Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

t/1-basic.t segfaults randomly if PCRE2 is compiled with --enable-jit-sealloc #29

ppisar opened this issue Aug 2, 2017 · 3 comments


None yet
2 participants
Copy link

commented Aug 2, 2017

I have PCRE2 10.30-RC1 built with --enable-jit-sealloc option. This option enabled an alternative JIT memory allocator based on mmaped temporary files. Running t/1-basic.t against such PCRE2 usually results to a segfault:

#0  0xb7f336fb in sljit_free_exec (ptr=0xb775fca0)
    at src/sljit/sljitProtExecAllocator.c:367
#1  0xb7f33b0d in sljit_free_code (code=0xb775fca0) at src/sljit/sljitLir.c:486
#2  0xb7f5973c in _pcre2_jit_free_8 (executable_jit=0x80030540, memctl=0x80293b90)
    at src/pcre2_jit_misc.c:92
#3  0xb7f199f8 in pcre2_code_free_8 (code=0x80293b90) at src/pcre2_compile.c:1183
#4  0xb7771609 in PCRE2_free (my_perl=0x80004160, rx=0x80024e64) at PCRE2.xs:520
#5  0xb7d84e95 in Perl_pregfree2 () from /lib/
#6  0xb7de4640 in Perl_sv_clear () from /lib/
#7  0xb7de4d40 in Perl_sv_free2 () from /lib/
#8  0xb7d149e4 in Perl_op_clear () from /lib/
#9  0xb7d14b20 in Perl_op_free () from /lib/
#10 0xb7d3adb8 in perl_destruct () from /lib/
#11 0x800009ce in main ()

This is bacuse sljit_free_exec() does this assignment:

    if (SLJIT_UNLIKELY(!free_block->header.size)) {
        free_block->size += header->size;
        header = AS_BLOCK_HEADER(free_block, free_block->size);
→       header->prev_size = free_block->size;

and the memory pointed by header is read-only at the moment.

A minimal reproducer is:

use Test::More tests => 1;
use re::engine::PCRE2;

"Hello, world" !~ /(?<=Moose|Mo), (world)/;
"Hello, world" =~ /(?<=Hello|Hi), (world)/;


Removing any line (fork(), use Test::More; etc.) mitigates the crash. It's probably some kind of a race condition when the two processes deallocates the memory regions backed by the same file. But I don't understand how that could be possible.

I will forward it to PCRE2 authors as this is probably a PCRE2 bug. If you could reduce the reproducer to a pure PCRE2 C code, it would be great.


This comment has been minimized.

Copy link
Contributor Author

commented Aug 2, 2017


This comment has been minimized.

Copy link

commented Aug 2, 2017

Thanks, I'll try.
Cannot repro on my darwin laptop, need to wait until getting back from my holidays in greece.
But found a somewhat related bug on sealloc bug on darwin

rurban added a commit that referenced this issue Aug 2, 2017

@rurban rurban self-assigned this Apr 8, 2019


This comment has been minimized.

Copy link

commented Apr 8, 2019

Will be in 0.15

@rurban rurban closed this Apr 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.