Closed p5pRT closed 11 years ago
The business about SVs overgrowing segments got me thinking. Edge cases expose bugs\, and sure enough\, perl -e '++$a[2**30]' dumps core.
This confirmed on Cygwin and Linux\, with and without Perl's malloc. The backtrace:
154 ary[--tmp] = &PL_sv_undef; (gdb) bt #0 0x401aac in Perl_av_extend (av=0xa06764c\, key=1073741824) at av.c:154 #1 0x401df5 in Perl_av_store (av=0xa06764c\, key=1073741824\, val=0xa059598) at av.c:271 #2 0x401be4 in Perl_av_fetch (av=0xa06764c\, key=1073741824\, lval=1) at av.c:204 #3 0x469779 in Perl_pp_aelem () at pp_hot.c:2709 #4 0x48b4ef in Perl_runops_standard () at run.c:25
I'll be perfectly honest here and say that I don't understand how av_extend is supposed to work. I think AvALLOC(av) may be getting a duff pointer\, because tmp (that's AvALLOC(av)-AvARRAY(av)) appears to be of the order of 2**30. But I don't really want to debug memory problems because they're really sticky and horrible. :)
(Incidentally\, ++$a[2**28] does the right thing and reports "out of memory during large request for 1073745920 bytes"\, ++$a[2**29] wraps and claims it's being asked for -2147479552 bytes. Weird\, huh?)
\simon\.p\.cozens@​jp\.pwcglobal\.com wrote
I'll be perfectly honest here and say that I don't understand how av_extend is supposed to work. I think AvALLOC(av) may be getting a duff pointer\, because tmp (that's AvALLOC(av)-AvARRAY(av)) appears to be of the order of 2**30. But I don't really want to debug memory problems because they're really sticky and horrible. :)
I think the essential problem is a naivety in the definition of New() :
handy.h:538 #define New(x\,v\,n\,t) (v = (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))
If n is too large\, the multiply will overflow silently\, causing it to allocate a size quite different from that expected. Now when you come to write to what you think you've been allocated ...
The obvious fix is to put a check on the value of n in the four places in av.c. (And perhaps in many other places in the Perl source.)
The attached patch fixes the problem:
./perl -e '++$a[2**30-100]' Out of memory during ridiculously large request at -e line 1.
./perl -e '++$a[2**30-50]' Array size 1073741774 too large for memory at -e line 1.
But it needs further work:
i) I didn't know the right value to use for MAX_KEY. ii) No tests\, as I didn't know what offseets to test (same problem as (i)). iii) The error string presumably ought to be a constant (and presumably declared in perl.h). iv) No entry in perldiag.pod. v) Should it be extended to other allocations\, e.g. in hv.c?
Mike Guy
simon.p.cozens@jp.pwcglobal.com writes:
The business about SVs overgrowing segments got me thinking. Edge cases expose bugs\, and sure enough\, perl -e '++$a[2**30]' dumps core.
(Incidentally\, ++$a[2**28] does the right thing and reports "out of memory during large request for 1073745920 bytes"\, ++$a[2**29] wraps and claims it's being asked for -2147479552 bytes. Weird\, huh?)
It is quite normal\, and discused on p5p several times. One *could* check a limit for maximal n (void*)[n] at Configure time\, but such checks would still slow down execution with questionable advantages...
Ilya
simon.p.cozens@jp.pwcglobal.com writes:
The business about SVs overgrowing segments got me thinking. Edge cases expose bugs\, and sure enough\, perl -e '++$a[2**30]' dumps core.
(Incidentally\, ++$a[2**28] does the right thing and reports "out of memory during large request for 1073745920 bytes"\, ++$a[2**29] wraps and claims it's being asked for -2147479552 bytes. Weird\, huh?)
It is quite normal\, and discused on p5p several times. One *could* check a limit for maximal n (void*)[n] at Configure time\, but such checks would still slow down execution with questionable advantages...
Ilya
For 5.10.0 Cygwin Tolyan@zion ~ $ perl -e'print ++$a[2**31]' Out of memory during array extend at -e line 1.
All ok
For ActiveStatePerl 5.10.0 C:\Documents and Settings\Tolyan>perl -e"print ++$a[2**30]" Out of memory during array extend at -e line 1.
