search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.84k stars 524 forks source link

Subtle av_extend memory badness #1990

Closed p5pRT closed 20 years ago

p5pRT commented 23 years ago

Migrated from rt.perl.org#3264 (status was 'resolved')

Searchable as RT3264$

p5pRT commented 23 years ago

From @simoncozens

Created by 02552@scozens.uucp

The business about SVs overgrowing segments got me thinking. Edge cases expose bugs\, and sure enough\, perl -e '++$a[2**30]' dumps core.

This confirmed on Cygwin and Linux\, with and without Perl's malloc. The backtrace​:

154 ary[--tmp] = &PL_sv_undef; (gdb) bt #0 0x401aac in Perl_av_extend (av=0xa06764c\, key=1073741824) at av.c​:154 #1 0x401df5 in Perl_av_store (av=0xa06764c\, key=1073741824\, val=0xa059598)   at av.c​:271 #2 0x401be4 in Perl_av_fetch (av=0xa06764c\, key=1073741824\, lval=1)   at av.c​:204 #3 0x469779 in Perl_pp_aelem () at pp_hot.c​:2709 #4 0x48b4ef in Perl_runops_standard () at run.c​:25

I'll be perfectly honest here and say that I don't understand how av_extend is supposed to work. I think AvALLOC(av) may be getting a duff pointer\, because tmp (that's AvALLOC(av)-AvARRAY(av)) appears to be of the order of 2**30. But I don't really want to debug memory problems because they're really sticky and horrible. :)

(Incidentally\, ++$a[2**28] does the right thing and reports "out of memory during large request for 1073745920 bytes"\, ++$a[2**29] wraps and claims it's being asked for -2147479552 bytes. Weird\, huh?)

Perl Info ``` Site configuration information for perl v5.6.0: Configured by 02552 at Wed Mar 15 11:25:20 2000. Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration: Platform: osname=cygwin, osvers=1.1.0(0.1832), archname=cygwin uname='cygwin_nt-4.0 scozens 1.1.0(0.1832) 2000-03-010 16:57:37i586 i586 unknown ' config_args='-d' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler: cc='gcc', optimize='-O', gccversion=egcs-2.91.57 19980901 (egcs-1.1 release) cppflags='-fno-strict-aliasing -I/usr/local/include' ccflags ='-fno-strict-aliasing -I/usr/local/include' stdchar='char', d_stdstdio=undef, usevfork=false intsize=4, longsize=4, ptrsize=4, doublesize=8 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=4 alignbytes=8, usemymalloc=y, prototype=define Linker and Libraries: ld='ld2', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /tmp/bleadperl /lib /usr/lib libs=-lm -lcrypt -lcygwin -lkernel32 libc=/usr/lib/libc.a, so=dll, useshrplib=true, libperl=libperl5_6_0.a Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' ' cccdlflags=' ', lddlflags=' -L/usr/local/lib' Locally applied patches: v5.6.0-RC1 @INC for perl v5.6.0: /usr/local/lib/perl5/5.6.0/cygwin /usr/local/lib/perl5/5.6.0 /usr/local/lib/perl5/site_perl/5.6.0/cygwin /usr/local/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/site_perl/5.00562/cygwin /usr/local/lib/perl5/site_perl/5.00562 /usr/local/lib/perl5/site_perl . Environment for perl v5.6.0: HOME=/home/simon LANG (unset) LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/bin:/usr/local/bin:/usr/bin:/miktex/miktex/bin:/PROGRA~1/ORACLE/WIN32/bin:/WINNT/system32:/WINNT:/PROGRA~1/ORACLE/WIN16/BIN PERL_BADLANG (unset) SHELL=/bin/sh __END__ ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ```
p5pRT commented 23 years ago

From [Unknown Contact. See original ticket]

(Yes\, CC'ing p5p is bad\, but I don't trust the bugthing)

This is a bug report for perl from 02552@​scozens.uucp\, generated with the help of perlbug 1.28 running under perl v5.6.0.

