Test-Simple/t/subtest/fork.t segv, savearray fixup in cx_dup #163
Description
Currently only repro on Windows, but should affect all threaded builds.
The cx safearray is handled as AV* and not as SV** with sigs.
Specific fault is
Unhandled exception at 0x282806a5 (cperl524.dll) in perl.exe: 0xC0000005: Access violation reading location 0xabababb3.
examining memory shows PL_last_in_gv hasn't been cloned yet when croaking, but the real bug is why perl croaked inside the psuedofork
my_perl->Ilast_in_gv 0xabababab {sv_any=??? sv_refcnt=??? sv_flags=??? ...} gv *
SEGV callstack
cperl524.dll!Perl_mess_sv(interpreter * my_perl=0x00baf024, sv * basemsg=0x00d0acb4, char consume='�') Line 1502 + 0x15 C
cperl524.dll!Perl_vmess(interpreter * my_perl=0x00baf024, const char * pat=0x282de3bc, char * * args=0x0012fc20) Line 1546 + 0xf C
cperl524.dll!Perl_vcroak(interpreter * my_perl=0x00baf024, const char * pat=0x282de3bc, char * * args=0x0012fc20) Line 1774 + 0x17 C
cperl524.dll!Perl_croak(interpreter * my_perl=0x00baf024, const char * pat=0x282de3bc, ...) Line 1824 C
cperl524.dll!S_sv_dup_common(interpreter * my_perl=0x00baf024, const sv * const sstr=0x00384ed0, clone_params * const param=0x0012fde4) Line 13726 C
cperl524.dll!Perl_sv_dup_inc(interpreter * my_perl=0x00baf024, const sv * const sstr=0x00384ed0, clone_params * const param=0x0012fde4) Line 14016 + 0x17 C
cperl524.dll!Perl_cx_dup(interpreter * my_perl=0x00baf024, context * cxs=0x0038bdc4, long ix=2, long max=144, clone_params * param=0x0012fde4) Line 14080 + 0x14 C
cperl524.dll!Perl_si_dup(interpreter * my_perl=0x00baf024, stackinfo * si=0x0038ad44, clone_params * param=0x0012fde4) Line 14184 + 0x22 C
cperl524.dll!perl_clone_using(interpreter * proto_perl=0x003843cc, unsigned long flags=1, IPerlMem * ipM=0x0090f094, IPerlMem * ipMS=0x0090f0b0, IPerlMem * ipMP=0x0090f0cc, IPerlEnv * ipE=0x0090f0e8, IPerlStdIO * ipStd=0x0090f120, IPerlLIO * ipLIO=0x0090f1bc, IPerlDir * ipD=0x0090f224, IPerlSock * ipS=0x0090f250, IPerlProc * ipP=0x0090f300) Line 15263 + 0x14 C
cperl524.dll!PerlProcFork(IPerlProc * piPerl=0x003868c8) Line 1831 + 0x65 C++
cperl524.dll!Perl_pp_fork(interpreter * my_perl=0x003843cc) Line 4224 + 0x16 C
cperl524.dll!Perl_runops_debug(interpreter * my_perl=0x003843cc) Line 2274 + 0xd C
cperl524.dll!S_run_body(interpreter * my_perl=0x003843cc, long oldscope=1) Line 2553 + 0xd C
cperl524.dll!perl_run(interpreter * my_perl=0x003843cc) Line 2479 C
cperl524.dll!RunPerl(int argc=4, char * * argv=0x00382d28, char * * env=0x003854c8) Line 257 + 0x9 C++
perl.exe!main(int argc=4, char * * argv=0x00382d28, char * * env=0x003831a8) Line 39 + 0x12 C
perl.exe!mainCRTStartup() Line 398 + 0xe C
kernel32.dll!_BaseProcessStart@4() + 0x23
croak message is "Bizarre SvTYPE [%ld]",
the source SV is gibberish
- sstr 0x00384ed0 {sv_any=0x00ba016c sv_refcnt=0x00b4b474 sv_flags=0x00a59e64 ...} const sv * const
sv_any 0x00ba016c void *
sv_refcnt 0x00b4b474 unsigned long
sv_flags 0x00a59e64 unsigned long
+ sv_u {svu_pv=0x0090950c "äŸ8" svu_iv=0x0090950c svu_uv=0x0090950c ...} __unnamed
Further examining shows cxs[ix].cx_u.cx_blk.blk_u.blku_sub 's (src context struct's) savearray is gibberish too (that 0x00384ed0 ptr), but argarray (an SV *), once dereffed is not giberish, argarray is a RV to a GV. That GV is created by "C:\sources\cperl\lib/Symbol.pm" line 102. Due to savearray being 0x00384ed0 and argarray being 0x00384ecc, thats only 0x4 bytes away, so either savearray isn't an AV, never was a AV *, never will be an AV * or is corrupted/uninit, since obviously it didn't come from an SV arena I think.