Very old bug....
I believe this ticket was resolved by PERL_MALLOC_WRAP and it's MEM_WRAP_CHECKs.
On Sun Dec 09 16:41:27 2012\, pcm wrote:
I believe this ticket was resolved by PERL_MALLOC_WRAP and it's MEM_WRAP_CHECKs.
I get these results on Perl 5.16.0 on both Darwin/PPC and Linux/i386:
##### $ perl -e'print ++$a[2**31]' Out of memory during array extend at -e line 1.
$ perl -e"print ++$a[2**30]" Can't modify anonymous list ([]) in preincrement (++) at -e line 1\, at EOF Execution of -e aborted due to compilation errors. ##### Is the fatal error I get in the 2**30 case expected? If so\, then this ticket should be closed.
Thank you very much. Jim Keenan
On Mon\, Jan 14\, 2013 at 04:18:25PM -0800\, James E Keenan via RT wrote:
On Sun Dec 09 16:41:27 2012\, pcm wrote:
I believe this ticket was resolved by PERL_MALLOC_WRAP and it's MEM_WRAP_CHECKs.
I get these results on Perl 5.16.0 on both Darwin/PPC and Linux/i386:
##### $ perl -e'print ++$a[2**31]' Out of memory during array extend at -e line 1.
$ perl -e"print ++$a[2**30]" Can't modify anonymous list ([]) in preincrement (++) at -e line 1\, at EOF Execution of -e aborted due to compilation errors. ##### Is the fatal error I get in the 2**30 case expected? If so\, then this ticket should be closed.
That's because you're using double quotes in the second example\, and so the string actually being evaluated by perl is 'print ++[2**30]'. I get these results:
$ perl -e'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ perl -e'print ++$a[2**30]' 1
-doy
On Mon Jan 14 16:23:28 2013\, doy@tozt.net wrote:
On Mon\, Jan 14\, 2013 at 04:18:25PM -0800\, James E Keenan via RT wrote:
On Sun Dec 09 16:41:27 2012\, pcm wrote:
I believe this ticket was resolved by PERL_MALLOC_WRAP and it's MEM_WRAP_CHECKs.
I get these results on Perl 5.16.0 on both Darwin/PPC and Linux/i386:
##### $ perl -e'print ++$a[2**31]' Out of memory during array extend at -e line 1.
$ perl -e"print ++$a[2**30]" Can't modify anonymous list ([]) in preincrement (++) at -e line 1\, at EOF Execution of -e aborted due to compilation errors. ##### Is the fatal error I get in the 2**30 case expected? If so\, then this ticket should be closed.
That's because you're using double quotes in the second example\, and so the string actually being evaluated by perl is 'print ++[2**30]'. I get these results:
$ perl -e'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ perl -e'print ++$a[2**30]' 1
Copying your last command exactly and running it\, I get on both machines:
$ perl -e'print ++$a[2**30]' Out of memory during array extend at -e line 1.
Does this mean the bug is still present in many environments?
Thank you very much. Jim Keenan
On Mon Jan 14 17:21:07 2013\, jkeenan wrote:
Copying your last command exactly and running it\, I get on both machines:
$ perl -e'print ++$a[2**30]' Out of memory during array extend at -e line 1.
Does this mean the bug is still present in many environments?
Thank you very much. Jim Keenan
______________________________________________________________________ C:\Documents and Settings\Owner\Desktop>perl -e "print ++$a[2**30]" Out of memory during array extend at -e line 1.
C:\Documents and Settings\Owner\Desktop>perl -e "print ++$a[2**31]" Out of memory during array extend at -e line 1.
