search

Perl / perl5

đŸȘ The Perl programming language
https://dev.perl.org/perl5/
Other
1.93k stars 553 forks source link

Infinite recursion (+segfault) on die() after goto-ing out of __DIE__ handler #14527

Open p5pRT opened 9 years ago

p5pRT commented 9 years ago

Migrated from rt.perl.org#123878 (status was 'open')

Searchable as RT123878$

p5pRT commented 9 years ago

From @fbriere

Created by @fbriere

A full description would probably be longer than this code snippet​:

  $ perl -w   sub foo { die }   sub bar { goto &foo }

  $SIG{__DIE__} = \&bar;   die;   Deep recursion on subroutine "main​::foo" at - line 2.   Segmentation fault

Segfault aside\, I did not expect the die() in foo() to trigger the __DIE__ handler; according to perlvar(1)\, the handler "is explicitly disabled *during* the call"\, from which we haven't returned yet (even though we have technically left the subroutine).

Perl Info ``` Flags: category=core severity=low Site configuration information for perl 5.20.1: Configured by Debian Project at Sun Jan 25 20:36:53 UTC 2015. Summary of my perl5 (revision 5 version 20 subversion 1) configuration: Platform: osname=linux, osvers=3.2.0-4-amd64, archname=i586-linux-gnu-thread-multi-64int uname='linux brahms 3.2.0-4-amd64 #1 smp debian 3.2.65-1+deb7u1 i686 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Dldflags= -Wl,-z,relro -Dlddlflags=-shared -Wl,-z,relro -Dcccdlflags=-fPIC -Darchname=i586-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.20 -Darchlib=/usr/lib/i386-linux-gnu/perl/5.20 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/i386-linux-gnu/perl5/5.20 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.20.1 -Dsitearch=/usr/local/lib/i386-linux-gnu/perl/5.20.1 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -Ui_libutil -Uversiononly -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.20.1 -des' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define use64bitint=define, use64bitall=undef, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2 -g', cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='4.9.2', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags =' -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /usr/lib/gcc/i586-linux-gnu/4.9/include-fixed /usr/include/i386-linux-gnu /usr/lib /lib/i386-linux-gnu /lib/../lib /usr/lib/i386-linux-gnu /usr/lib/../lib /lib libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt perllibs=-ldl -lm -lpthread -lc -lcrypt libc=libc-2.19.so, so=so, useshrplib=true, libperl=libperl.so.5.20 gnulibc_version='2.19' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib -fstack-protector' Locally applied patches: DEBPKG:debian/cpan_definstalldirs - Provide a sensible INSTALLDIRS default for modules installed from CPAN. DEBPKG:debian/db_file_ver - http://bugs.debian.org/340047 Remove overly restrictive DB_File version check. DEBPKG:debian/doc_info - Replace generic man(1) instructions with Debian-specific information. DEBPKG:debian/enc2xs_inc - http://bugs.debian.org/290336 Tweak enc2xs to follow symlinks and ignore missing @INC directories. DEBPKG:debian/errno_ver - http://bugs.debian.org/343351 Remove Errno version check due to upgrade problems with long-running processes. DEBPKG:debian/libperl_embed_doc - http://bugs.debian.org/186778 Note that libperl-dev package is required for embedded linking DEBPKG:fixes/respect_umask - Respect umask during installation DEBPKG:debian/writable_site_dirs - Set umask approproately for site install directories DEBPKG:debian/extutils_set_libperl_path - EU:MM: set location of libperl.a under /usr/lib DEBPKG:debian/no_packlist_perllocal - Don't install .packlist or perllocal.pod for perl or vendor DEBPKG:debian/prefix_changes - Fiddle with *PREFIX and variables written to the makefile DEBPKG:debian/fakeroot - Postpone LD_LIBRARY_PATH evaluation to the binary targets. DEBPKG:debian/instmodsh_doc - Debian policy doesn't install .packlist files for core or vendor. DEBPKG:debian/ld_run_path - Remove standard libs from LD_RUN_PATH as per Debian policy. DEBPKG:debian/libnet_config_path - Set location of libnet.cfg to /etc/perl/Net as /usr may not be writable. DEBPKG:debian/mod_paths - Tweak @INC ordering for Debian DEBPKG:debian/module_build_man_extensions - http://bugs.debian.org/479460 Adjust Module::Build manual page extensions for the Debian Perl policy DEBPKG:debian/prune_libs - http://bugs.debian.org/128355 Prune the list of libraries wanted to what we actually need. DEBPKG:fixes/net_smtp_docs - [rt.cpan.org #36038] http://bugs.debian.org/100195 Document the Net::SMTP 'Port' option DEBPKG:debian/perlivp - http://bugs.debian.org/510895 Make perlivp skip include directories in /usr/local DEBPKG:debian/deprecate-with-apt - http://bugs.debian.org/747628 Point users to Debian packages of deprecated core modules DEBPKG:debian/squelch-locale-warnings - http://bugs.debian.org/508764 Squelch locale warnings in Debian package maintainer scripts DEBPKG:debian/skip-upstream-git-tests - Skip tests specific to the upstream Git repository DEBPKG:debian/patchlevel - http://bugs.debian.org/567489 List packaged patches for 5.20.1-5 in patchlevel.h DEBPKG:debian/skip-kfreebsd-crash - http://bugs.debian.org/628493 [perl #96272] Skip a crashing test case in t/op/threads.t on GNU/kFreeBSD DEBPKG:fixes/document_makemaker_ccflags - http://bugs.debian.org/628522 [rt.cpan.org #68613] Document that CCFLAGS should include $Config{ccflags} DEBPKG:debian/find_html2text - http://bugs.debian.org/640479 Configure CPAN::Distribution with correct name of html2text DEBPKG:debian/perl5db-x-terminal-emulator.patch - http://bugs.debian.org/668490 Invoke x-terminal-emulator rather than xterm in perl5db.pl DEBPKG:debian/cpan-missing-site-dirs - http://bugs.debian.org/688842 Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is writable DEBPKG:fixes/memoize_storable_nstore - [rt.cpan.org #77790] http://bugs.debian.org/587650 Memoize::Storable: respect 'nstore' option not respected DEBPKG:debian/regen-skip - Skip a regeneration check in unrelated git repositories DEBPKG:fixes/regcomp-mips-optim - [perl #122817] http://bugs.debian.org/754054 Downgrade the optimization of regcomp.c on mips and mipsel due to a gcc-4.9 bug DEBPKG:debian/makemaker-pasthru - http://bugs.debian.org/758471 Pass LD settings through to subdirectories DEBPKG:fixes/perldoc-less-R - [rt.cpan.org #98636] http://bugs.debian.org/758689 Tell the 'less' pager to allow terminal escape sequences DEBPKG:fixes/pod_man_reproducible_date - http://bugs.debian.org/759405 Support POD_MAN_DATE in Pod::Man for the left-hand footer DEBPKG:fixes/data_dump_infinite_recurse - [19be3be] don't recurse infinitely in Data::Dumper DEBPKG:fixes/io_uncompress_gunzip_inmemory - http://bugs.debian.org/747363 [rt.cpan.org #95494] Fix gunzip to in-memory file handle DEBPKG:fixes/socket_test_recv_fix - http://bugs.debian.org/758718 [perl #122657] Compare recv return value to peername in socket test DEBPKG:fixes/hurd_socket_recv_todo - http://bugs.debian.org/758718 [perl #122657] TODO checking the result of recv() on hurd @INC for perl 5.20.1: /etc/perl /usr/local/lib/i386-linux-gnu/perl/5.20.1 /usr/local/share/perl/5.20.1 /usr/lib/i386-linux-gnu/perl5/5.20 /usr/share/perl5 /usr/lib/i386-linux-gnu/perl/5.20 /usr/share/perl/5.20 /usr/local/lib/site_perl . Environment for perl 5.20.1: HOME=/home/fbriere LANG=en_CA.UTF-8 LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/fbriere/bin:/home/fbriere/humble/bin:/usr/lib/ccache:/usr/local/bin:/usr/bin:/bin:/usr/games PERL_BADLANG (unset) SHELL=/bin/bash ```
p5pRT commented 9 years ago

