Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

commit "locale.c: Make locale collation predictions adaptive" causes gt op SIGFPE #15439

Closed
p5pRT opened this issue Jul 14, 2016 · 5 comments

Comments

@p5pRT
Copy link
Collaborator

@p5pRT p5pRT commented Jul 14, 2016

Migrated from rt.perl.org#128618 (status was 'resolved')

Searchable as RT128618$

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Jul 14, 2016

From @bulk88

Created by @bulk88

Commit
http​://perl5.git.perl.org/perl.git/commitdiff/17f41037d4817b6618a903e12aa1377ae078f66a
causes a integer divide by zero signal/SEGV on Win32 32 bit perl
compiled with VC 2003 on Win XP.

The commit above causes these 2 oneliners to SIGFPE, the commit right
before, the one liner doesnt crash (IDK and IDC what the result of the
gt op is for the purpose of this ticket).

..\miniperl -I..\lib -e"use locale; '' gt ''"

and

..\perl -I..\lib -e"use locale; '' gt ''"

crashing callstack with blead line numbers

  perl525.dll!Perl__mem_collxfrm(interpreter * my_perl=0x003843dc,
const char * input_string=0x00910e34, unsigned int len=0, unsigned int *
xlen=0x0012fdf4, char utf8=0) Line 1782 + 0x5 C
  perl525.dll!Perl_sv_collxfrm_flags(interpreter *
my_perl=0x003843dc, sv * const sv=0x0090aecc, unsigned int * const
nxp=0x0012fe30, const long flags=0) Line 8122 + 0x28 C
  perl525.dll!Perl_sv_cmp_locale_flags(interpreter *
my_perl=0x003843dc, sv * const sv1=0x0090aecc, sv * const
sv2=0x0090afcc, const unsigned long flags=0) Line 8042 + 0x1b C
  perl525.dll!Perl_pp_sle(interpreter * my_perl=0x003843dc) Line
2340 + 0x6d C
  perl525.dll!Perl_runops_debug(interpreter * my_perl=0x003843dc)
Line 2232 + 0xd C
  perl525.dll!S_run_body(interpreter * my_perl=0x003843dc, long
oldscope=1) Line 2521 + 0xd C
  perl525.dll!perl_run(interpreter * my_perl=0x003843dc) Line 2447 C
  perl525.dll!RunPerl(int argc=3, char * * argv=0x00382d28, char * *
env=0x00382eb0) Line 252 + 0x9 C++
  perl.exe!main(int argc=3, char * * argv=0x00382d28, char * *
env=0x003831d8) Line 39 + 0x12 C
  perl.exe!mainCRTStartup() Line 398 + 0xe C
  kernel32.dll!_BaseProcessStart@​4() + 0x23

I found this SEGV because /lib/locale.t crashed at
http​://perl5.git.perl.org/perl.git/blob/ea3faa6ebfe4fad5563738edde470c34c60fd357​:/lib/locale.t#l1798
line 1798, with $char and $max_collating both being empty string. I then
reduced the crash to the oneliner above.

The divide by zero happens on line

-----------------------------
  const STRLEN new_m = needed / length_in_chars;
-----------------------------

because length_in_chars is 0. See attached C debugger pic for details on
C autos at crash point.

Perl Info

Flags:
    category=library
    severity=high
    module=locale

Site configuration information for perl 5.25.3:

Configured by Owner at Wed Jul 13 21:11:05 2016.

Summary of my perl5 (revision 5 version 25 subversion 3) configuration:
   
  Platform:
    osname=MSWin32
    osvers=5.1
    archname=MSWin32-x86-multi-thread
    uname=''
    config_args='undef'
    hint=recommended
    useposix=true
    d_sigaction=undef
    useithreads=define
    usemultiplicity=define
    use64bitint=undef
    use64bitall=undef
    uselongdouble=undef
    usemymalloc=n
    bincompat5005=undef
  Compiler:
    cc='cl'
    ccflags ='-nologo -GF -W3 -Od -MD -Zi -DDEBUGGING -DWIN32 -D_CONSOLE 
-DNO_STRICT  -DPERL_TEXTMODE_SCRIPTS -DPERL_IMPLICIT_CONTEXT 
-DPERL_IMPLICIT_SYS -DWIN32_NO_REGISTRY -DUSE_PERLIO'
    optimize='-Od -MD -Zi -DDEBUGGING'
    cppflags='-DWIN32'
    ccversion='13.10.6030'
    gccversion=''
    gccosandvers=''
    intsize=4
    longsize=4
    ptrsize=4
    doublesize=8
    byteorder=1234
    doublekind=3
    d_longlong=undef
    longlongsize=8
    d_longdbl=define
    longdblsize=8
    longdblkind=0
    ivtype='long'
    ivsize=4
    nvtype='double'
    nvsize=8
    Off_t='__int64'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='link'
    ldflags ='-nologo -nodefaultlib -debug -libpath:"c:\perl\lib\CORE" 
-machine:x86'
    libpth=\lib
    libs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib 
comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib 
netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib version.lib 
odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    perllibs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib 
comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib 
netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib version.lib 
odbc32.lib odbccp32.lib comctl32.lib msvcrt.lib
    libc=msvcrt.lib
    so=dll
    useshrplib=true
    libperl=perl525.lib
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_win32.xs
    dlext=dll
    d_dlsymun=undef
    ccdlflags=' '
    cccdlflags=' '
    lddlflags='-dll -nologo -nodefaultlib -debug 
-libpath:"c:\perl\lib\CORE" -machine:x86'



@INC for perl 5.25.3:
    lib
    C:/perl521/src/lib
    .


Environment for perl 5.25.3:
    HOME (unset)
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=C:\sperl\c\bin;C:\WINDOWS\system32;C:\Program Files\Microsoft 
Visual Studio .NET 2003\Vc7\bin;C:\Program Files\Microsoft Visual Studio 
.NET 2003\Common7\IDE;C:\WINDOWS;C:\Program Files\Git\cmd;C:\Program 
Files\Microsoft Visual Studio .NET 2003\Common7\Tools\bin;C:\perl\bin
    PERL_BADLANG (unset)
    PERL_JSON_BACKEND=Cpanel::JSON::XS
    PERL_YAML_BACKEND=YAML
    SHELL (unset)


@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Jul 14, 2016

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Jul 14, 2016

@khwilliamson - Status changed from 'new' to 'open'

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Jul 14, 2016

From @khwilliamson

Thanks for reporting this. It was a division by zero that had happened so far only on Win32 Fixed by e1c30f0
--
Karl Williamson

@p5pRT

This comment has been minimized.

Copy link
Collaborator Author

@p5pRT p5pRT commented Jul 14, 2016

@khwilliamson - Status changed from 'open' to 'resolved'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.