Permalink
Browse files

[perl #97020] Carp (actually caller) leaking memory

Commit eff7e72 (Detect incomplete caller overrides in Carp) used
this little trick for detecting a @DB::args that an overridden
caller() failed to set:

+  @args = \$i; # A sentinal, which no-one else has the address of

But there is a bug in caller().  The first time caller tries to write
to @DB::args, it calls Perl_init_dbargs first.  That function checks
whether @DB::args is AvREAL, in case someone has assigned to it, and
takes appropriate measures.  But caller doesn’t bother calling
Perl_init_dbargs more than once.  So manually-assigned items in
@DB::args would leak, starting with the *second* call to caller.

Commit eff7e72 triggered that bug, resulting in a regression in
Carp, in that it started leaking.  eff7e72 was backported to 5.12.2
with commit 9770594, so in both 5.12 and 5.14 Carp is affected.

This bug (the caller bug, not Carp’s triggering thereof) also affects
any caller overrides that set @DB::args themselves, if there are
alternate calls to the overridden caller and CORE::caller.

This commit fixes that by changing the if (!PL_dbargs) condition
in pp_caller to if (!PL_dbargs || AvREAL(PL_dbargs)).  I.e., if
@args is either uninitialised or AvREAL then call Perl_init_dbargs.
Perl_init_dbargs also has a bug in it, that this fixes: The array not
only needs AvREAL turned off, but also AvREIFY turned on, so that
assignments to it that occur after its initialisation turn AvREAL back
on again.  (In fact, Larry Wall added a comment suggesting this back
in perl 5.000.)
  • Loading branch information...
1 parent 7530120 commit af80dd863acea8450a9f41ae03645f4d69dad091 Father Chrysostomos committed Aug 18, 2011
Showing with 15 additions and 4 deletions.
  1. +1 −1 av.h
  2. +1 −1 perl.c
  3. +1 −1 pp_ctl.c
  4. +12 −1 t/op/caller.t
View
2 av.h
@@ -28,7 +28,7 @@ struct xpvav {
* real if the array needs to be modified in some way. Functions that
* modify fake AVs check both flags to call av_reify() as appropriate.
*
- * Note that the Perl stack and @DB::args have neither flag set. (Thus,
+ * Note that the Perl stack has neither flag set. (Thus,
* items that go on the stack are never refcounted.)
*
* These internal details are subject to change any time. AV
View
2 perl.c
@@ -3848,7 +3848,7 @@ Perl_init_dbargs(pTHX)
"leak" until global destruction. */
av_clear(args);
}
- AvREAL_off(PL_dbargs); /* XXX should be REIFY (see av.h) */
+ AvREIFY_only(PL_dbargs);
}
void
View
@@ -1957,7 +1957,7 @@ PP(pp_caller)
AV * const ary = cx->blk_sub.argarray;
const int off = AvARRAY(ary) - AvALLOC(ary);
- if (!PL_dbargs)
+ if (!PL_dbargs || AvREAL(PL_dbargs))
Perl_init_dbargs(aTHX);
if (AvMAX(PL_dbargs) < AvFILLp(ary) + off)
View
@@ -5,7 +5,7 @@ BEGIN {
chdir 't' if -d 't';
@INC = '../lib';
require './test.pl';
- plan( tests => 81 );
+ plan( tests => 82 );
}
my @c;
@@ -214,6 +214,17 @@ EOP
}
}
+# This also used to leak [perl #97010]:
+{
+ my $gone;
+ sub fwib::DESTROY { ++$gone }
+ package DB;
+ sub { () = caller(0) }->(); # initialise PL_dbargs
+ @args = bless[],'fwib';
+ sub { () = caller(0) }->(); # clobber @args without initialisation
+ ::is $gone, 1, 'caller does not leak @DB::args elems when AvREAL';
+}
+
$::testing_caller = 1;
do './op/caller.pl' or die $@;

0 comments on commit af80dd8

Please sign in to comment.