C:\Documents and Settings\Owner\Desktop>perl -V Summary of my perl5 (revision 5 version 10 subversion 0) configuration: Platform: osname=MSWin32\, osvers=5.00\, archname=MSWin32-x86-multi-thread uname='' config_args='undef' hint=recommended\, useposix=true\, d_sigaction=undef useithreads=define\, usemultiplicity=define useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef use64bitint=undef\, use64bitall=undef\, uselongdouble=undef usemymalloc=n\, bincompat5005=undef Compiler: cc='cl'\, ccflags ='-nologo -GF -W3 -MD -Zi -DNDEBUG -O1 -DWIN32 -D_CONSOLE - DNO_STRICT -DHAVE_DES_FCRYPT -DUSE_SITECUSTOMIZE -DPRIVLIB_LAST_IN_INC -DPERL_IM PLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO -DPERL_MSVCRT_READFIX'\, optimize='-MD -Zi -DNDEBUG -O1'\, cppflags='-DWIN32' ccversion='13.10.6030'\, gccversion=''\, gccosandvers='' intsize=4\, longsize=4\, ptrsize=4\, doublesize=8\, byteorder=1234 d_longlong=undef\, longlongsize=8\, d_longdbl=define\, longdblsize=10 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='__int64'\, lseeksi ze=8 alignbytes=8\, prototype=define Linker and Libraries: ld='link'\, ldflags ='-nologo -nodefaultlib -debug -opt:ref\,icf -libpath:"C: \Perl\lib\CORE" -machine:x86' libpth=\lib libs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32 .lib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib ws2_ 32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib perllibs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comd lg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib libc=msvcrt.lib\, so=dll\, useshrplib=true\, libperl=perl510.lib gnulibc_version='' Dynamic Linking: dlsrc=dl_win32.xs\, dlext=dll\, d_dlsymun=undef\, ccdlflags=' ' cccdlflags=' '\, lddlflags='-dll -nologo -nodefaultlib -debug -opt:ref\,icf - libpath:"C:\Perl\lib\CORE" -machine:x86'
Characteristics of this binary (from libperl): Compile-time options: MULTIPLICITY PERL_DONT_CREATE_GVSV PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS PERL_MALLOC_WRAP PL_OP_SLAB_ALLOC USE_ITHREADS USE_LARGE_FILES USE_PERLIO USE_SITECUSTOMIZE Locally applied patches: ActivePerl Build 1003 [285500] 33741 avoids segfaults invoking S_raise_signal() (on Linux) 33763 Win32 process ids can have more than 16 bits 32809 Load 'loadable object' with non-default file extension 32728 64-bit fix for Time::Local Built under MSWin32 Compiled at May 13 2008 16:52:49 %ENV: PERL_JSON_BACKEND="JSON::XS" PERL_YAML_BACKEND="YAML" @INC: C:/Perl/site/lib C:/Perl/lib .
C:\Documents and Settings\Owner\Desktop> ________________________________________________________________________ C:\p517\perl>perl -e "print ++$a[2**30]" Out of memory during array extend at -e line 1.
C:\p517\perl>perl -e "print ++$a[2**31]" Out of memory during array extend at -e line 1.
C:\p517\perl>perl -V Summary of my perl5 (revision 5 version 17 subversion 7 patch blead 2012-12-06.1 6:42:20 93a641ae382638ffd1980378be4810244d04f4b0 v5.17.6-186-g93a641a) configura tion: Snapshot of: 93a641ae382638ffd1980378be4810244d04f4b0 Platform: osname=MSWin32\, osvers=5.1\, archname=MSWin32-x86-multi-thread uname='' config_args='undef' hint=recommended\, useposix=true\, d_sigaction=undef useithreads=define\, usemultiplicity=define useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef use64bitint=undef\, use64bitall=undef\, uselongdouble=undef usemymalloc=n\, bincompat5005=undef Compiler: cc='cl'\, ccflags ='-nologo -GF -W3 -MD -Zi -DNDEBUG -O1 -GL -G7 -DWIN32 -D_C ONSOLE -DNO_STRICT -DPERL_TEXTMODE_SCRIPTS -DPERL_IMPLICIT_CONTEXT -DPERL_IMPLI CIT_SYS -DUSE_PERLIO -D_USE_32BIT_TIME_T'\, optimize='-MD -Zi -DNDEBUG -O1 -GL -G7'\, cppflags='-DWIN32' ccversion='13.10.6030'\, gccversion=''\, gccosandvers='' intsize=4\, longsize=4\, ptrsize=4\, doublesize=8\, byteorder=1234 d_longlong=undef\, longlongsize=8\, d_longdbl=define\, longdblsize=8 