From @rurban

This SEGV with a nested die handler doesn't seem severity low to me. It seems to be similar to Lukas Mai's fix for 'don't fatalize warnings during unwinding (#123398)'\, which is not even applied yet. -- Reini Urban

p5pRT commented 9 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 9 years ago

From @ilmari

"Reini Urban via RT" \perlbug\-followup@​perl\.org writes​:

This SEGV with a nested die handler doesn't seem severity low to me. It seems to be similar to Lukas Mai's fix for 'don't fatalize warnings during unwinding (#123398)'\, which is not even applied yet.

You appear to be looking at an outdated copy of the perl source\, it was applied by TonyC on 2015-07-08​:

http​://perl5.git.perl.org/perl.git/commitdiff/46b27d2f2c37f40dde845f9b4743975c69f2cc27

If you think it should be backported to maint-5.22\, feel free to suggest it.

-- "I use RMS as a guide in the same way that a boat captain would use a lighthouse. It's good to know where it is\, but you generally don't want to find yourself in the same spot." - Tollef Fog Heen

p5pRT commented 9 years ago

From @rurban

Die handler testcases added in the attached patch. do not apply\, fix it first. or I'll do I'm faster

-- Reini Urban

p5pRT commented 9 years ago

From @rurban

0001-die-handler-with-goto-perl-123878.patch ```diff From 4068db3cd8e813c8f923b9ab18c21920814b4c73 Mon Sep 17 00:00:00 2001 From: Reini Urban Date: Wed, 12 Aug 2015 15:26:41 +0200 Subject: [PATCH] die handler with goto [perl #123878] add testcases for the documented die handler exceptions: ... unless the hook routine itself exits via a "goto &sub", a loop exit, or a "die()". The "__DIE__" handler is explicitly disabled during the call, so that you can die from a "__DIE__" handler. --- MANIFEST | 1 + t/op/die_goto.t | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 t/op/die_goto.t diff --git MANIFEST MANIFEST index faaa775..0edc27b 100644 --- MANIFEST +++ MANIFEST @@ -5198,6 +5198,7 @@ t/op/defins.t See if auto-insert of defined() works t/op/delete.t See if delete works t/op/die_except.t See if die/eval avoids $@ clobberage t/op/die_exit.t See if die and exit status interaction works +t/op/die_goto.t See if a die handler is disabled during goto t/op/die_keeperr.t See if G_KEEPERR works for destructors t/op/die.t See if die works t/op/die_unwind.t Check die/eval early-$@ backcompat hack diff --git t/op/die_goto.t t/op/die_goto.t new file mode 100644 index 0000000..b9c2d04 --- /dev/null +++ t/op/die_goto.t @@ -0,0 +1,52 @@ +#!./perl -w +# This test checks for RT #123878, keeping the die handler still +# disabled into goto'd function. And the other documented +# exceptions to enable dying from a die handler. + +print "1..4\n"; + +eval { + sub f1 { die "ok 1\n" } + $SIG{__DIE__} = \&f1; + die; +}; +print $@; + +eval { + sub loopexit { for (0..2) { next if $_ } } + $SIG{__DIE__} = \&loopexit; + die "ok 2\n"; +}; +print $@; + +eval { + sub foo1 { die "ok 3\n" } + sub bar1 { foo1() } + $SIG{__DIE__} = \&bar1; + die; +}; +print $@; + +eval { + sub foo2 { die "ok 4\n" } + sub bar2 { goto &foo2 } + $SIG{__DIE__} = \&bar2; + die; +}; +print $@; + +# Deep recursion on subroutine "main::foo". +# SEGV + +# Segfault aside, I did not expect the die() in foo() to trigger the __DIE__ +# handler; according to perlvar(1), the handler "is explicitly disabled *during* +# the call", from which we haven't returned yet (even though we have technically +# left the subroutine). + +# perlvar %SIG +# When a "__DIE__" hook routine returns, the exception processing +# continues as it would have in the absence of the hook, +# unless the hook routine itself exits via a "goto &sub", +# a loop exit, or a "die()". The "__DIE__" handler is +# explicitly disabled during the call, so that you can +# die from a "__DIE__" handler. -- 2.4.5 ```
p5pRT commented 9 years ago

