Perl crash! (Segmentation Fault)

p5pRT commented 22 years ago

Migrated from rt.perl.org#8048 (status was 'resolved')

Searchable as RT8048$

p5pRT commented 22 years ago

From demartines@yahoo.com

Hello\,

That's the first time it happens to me with such a simple program: perl crashes in a Segmentation Fault. I boiled down the program and the data to the minimum possible. I'd be very glad if this can help resolve a bug.

I am using perl5.6.0 on linux RedHat7.2 (on this OS\, perl5.6.0 is the standard version that comes with the OS; I tried to upgrade another machine to 5.6.1 with CPAN\, but it made my whole system very unstable --many scripts wouldn't work anymore; apparently on 5.6.1 the same program seems to work). Anyway\, here is the report for perl5.6.0:

(prog.pl and crashdata are included as attachements)

1. Symptoms

% ./prog.pl crashdata > /dev/null Segmentation fault (core dumped)

2. OS specs

% uname -a Linux montreux 2.4.7-10 #1 Thu Sep 6 16:46:36 EDT 2001 i686 unknown

3. perl config

% perlbug -d

Flags: category= severity=

Site configuration information for perl v5.6.0:

Configured by bhcompile at Thu Aug 9 22:47:55 EDT 2001.

Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration: Platform: osname=linux\, osvers=2.4.6-3.1enterprise\, archname=i386-linux uname='linux stripples.devel.redhat.com 2.4.6-3.1enterprise #1 smp tue jul 24 14:03:17 edt 2001 i686 unknown ' config_args='-des -Doptimize=-O2 -march=i386 -mcpu=i686 -Dcc=gcc -Dcccdlflags=-fPIC -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux -Dd_dosuid -Dd_semctl_semun -Di_db -Di_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Uuselargefiles' hint=recommended\, useposix=true\, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=undef use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler: cc='gcc'\, optimize='-O2 -march=i386 -mcpu=i686'\, gccversion=2.96 20000731 (Red Hat Linux 7.1 2.96-96) cppflags='-fno-strict-aliasing -I/usr/local/include' ccflags ='-fno-strict-aliasing -I/usr/local/include' stdchar='char'\, d_stdstdio=define\, usevfork=false intsize=4\, longsize=4\, ptrsize=4\, doublesize=8 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=12 ivtype='long'\, ivsize=4\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=4 alignbytes=4\, usemymalloc=n\, prototype=define Linker and Libraries: ld='gcc'\, ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -ldl -lm -lc -lcrypt libc=/lib/libc-2.2.4.so\, so=so\, useshrplib=false\, libperl=libperl.a Dynamic Linking: dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-rdynamic' cccdlflags='-fPIC'\, lddlflags='-shared -L/usr/local/lib'

Locally applied patches:

@INC for perl v5.6.0: /home/pierred/lib/perl /home/pierred/airtx/demo/lib/perl /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .

Environment for perl v5.6.0: HOME=/home/pierred LANG=en_US LANGUAGE (unset)
LD_LIBRARY_PATH=/home/pierred/lib/arch-ix86-linux:/usr/X11R6/lib:/usr/local/lib LOGDIR (unset)
PATH=/usr/kerberos/bin:.:/home/pierred/bin:/home/pierred/bin/perl:/home/pierred/bin/tcl:/home/pierred/bin/arch-ix86-linux:/usr/local/frame/bin:/home/pierred/airtx/demo/bin:/home/queuer/bin:/home/queuer/scripts:/usr/local/parasoft/bin.linux:/usr/local/bin:/usr/local/gnu/bin:/usr/sbin:/usr/bsd:/usr/ucb:/sbin:/usr/bin:/bin:/usr/lib:/usr/etc:/usr/bin/X11:/home/pierred/RIM/cross-tools/bin:/usr/X11R6/bin PERL5LIB=/home/pierred/lib/perl:/home/pierred/airtx/demo/lib/perl PERL_BADLANG (unset) SHELL=/bin/tcsh

--

Best regards\, Pierre

__________________________________________________________________ Pierre Demartines\, CTO AirTx tel:415-641-5481 cell:415-235-1973

p5pRT commented 22 years ago

From demartines@yahoo.com

prog.pl

p5pRT commented 22 years ago

From demartines@yahoo.com

From: A

A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A

p5pRT commented 22 years ago

From @schwern

On Wed\, Dec 12\, 2001 at 12:32:31PM -0800\, Pierre Demartines wrote:

Hello\,

That's the first time it happens to me with such a simple program: perl crashes in a Segmentation Fault. I boiled down the program and the data to the minimum possible. I'd be very glad if this can help resolve a bug.

I am using perl5.6.0 on linux RedHat7.2 (on this OS\, perl5.6.0 is the standard version that comes with the OS; I tried to upgrade another machine to 5.6.1 with CPAN\, but it made my whole system very unstable --many scripts wouldn't work anymore; apparently on 5.6.1 the same program seems to work). Anyway\, here is the report for perl5.6.0:

Confirmed\, it does segfault in 5.6.0. The bug's been fixed in 5.6.1

--

Michael G. Schwern \schwern@pobox\.com http://www.pobox.com/~schwern/ Perl Quality Assurance \perl\-qa@perl\.org Kwalitee Is Job One Pancakes is the better part of valor. http://www.goats.com/archive/971202.html

p5pRT commented 22 years ago

From [Unknown Contact. See original ticket]

At 12:32 -0800 2001-12-12\, Pierre Demartines wrote:

Hello\,

That's the first time it happens to me with such a simple program: perl crashes in a Segmentation Fault. I boiled down the program and the data to the minimum possible. I'd be very glad if this can help resolve a bug.