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='__int64'\, lseeksi ze=8 alignbytes=8\, prototype=define Linker and Libraries: ld='link'\, ldflags ='-nologo -nodefaultlib -debug -opt:ref\,icf -ltcg -libpa th:"c:\perl517\lib\CORE" -machine:x86' libpth="C:\Program Files\Microsoft Visual Studio .NET 2003\VC7\lib" libs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.l ib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib ws2_32 .lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib comctl32.lib msvcrt. lib perllibs=oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg 32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib ws 2_32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib comctl32.lib msv crt.lib libc=msvcrt.lib\, so=dll\, useshrplib=true\, libperl=perl517.lib gnulibc_version='' Dynamic Linking: dlsrc=dl_win32.xs\, dlext=dll\, d_dlsymun=undef\, ccdlflags=' ' cccdlflags=' '\, lddlflags='-dll -nologo -nodefaultlib -debug -opt:ref\,icf -l tcg -libpath:"c:\perl517\lib\CORE" -machine:x86'
Characteristics of this binary (from libperl): Compile-time options: HAS_TIMES HAVE_INTERP_INTERN MULTIPLICITY PERLIO_LAYERS PERL_DONT_CREATE_GVSV PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS PERL_MALLOC_WRAP PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV USE_ITHREADS USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_PERLIO USE_PERL_ATOF Built under MSWin32 Compiled at Jan 3 2013 19:42:20 @INC: C:/perl517/site/lib C:/perl517/lib .
C:\p517\perl> ________________________________________________________________________ now perl 5.6 ________________________________________________________________________
C:\Documents and Settings\Owner>perl -e "print ++$a[2**30]" *CRASH* C:\Documents and Settings\Owner>perl -e "print ++$a[2**31]" Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
C:\Documents and Settings\Owner>perl -V Summary of my perl5 (revision 5 version 6 subversion 2) configuration: Platform: osname=MSWin32\, osvers=4.0\, archname=MSWin32-x86 uname='' config_args='undef' hint=recommended\, useposix=true\, d_sigaction=undef usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=unde f useperlio=undef d_sfio=undef uselargefiles=undef usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef Compiler: cc='cl'\, ccflags ='-nologo -Od -Zi -MD -DNDEBUG -DWIN32 -D_CONSOLE -DNO_STRI CT -DHAVE_DES_FCRYPT -DPERL_MSVCRT_READFIX'\, optimize='-Od -Zi -MD -DNDEBUG'\, cppflags='-DWIN32' ccversion=''\, gccversion=''\, gccosandvers='' intsize=4\, longsize=4\, ptrsize=4\, doublesize=8\, byteorder=1234 d_longlong=undef\, longlongsize=8\, d_longdbl=define\, longdblsize=10 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize =4 alignbytes=8\, usemymalloc=n\, prototype=define Linker and Libraries: ld='link'\, ldflags ='-nologo -nodefaultlib -debug -opt:ref\,icf -release -li bpath:"c:\p56\5.6.2\lib\MSWin32-x86\CORE" -machine:x86' libpth="C:\Program Files\Microsoft Visual Studio .NET 2003\VC7\lib" libs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32 .lib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib wsoc k32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib perllibs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comd lg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib wsock32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib libc=msvcrt.lib\, so=dll\, useshrplib=yes\, libperl=perl56.lib Dynamic Linking: dlsrc=dl_win32.xs\, dlext=dll\, d_dlsymun=undef\, ccdlflags=' ' cccdlflags=' '\, lddlflags='-dll -nologo -nodefaultlib -debug -opt:ref\,icf - release -libpath:"c:\p56\5.6.2\lib\MSWin32-x86\CORE" -machine:x86'
Characteristics of this binary (from libperl): Compile-time options: Built under MSWin32 Compiled at Jan 5 2013 15:16:37 @INC: C:/p56/5.6.2/lib/MSWin32-x86 C:/p56/5.6.2/lib C:/p56/site/5.6.2/lib/MSWin32-x86 C:/p56/site/5.6.2/lib .