From @rurban

On Aug 12\, 2015\, at 3​:10 PM\, Dagfinn Ilmari MannsĂ„ker \ilmari@​ilmari\.org wrote​:

"Reini Urban via RT" \perlbug\-followup@​perl\.org writes​:

This SEGV with a nested die handler doesn't seem severity low to me. It seems to be similar to Lukas Mai's fix for 'don't fatalize warnings during unwinding (#123398)'\, which is not even applied yet.

You appear to be looking at an outdated copy of the perl source\, it was applied by TonyC on 2015-07-08​:

http​://perl5.git.perl.org/perl.git/commitdiff/46b27d2f2c37f40dde845f9b4743975c69f2cc27

I only merge blead monthly so I missed that. Good that it is in finally. Should have been in for your 5.22.0 already. Fixed Feb 12\, it was in my 5.22 in March.

If you think it should be backported to maint-5.22\, feel free to suggest it.

Sure it must. It’s on the summary list of the maint-5.20 votings already\, haven’t seen it on maint-5.22\, but I have no authority to suggest anything there.

p5pRT commented 9 years ago

From @rjbs

* Reini Urban \reini\.urban@​gmail\.com [2015-08-15T17​:15​:28]

On Aug 12\, 2015\, at 3​:10 PM\, Dagfinn Ilmari MannsĂ„ker \ilmari@​ilmari\.org wrote​:

If you think it should be backported to maint-5.22\, feel free to suggest it.

Sure it must. It’s on the summary list of the maint-5.20 votings already\, haven’t seen it on maint-5.22\, but I have no authority to suggest anything there.

Filing a ticket (or somewhat less reliably\, sending a normal p5p mail) to get attention on things needing backporting is a good idea. The response may well be\, "Oh\, yes\, of course\, just nobody had caught that one yet."

-- rjbs

p5pRT commented 9 years ago

From @steve-m-hay

On Sat Aug 15 14​:36​:13 2015\, perl.p5p@​rjbs.manxome.org wrote​:

* Reini Urban \reini\.urban@​gmail\.com [2015-08-15T17​:15​:28]

On Aug 12\, 2015\, at 3​:10 PM\, Dagfinn Ilmari MannsĂ„ker \ilmari@​ilmari\.org wrote​:

If you think it should be backported to maint-5.22\, feel free to suggest it.

Sure it must. It’s on the summary list of the maint-5.20 votings already\, haven’t seen it on maint-5.22\, but I have no authority to suggest anything there.

Filing a ticket (or somewhat less reliably\, sending a normal p5p mail) to get attention on things needing backporting is a good idea. The response may well be\, "Oh\, yes\, of course\, just nobody had caught that one yet."

Thanks. It's now in the voting file for maint-5.22\, which I've just started working on​:

http​://perl5.git.perl.org/perl.git/blob/a5e72c3582fa6693395860fcaf2d1124e146a43e​:/votes-5.22.xml#l83

(I've also listed #123878 in the hope that it can be fixed in time\, but there is no fix to backport yet.)