Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

SEGV with blead #105

Closed
tokuhirom opened this Issue · 14 comments

6 participants

@tokuhirom
Owner
use strict;
use warnings;
use utf8;
use Test::More 0.96;

# This code cause segmentation fault on Perl 5.19.[79].

use Text::Xslate;

my $xslate = Text::Xslate->new();
$xslate->render_string(<<'...');
: '/' ~ uri('a')
: for 3 -> $n { }
...

pass;

done_testing;
@gfx gfx referenced this issue from a commit
@gfx gfx add a test for #105 535aa5e
@gfx gfx referenced this issue from a commit
@gfx gfx Checking in changes prior to tagging of version 3.1.2.
Changelog diff is:

diff --git a/Changes b/Changes
index 44033aa..6979dbc 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for Perl extension Text::Xslate

+3.1.2 2014-02-20 21:09:47+0900
+    [TEST]
+    - Add a test for github issue #105, which will fail on Perl 5.19.x
+
 3.1.1 2014-01-24 07:50:52+0900
     [DOCUMENTS]
     - Fix some typos (#102)
acb31f5
@tokuhirom
Owner

I guess this issue can reproduce with 5.19.4+.

I seem following internal change cause this issue.

Arrays now use NULL internally to represent unused slots, instead of &PL_sv_undef. &PL_sv_undef is no longer treated as a special value, so av_store(av, 0, &PL_sv_undef) will cause element 0 of that array to hold a read-only undefined scalar. $array[0] = anything will croak and \$array[0] will compare equal to \undef.

http://search.cpan.org/dist/perl-5.19.6/pod/perl5194delta.pod#Internal_Changes

@andk

Bisect shows it is indeed v5.19.3-16-gce0d59f as already suggested. The bleadperl ticket dealing with this is #119433, iow: https://rt.perl.org/rt3/Public/Bug/Display.html?id=119433

@kentfredric

Doesn't appear to be SEGVing on 5.19.9 with -DDEBUGGING

Instead fails with:

Text::Xslate: Iterating data must be an ARRAY reference, not 3 (<string>:2) at t/900_bugs/042_perl59_issue.t line 13.
----------------------------------------------------------------------------
: '/' ~ uri('a')
: for 3 -> $n { }
----------------------------------------------------------------------------
t/900_bugs/042_perl59_issue.t ................... 
No subtests run 
perl -d:Confess -Ilib t/900_bugs/042_perl59_issue.t 
Text::Xslate: Iterator variables must be an ARRAY reference, not 3 at t/900_bugs/042_perl59_issue.t line 13.
 (<string>:2:&main[9]) at t/900_bugs/042_perl59_issue.t line 13.
----------------------------------------------------------------------------
: '/' ~ uri('a')
: for 3 -> $n { }
----------------------------------------------------------------------------
 at lib/Text/Xslate/PP.pm line 642.
        Text::Xslate::PP::_error_handler("Iterator variables must be an ARRAY reference, not 3 at t/900"..., 0) called at lib/Text/Xslate/PP.pm line 656
        Text::Xslate::PP::_warn("Iterator variables must be an ARRAY reference, not 3 at t/900"...) called at /home/kent/perl5/perlbrew/perls/perl-5.19.9/lib/5.19.9/Carp.pm line 168
        Carp::carp("Iterator variables must be an ARRAY reference, not 3") called at lib/Text/Xslate/PP/State.pm line 209
        Text::Xslate::PP::State::_doerror(Text::Xslate::PP::Opcode=HASH(0x14fefe0), ARRAY(0x13d8c78), "Iterator variables must be an ARRAY reference, not %s", 3) called at lib/Text/Xslate/PP/State.pm line 224
        Text::Xslate::PP::State::error(Text::Xslate::PP::Opcode=HASH(0x14fefe0), ARRAY(0x13d8c78), "Iterator variables must be an ARRAY reference, not %s", 3) called at lib/Text/Xslate/PP.pm line 386
        Text::Xslate::PP::tx_check_itr_ar(Text::Xslate::PP::Opcode=HASH(0x14fefe0), 3) called at lib/Text/Xslate/PP/Opcode.pm line 199
        Text::Xslate::PP::Opcode::op_for_start(Text::Xslate::PP::Opcode=HASH(0x14fefe0)) called at lib/Text/Xslate/PP.pm line 596
        eval {...} called at lib/Text/Xslate/PP.pm line 595
        Text::Xslate::PP::tx_execute(Text::Xslate::PP::Opcode=HASH(0x14fefe0), HASH(0x14fea28)) called at lib/Text/Xslate/PP.pm line 113
        Text::Xslate::PP::render(Text::Xslate=HASH(0x114cd60), "<string>", undef) called at lib/Text/Xslate/PP.pm line 82
        Text::Xslate::PP::render_string(Text::Xslate=HASH(0x114cd60), ": '/' ~ uri('a')\x{a}: for 3 -> \$n { }\x{a}") called at t/900_bugs/042_perl59_issue.t line 13
ok 1
1..1