----------------------------------------------------------------- [Please enter your report here]

The business about SVs overgrowing segments got me thinking. Edge cases expose bugs\, and sure enough\, perl -e '++$a[2**30]' dumps core.

This confirmed on Cygwin and Linux\, with and without Perl's malloc. The backtrace​:

154 ary[--tmp] = &PL_sv_undef; (gdb) bt #0 0x401aac in Perl_av_extend (av=0xa06764c\, key=1073741824) at av.c​:154 #1 0x401df5 in Perl_av_store (av=0xa06764c\, key=1073741824\, val=0xa059598) at av.c​:271 #2 0x401be4 in Perl_av_fetch (av=0xa06764c\, key=1073741824\, lval=1) at av.c​:204 #3 0x469779 in Perl_pp_aelem () at pp_hot.c​:2709 #4 0x48b4ef in Perl_runops_standard () at run.c​:25

I'll be perfectly honest here and say that I don't understand how av_extend is supposed to work. I think AvALLOC(av) may be getting a duff pointer\, because tmp (that's AvALLOC(av)-AvARRAY(av)) appears to be of the order of 2**30. But I don't really want to debug memory problems because they're really sticky and horrible. :)

(Incidentally\, ++$a[2**28] does the right thing and reports "out of memory during large request for 1073745920 bytes"\, ++$a[2**29] wraps and claims it's being asked for -2147479552 bytes. Weird\, huh?)

[Please do not change anything below this line] -----------------------------------------------------------------

--- Site configuration information for perl v5.6.0​:

Configured by 02552 at Wed Mar 15 11​:25​:20 2000.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration​: Platform​: osname=cygwin\, osvers=1.1.0(0.1832)\, archname=cygwin uname='cygwin_nt-4.0 scozens 1.1.0(0.1832) 2000-03-010 16​:57​:37i586 i586 unknown ' config_args='-d' hint=recommended\, useposix=true\, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler​: cc='gcc'\, optimize='-O'\, gccversion=egcs-2.91.57 19980901 (egcs-1.1 release) cppflags='-fno-strict-aliasing -I/usr/local/include' ccflags ='-fno-strict-aliasing -I/usr/local/include' stdchar='char'\, d_stdstdio=undef\, usevfork=false intsize=4\, longsize=4\, ptrsize=4\, doublesize=8 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=12 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=4 alignbytes=8\, usemymalloc=y\, prototype=define Linker and Libraries​: ld='ld2'\, ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /tmp/bleadperl /lib /usr/lib libs=-lm -lcrypt -lcygwin -lkernel32 libc=/usr/lib/libc.a\, so=dll\, useshrplib=true\, libperl=libperl5_6_0.a Dynamic Linking​: dlsrc=dl_dlopen.xs\, dlext=dll\, d_dlsymun=undef\, ccdlflags=' ' cccdlflags=' '\, lddlflags=' -L/usr/local/lib'

Locally applied patches​: v5.6.0-RC1

--- @​INC for perl v5.6.0​: /usr/local/lib/perl5/5.6.0/cygwin /usr/local/lib/perl5/5.6.0 /usr/local/lib/perl5/site_perl/5.6.0/cygwin /usr/local/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/site_perl/5.00562/cygwin /usr/local/lib/perl5/site_perl/5.00562 /usr/local/lib/perl5/site_perl .

--- Environment for perl v5.6.0​: HOME=/home/simon LANG (unset) LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset)

PATH=/bin​:/usr/local/bin​:/usr/bin​:/miktex/miktex/bin​:/PROGRA~1/ORACLE/WIN32/bin​:/WINNT/system32​:/WINNT​:/PROGRA~1/ORACLE/WIN16/BIN

PERL\_BADLANG \(unset\)
SHELL=/bin/sh

__END__

---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review\, retransmission\, dissemination or other use of\, or taking of any action in reliance upon\, this information by persons or entities other than the intended recipient is prohibited. If you received this in error\, please contact the sender and delete the material from any computer.

p5pRT commented 23 years ago

From [Unknown Contact. See original ticket]

(Yes\, CC'ing p5p is bad\, but I don't trust the bugthing)

This is a bug report for perl from 02552@​scozens.uucp\, generated with the help of perlbug 1.28 running under perl v5.6.0.

