Perl 5.8.8 segfaulting on comments! How can this be?

Nicholas Clark nick at ccl4.org
Fri Dec 12 17:11:14 GMT 2008 

On Fri, Dec 12, 2008 at 06:00:04PM +0100, Radoslaw Zielinski wrote:
> Andy Wardley <abw at wardley.org> [12-12-2008 17:38]:
> [...]
> > Before I go digging deeper (having already lost most of the afternoon to
> > this), can someone confirm the problem for me?
> 
> I can't reproduce this on 5.8.8 @ 64bit Linux.

Breaks for me on a stock /usr/bin/perl on 64 bit Debian. valgrind says:

==26769== Invalid write of size 8
==26769==    at 0x4BAFE61: Perl_pp_qr (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4BA959D: Perl_runops_standard (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B54039: Perl_call_sv (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B543A8: Perl_call_list (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B85083: Perl_newATTRSUB (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B836C0: Perl_utilize (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B753B0: Perl_yyparse (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4BDA133: (within /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4BDBE29: Perl_pp_require (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4BA959D: Perl_runops_standard (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B54039: Perl_call_sv (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B543A8: Perl_call_list (in /usr/lib/libperl.so.5.8.8)
==26769==  Address 0x54656F8 is 0 bytes after a block of size 1,024 alloc'd
==26769==    at 0x4A1B858: malloc (vg_replace_malloc.c:149)
==26769==    by 0x4B994CA: Perl_safesysmalloc (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4BA7A98: Perl_av_extend (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4BD8D35: Perl_new_stackinfo (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B51CB2: Perl_init_stacks (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x4B58F4A: perl_construct (in /usr/lib/libperl.so.5.8.8)
==26769==    by 0x40171F: main (in /usr/bin/perl)

Works for me for 5.8.9-RC2 built with the (roughly) the same options (gosh,
there's a lot of seeming cargo cult in Debian's Configure invocation), on
the same machine, and valgrind reports no errors. So I'm hoping that it's
genuinely fixed in 5.8.9.

Have you tested your code with 5.8.9-RC2 yet?

['cos if you don't, and it breaks on it, it isn't *my* fault]

> BTW, what's this?
> 
>   $ tar tzf broken_glass.tgz | grep _
>   ./._Broken.pm
>   ./._Glass.pm
>   ./._glass.t

OS X "tar" being "helpful".
[writing out the resource forks as dot files]

[mmm, I wonder if you can crash OS X tar by constructing malicious tar files]

Nicholas Clark

More information about the london.pm mailing list