HTH

@tokuhirom
Owner

Ah, on my machine, segv is still not fixed.

% perl -v

This is perl 5, version 19, subversion 9 (v5.19.9) built for x86_64-linux

Copyright 1987-2014, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl".  If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
gdb$ r
Text::Xslate: Iterating data must be an ARRAY reference, not 3 (<string>:2) at t/900_bugs/042_perl59_issue.t line 13.
----------------------------------------------------------------------------
: '/' ~ uri('a')
: for 3 -> $n { }
----------------------------------------------------------------------------

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff19376b6 in tx_load_lvar (st=0x7fffffffd4c0, lvar_ix=0)
    at src/Text-Xslate.xs:301
301     if(AvFILLp(cframe) < real_ix || SvREADONLY(AvARRAY(cframe)[real_ix])) {
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.132.el6.x86_64 nss-softokn-freebl-3.14.3-9.el6.x86_64
gdb$ bt
#0  0x00007ffff19376b6 in tx_load_lvar (st=0x7fffffffd4c0, lvar_ix=0)
    at src/Text-Xslate.xs:301
#1  0x00007ffff193b988 in TXCODE_for_start (st=Unhandled dwarf expression opcode 0xf3
) at ./src/xslate_opcode.inc:224
#2  tx_runops (st=Unhandled dwarf expression opcode 0xf3
) at ./xslate_ops.h:524
#3  0x00007ffff193c66a in tx_execute (base=0xf4c760, output=Unhandled dwarf expression opcode 0xf3
) at src/Text-Xslate.xs:924
#4  0x00007ffff193c946 in XS_Text__Xslate__Engine_render (cv=Unhandled dwarf expression opcode 0xf3
)
    at src/Text-Xslate.xs:1606
#5  0x00000000004a6af9 in Perl_pp_entersub () at pp_hot.c:2767
#6  0x000000000049f4c3 in Perl_runops_standard () at run.c:42
#7  0x000000000043b824 in S_run_body (my_perl=Unhandled dwarf expression opcode 0xf3
) at perl.c:2449
#8  perl_run (my_perl=Unhandled dwarf expression opcode 0xf3
) at perl.c:2365
#9  0x000000000041dfc5 in main (argc=3, argv=0x7fffffffd968, env=0x7fffffffd988)
    at perlmain.c:112
@kentfredric

Hrm, strange, it seems I can't get it to avoid the segv now doing the exact same thing on the exact same perl.

Oh... I see. cpanm --uninstall Text::Xslate and then re-running the tests changes the outcome!

So my different behaviour above was only happening due to XS not being loaded. K.

@gfx gfx referenced this issue from a commit
@gfx gfx Checking in changes prior to tagging of version 3.2.0.
Changelog diff is:

diff --git a/Changes b/Changes
index 6979dbc..0caf3c9 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for Perl extension Text::Xslate

+3.2.0 2014-04-04 07:39:59+0900
+    [BUG FIXES]
+    - Fix #107, #109 HashWithDefault should use "exists" (yappo, tokuhirom)
+
 3.1.2 2014-02-20 21:09:47+0900
     [TEST]
     - Add a test for github issue #105, which will fail on Perl 5.19.x
5a39bb1
@tokuhirom
Owner