----------------------------------------------------------------- [Please enter your report here]

The business about SVs overgrowing segments got me thinking. Edge cases expose bugs\, and sure enough\, perl -e '++$a[2**30]' dumps core.

This confirmed on Cygwin and Linux\, with and without Perl's malloc. The backtrace​:

154 ary[--tmp] = &PL_sv_undef; (gdb) bt #0 0x401aac in Perl_av_extend (av=0xa06764c\, key=1073741824) at av.c​:154 #1 0x401df5 in Perl_av_store (av=0xa06764c\, key=1073741824\, val=0xa059598) at av.c​:271 #2 0x401be4 in Perl_av_fetch (av=0xa06764c\, key=1073741824\, lval=1) at av.c​:204 #3 0x469779 in Perl_pp_aelem () at pp_hot.c​:2709 #4 0x48b4ef in Perl_runops_standard () at run.c​:25

I'll be perfectly honest here and say that I don't understand how av_extend is supposed to work. I think AvALLOC(av) may be getting a duff pointer\, because tmp (that's AvALLOC(av)-AvARRAY(av)) appears to be of the order of 2**30. But I don't really want to debug memory problems because they're really sticky and horrible. :)

(Incidentally\, ++$a[2**28] does the right thing and reports "out of memory during large request for 1073745920 bytes"\, ++$a[2**29] wraps and claims it's being asked for -2147479552 bytes. Weird\, huh?)

[Please do not change anything below this line] -----------------------------------------------------------------

--- Site configuration information for perl v5.6.0​:

Configured by 02552 at Wed Mar 15 11​:25​:20 2000.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration​: Platform​: osname=cygwin\, osvers=1.1.0(0.1832)\, archname=cygwin uname='cygwin_nt-4.0 scozens 1.1.0(0.1832) 2000-03-010 16​:57​:37i586 i586 unknown ' config_args='-d' hint=recommended\, useposix=true\, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler​: cc='gcc'\, optimize='-O'\, gccversion=egcs-2.91.57 19980901 (egcs-1.1 release) cppflags='-fno-strict-aliasing -I/usr/local/include' ccflags ='-fno-strict-aliasing -I/usr/local/include' stdchar='char'\, d_stdstdio=undef\, usevfork=false intsize=4\, longsize=4\, ptrsize=4\, doublesize=8 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=12 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=4 alignbytes=8\, usemymalloc=y\, prototype=define Linker and Libraries​: ld='ld2'\, ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /tmp/bleadperl /lib /usr/lib libs=-lm -lcrypt -lcygwin -lkernel32 libc=/usr/lib/libc.a\, so=dll\, useshrplib=true\, libperl=libperl5_6_0.a Dynamic Linking​: dlsrc=dl_dlopen.xs\, dlext=dll\, d_dlsymun=undef\, ccdlflags=' ' cccdlflags=' '\, lddlflags=' -L/usr/local/lib'

Locally applied patches​: v5.6.0-RC1

--- @​INC for perl v5.6.0​: /usr/local/lib/perl5/5.6.0/cygwin /usr/local/lib/perl5/5.6.0 /usr/local/lib/perl5/site_perl/5.6.0/cygwin /usr/local/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/site_perl/5.00562/cygwin /usr/local/lib/perl5/site_perl/5.00562 /usr/local/lib/perl5/site_perl .

--- Environment for perl v5.6.0​: HOME=/home/simon LANG (unset) LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset)

PATH=/bin​:/usr/local/bin​:/usr/bin​:/miktex/miktex/bin​:/PROGRA~1/ORACLE/WIN32/bin​:/WINNT/system32​:/WINNT​:/PROGRA~1/ORACLE/WIN16/BIN

PERL\_BADLANG \(unset\)
SHELL=/bin/sh

__END__

---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review\, retransmission\, dissemination or other use of\, or taking of any action in reliance upon\, this information by persons or entities other than the intended recipient is prohibited. If you received this in error\, please contact the sender and delete the material from any computer.