C:\Documents and Settings\Owner> ________________________________________________________________________
Access violation writing location 0x0181fffc. ________________________________________________________________________
perl56.dll!Perl_av_extend(av * av=0x018209a4\, long key=1073741824) Line 151 + 0xf C perl56.dll!Perl_av_store(av * av=0x018209a4\, long key=1073741824\, sv * val=0x002325a0) Line 267 + 0xd C perl56.dll!Perl_av_fetch(av * av=0x018209a4\, long key=1073741824\, long lval=1) Line 200 + 0x11 C perl56.dll!Perl_pp_aelem() Line 2799 + 0x2d C perl56.dll!Perl_runops_standard() Line 23 + 0x8 C perl56.dll!S_run_body(long oldscope=1) Line 1474 C perl56.dll!perl_run(interpreter * my_perl=0x00233d88) Line 1393 + 0x9 C perl56.dll!RunPerl(int argc=3\, char * * argv=0x00233d50\, char * * env=0x00232c58) Line 319 + 0x9 C perl.exe!main(int argc=3\, char * * argv=0x00233d50\, char * * env=0x00232c58) Line 18 + 0x12 C perl.exe!mainCRTStartup() Line 398 + 0xe C kernel32.dll!_BaseProcessStart@4() + 0x23
_______________________________________________________________________
-- bulk88 ~ bulk88 at hotmail.com
On Mon\, 14 Jan 2013 17:21:07 -0800\, "James E Keenan via RT" \perlbug\-followup@​perl\.org wrote:
On Mon Jan 14 16:23:28 2013\, doy@tozt.net wrote:
On Mon\, Jan 14\, 2013 at 04:18:25PM -0800\, James E Keenan via RT wrote:
On Sun Dec 09 16:41:27 2012\, pcm wrote:
I believe this ticket was resolved by PERL_MALLOC_WRAP and it's MEM_WRAP_CHECKs.
I get these results on Perl 5.16.0 on both Darwin/PPC and Linux/i386:
##### $ perl -e'print ++$a[2**31]' Out of memory during array extend at -e line 1.
$ perl -e"print ++$a[2**30]" Can't modify anonymous list ([]) in preincrement (++) at -e line 1\, at EOF Execution of -e aborted due to compilation errors. ##### Is the fatal error I get in the 2**30 case expected? If so\, then this ticket should be closed.
That's because you're using double quotes in the second example\, and so the string actually being evaluated by perl is 'print ++[2**30]'. I get these results:
$ perl -e'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ perl -e'print ++$a[2**30]' 1
Copying your last command exactly and running it\, I get on both machines:
$ perl -e'print ++$a[2**30]' Out of memory during array extend at -e line 1.
Does this mean the bug is still present in many environments?
64bit Linux 3.4.11\, perl-5.16.2/64all:
$ perl -le'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ perl -le'print ++$a[2**30]' 1
64bit HP-UX 11.31\, perl-5.14.2/64all
$ perl -le'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ perl -le'print ++$a[2**30]' Out of memory!
64bit HP-UX 11.31\, perl-5.16.0/64all
$ gperl -le'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ gperl -le'print ++$a[2**30]' Out of memory!
Thank you very much. Jim Keenan
-- H.Merijn Brand http://tux.nl Perl Monger http://amsterdam.pm.org/ using perl5.00307 .. 5.17 porting perl5 on HP-UX\, AIX\, and openSUSE http://mirrors.develooper.com/hpux/ http://www.test-smoke.org/ http://qa.perl.org http://www.goldmark.org/jeff/stupid-disclaimers/
On Mon\, Jan 14\, 2013 at 05:21:07PM -0800\, James E Keenan via RT wrote:
On Mon Jan 14 16:23:28 2013\, doy@tozt.net wrote:
On Mon\, Jan 14\, 2013 at 04:18:25PM -0800\, James E Keenan via RT wrote:
On Sun Dec 09 16:41:27 2012\, pcm wrote:
I believe this ticket was resolved by PERL_MALLOC_WRAP and it's MEM_WRAP_CHECKs.
I get these results on Perl 5.16.0 on both Darwin/PPC and Linux/i386:
##### $ perl -e'print ++$a[2**31]' Out of memory during array extend at -e line 1.
$ perl -e"print ++$a[2**30]" Can't modify anonymous list ([]) in preincrement (++) at -e line 1\, at EOF Execution of -e aborted due to compilation errors. ##### Is the fatal error I get in the 2**30 case expected? If so\, then this ticket should be closed.