Still failing on Perl 5.19.10

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1937696 in tx_load_lvar (st=0x7fffffffcc60, lvar_ix=0) at src/Text-Xslate.xs:301
301         if(AvFILLp(cframe) < real_ix || SvREADONLY(AvARRAY(cframe)[real_ix])) {
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.132.el6.x86_64 nss-softokn-freebl-3.14.3-9.el6.x86_64
gdb$ bt
#0  0x00007ffff1937696 in tx_load_lvar (st=0x7fffffffcc60, lvar_ix=0) at src/Text-Xslate.xs:301
#1  0x00007ffff193b9a7 in TXCODE_for_start (st=Unhandled dwarf expression opcode 0xf3
) at ./src/xslate_opcode.inc:224
#2  tx_runops (st=Unhandled dwarf expression opcode 0xf3
) at ./xslate_ops.h:524
#3  0x00007ffff193c66a in tx_execute (base=0xf4fdd0, output=Unhandled dwarf expression opcode 0xf3
) at src/Text-Xslate.xs:924
#4  0x00007ffff193c946 in XS_Text__Xslate__Engine_render (cv=Unhandled dwarf expression opcode 0xf3
) at src/Text-Xslate.xs:1606
#5  0x00000000004a7c07 in Perl_pp_entersub () at pp_hot.c:2791
#6  0x00000000004a0b23 in Perl_runops_standard () at run.c:42
#7  0x000000000043bc84 in S_run_body (my_perl=Unhandled dwarf expression opcode 0xf3
) at perl.c:2449
#8  perl_run (my_perl=Unhandled dwarf expression opcode 0xf3
) at perl.c:2365
#9  0x000000000041e065 in main (argc=3, argv=0x7fffffffd108, env=0x7fffffffd128) at perlmain.c:112
@syohex
Owner

Still failing on Perl 5.19.11.

I suppose we should test null check when we may reference unused slot of array
as below. (I confirmed t/900_bugs/042_perl59_issue.t is passed after applying following patch)

diff --git a/src/Text-Xslate.xs b/src/Text-Xslate.xs
index 0f20884..1d5a17d 100644
--- a/src/Text-Xslate.xs
+++ b/src/Text-Xslate.xs
@@ -298,7 +298,9 @@ tx_load_lvar(pTHX_ tx_state_t* const st, I32 const lvar_ix) { /* the guts of TX_

     assert(SvTYPE(cframe) == SVt_PVAV);

-    if(AvFILLp(cframe) < real_ix || SvREADONLY(AvARRAY(cframe)[real_ix])) {
+    if(AvFILLp(cframe) < real_ix
+       || AvARRAY(cframe)[real_ix] == NULL
+       || SvREADONLY(AvARRAY(cframe)[real_ix])) {
         av_store(cframe, real_ix, newSV(0));
     }
     st->pad = AvARRAY(cframe) + TXframe_START_LVAR;
@gfx
Owner

@syohex can you make a pull request?

@syohex syohex referenced this issue from a commit
@syohex syohex Fix for blead Perl(#105)
See Also
  perl5194delta.pod #Internal_Changes
d42cac3
@syohex
Owner

@gfx I have pull-requested #117

@gfx gfx closed this issue from a commit
@gfx gfx Checking in changes prior to tagging of version 3.2.2.
Changelog diff is:

diff --git a/Changes b/Changes
index 9529468..e5c3e90 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for Perl extension Text::Xslate

+3.2.2 2014-04-23 07:29:42+0900
+    [BUG FIXES]
+    - Fix #105 SEGV on blead (reported by tokuhirom, fixed by syohex in #117)
+
 3.2.1 2014-04-17 07:55:38+0900
     [BUG FIXES]
     - Fix #111 (by syohex in #113) inputting "0" made a wrong result
999aa34
@gfx gfx closed this in 999aa34
@gfx gfx referenced this issue from a commit
@gfx gfx Checking in changes prior to tagging of version 3.2.3.
Changelog diff is:

diff --git a/Changes b/Changes
index e5c3e90..b222090 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for Perl extension Text::Xslate

+3.2.3 2014-04-23 07:32:39+0900
+    - Made a mistake in the release engineering, re-packaged on the correct
+      status.
+
 3.2.2 2014-04-23 07:29:42+0900
     [BUG FIXES]
     - Fix #105 SEGV on blead (reported by tokuhirom, fixed by syohex in #117)
cf54051
@gfx
Owner

Thanks. Released 3.2.3 with #117. I'd like to see this it fixes this issue.

@frioux

Fixes it for me!

@gfx
Owner

:dancer:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.