_dec_NN(*svp); \ *svp = newSVpvs(""); \ } else { \ diff --git a/t/op/eval.t b/t/op/eval.t index 371bbb27ae09..a118cf10bdd8 100644 --- a/t/op/eval.t +++ b/t/op/eval.t @@ -6,7 +6,7 @@ BEGIN { set_up_inc('../lib'); } -plan(tests => 172); +plan(tests => 173); eval 'pass();'; @@ -837,3 +837,5 @@ pass("eval in freed package does not crash"); }->(); is($w, 0, "nested eval and closure"); } + +fresh_perl_is('for$@(*0){eval}', '', undef, 'GH #16885 - isGV_with_GP(PL_errgv)');