That's because you're using double quotes in the second example\, and so the string actually being evaluated by perl is 'print ++[2**30]'. I get these results:
$ perl -e'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ perl -e'print ++$a[2**30]' 1
Copying your last command exactly and running it\, I get on both machines:
$ perl -e'print ++$a[2**30]' Out of memory during array extend at -e line 1.
Does this mean the bug is still present in many environments?
No\, it just means your machine hasn't got enough memory to create a 1Gb array.
There's still a bug though:
$ perl -e'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
That means that the value 2^31 is being wrapped to a negative number. I don't know whether this is just due the general fault of the AV API using signed 32-bit values (I32)\, or whether something could be fixed *before* the value is passed to the API.
-- This email is confidential\, and now that you have read it you are legally obliged to shoot yourself. Or shoot a lawyer\, if you prefer. If you have received this email in error\, place it in its original wrapping and return for a full refund. By opening this email\, you accept that Elvis lives.
On Fri\, Jan 18\, 2013 at 8:13 AM\, Dave Mitchell \davem@​iabyn\.com wrote:
On Mon\, Jan 14\, 2013 at 05:21:07PM -0800\, James E Keenan via RT wrote:
On Mon Jan 14 16:23:28 2013\, doy@tozt.net wrote:
On Mon\, Jan 14\, 2013 at 04:18:25PM -0800\, James E Keenan via RT wrote:
On Sun Dec 09 16:41:27 2012\, pcm wrote:
I believe this ticket was resolved by PERL_MALLOC_WRAP and it's MEM_WRAP_CHECKs.
I get these results on Perl 5.16.0 on both Darwin/PPC and Linux/i386:
##### $ perl -e'print ++$a[2**31]' Out of memory during array extend at -e line 1.
$ perl -e"print ++$a[2**30]" Can't modify anonymous list ([]) in preincrement (++) at -e line 1\, at EOF Execution of -e aborted due to compilation errors. ##### Is the fatal error I get in the 2**30 case expected? If so\, then this ticket should be closed.
That's because you're using double quotes in the second example\, and so the string actually being evaluated by perl is 'print ++[2**30]'. I get these results:
$ perl -e'print ++$a[2**31]' Modification of non-creatable array value attempted\, subscript -2147483648 at -e line 1.
$ perl -e'print ++$a[2**30]' 1
Copying your last command exactly and running it\, I get on both machines:
$ perl -e'print ++$a[2**30]' Out of memory during array extend at -e line 1.
Does this mean the bug is still present in many environments?
No\, it just means your machine hasn't got enough memory to create a 1Gb array.
There's still a bug though:
$ perl \-e'print \+\+$a\[2\*\*31\]' Modification of non\-creatable array value attempted\, subscript \-2147483648 at \-e line 1\.
That means that the value 2^31 is being wrapped to a negative number. I don't know whether this is just due the general fault of the AV API using signed 32-bit values (I32)\, or whether something could be fixed *before* the value is passed to the API.
I know there's a meta ticket for all of those I32 bugs. I like this example:
perl -wE '@a = qw(1 2); say ++$a[2**32-1]' 3
Anyway\, this ticket was for the core dump for large array indices; it seems that issue has been resolved\, so can this ticket be closed too? The goal being to get our max ticket age under 10 years :-)
-- This email is confidential\, and now that you have read it you are legally obliged to shoot yourself. Or shoot a lawyer\, if you prefer. If you have received this email in error\, place it in its original wrapping and return for a full refund. By opening this email\, you accept that Elvis lives.
On Fri\, Jan 18\, 2013 at 02:43:02PM -0500\, Peter Martini wrote:
Anyway\, this ticket was for the core dump for large array indices; it seems that issue has been resolved\, so can this ticket be closed too? The goal being to get our max ticket age under 10 years :-)
Yeah\,I think it can be closed.
-- Technology is dominated by two types of people: those who understand what they do not manage\, and those who manage what they do not understand.
@iabyn - Status changed from 'open' to 'resolved'
Migrated from rt.perl.org#3263 (status was 'resolved')
Searchable as RT3263$