#!/usr/local/bin/perl

undef $/; $_ = \<>; # slurps in the whole text file s/\015//g; @emails = split(/(?=From:\s*.*\n)/m); for (@emails) { ($header\, $_) = split(/(?\<=\n)\n/m\, $_\, 2); # try to remove quoted messages ($_\, $rest) = split(/^[> ]*-----/m\, $_\, 2); }

Those regular expressions are going to beat the hell out of perl's regex engine. The regex engine is (and this is a known bug which may get fixed in perl 5.10\, not in the coming release\, 5.8) prone to overflowing the stack in certain situations like this (although I can only recall having seen the bug tickled by regexps involving alternation -- the '|' operator\, not lookahead as in your script). If you can look at the core dump with a debugger -- say

$ gdb perl core .... (gdb) bt 10

and it says that perl expired out in the regmatch() function\, with a load more regmatch() stack frames above it\, then that's your problem. If the script works with a small dataset\, but not with a big one\, then that's your problem. If You can make the script run with a larger dataset by increasing perl's stack allocation (with ulimit -s) than that's your problem.

If none of these is the case\, then your problem is something else.

That said\, I can't make your script crash perl5.6.0 running on Mac OS X (Darwin)\, even when I restrict the stack to just 100k -- although Michael G Schwern has managed to reproduce it. It did take an hour to do the initial split of a 7.5Mb mail box\, though -- admittedly on a busy system. This leads me to...

What can you do to prevent your data from inciting your script to crash perl or perform badly? Rewrite your regular expressions. Your first one is splitting on a null string with trailing context of the whole of the rest of the rest of the mail box. You really need something a lot less greedy.

You should also have another shot at installing 5.6.1. Please submit another bug report if it is not stable on your system.

-- Dominic Dunlop

p5pRT commented 22 years ago

From [Unknown Contact. See original ticket]

Thank you all --I have to say I am overwhelmed with the quality and dedication of your support! Very impressive!

Re you comments\, Dominic: 1. I fail to see which regexp is going to beat the hell out of the engine. BTW\, the crash actually occurs on the last regexp (line 10) which seems really inoccuous to me (i.e. not prone to a lot of recursion). 2. The "minimal" crashing data set (provided in my initial email) is very small. It contains 103 lines for a total of 320 chars. 3. no matter what the stack size is\, the crash occurs. And I can give it a lot of stack since my current machine has 1GB of ram. 4. It's really the split on line 10 that crashes. If I change it into 0010: s/^[> ]*-----[^\000]*//m; Then there is no crash. 5. When I run perl in gdb\, here is what I get: gdb /usr/local/bin/perl GNU gdb Red Hat Linux 7.x (5.0rh-15) (MI_OUT) Copyright 2001 Free Software Foundation\, Inc. GDB is free software\, covered by the GNU General Public License\, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)... (gdb) run prog.pl crashdata Starting program: /usr/local/bin/perl prog.pl crashdata

Program received signal SIGSEGV\, Segmentation fault. 0x080d1cc6 in Perl_re_intuit_start () at eval.c:41 41 eval.c: No such file or directory. in eval.c (gdb) bt 10 #0 0x080d1cc6 in Perl_re_intuit_start () at eval.c:41 #1 0x080d350a in Perl_regexec_flags () at eval.c:41 #2 0x080b4d28 in Perl_pp_split () at eval.c:41 #3 0x08097e28 in Perl_runops_standard () at eval.c:41 #4 0x0805bfba in perl_run () at eval.c:41 #5 0x0805bd2b in perl_run () at eval.c:41 #6 0x08059a21 in main () at eval.c:41 #7 0x4008c507 in __libc_start_main (main=0x80599b0 \

\, argc=3\, ubp_av=0xbffff494\, init=0x8058b80 \<_init>\, fini=0x80de810 \<_fini>\, rtld_fini=0x4000dc14 \<_dl_fini>\, stack_end=0xbffff48c) at ../sysdeps/generic/libc-start.c:129 (gdb) q

6. Rewriting the regexps: of course\, the example I gave in my script is for the purpose of showing a "minimal" script that crashes. In the real system things are a bit more complex... BTW\, as I mentionned above the script works (and fast enough to my taste) when I change line 10 as explained in point 4. above. With the modified "crashing" script (only line 10 modified) it takes 28 seconds to process 153 MB of email in a dozen of mailboxes (10423 different emails). 7. re-installing perl5.6.1: Point taken\, I know I should... It's just a matter of getting the time to do it properly.

Thanks again and best regards\,

~Pierre

-----Original Message----- From: Dominic Dunlop [mailto:domo@computer.org] Sent: Wednesday\, December 19\, 2001 1:38 PM To: Pierre Demartines Cc: perl5-porters@perl.org; perlbug@rfi.net; Michael G Schwern Subject: Re: [ID 20011212.006] Perl crash! (Segmentation Fault)

At 12:32 -0800 2001-12-12\, Pierre Demartines wrote:

Hello\,

That's the first time it happens to me with such a simple program: perl crashes in a Segmentation Fault. I boiled down the program and the data to the minimum possible. I'd be very glad if this can help resolve a bug.

#!/usr/local/bin/perl

undef $/; $_ = \<>; # slurps in the whole text file s/\015//g; @emails = split(/(?=From:\s*.*\n)/m); for (@emails) { ($header\, $_) = split(/(?\<=\n)\n/m\, $_\, 2); # try to remove quoted messages ($_\, $rest) = split(/^[> ]*-----/m\, $_\, 2); }

Those regular expressions are going to beat the hell out of perl's regex engine. The regex engine is (and this is a known bug which may get fixed in perl 5.10\, not in the coming release\, 5.8) prone to overflowing the stack in certain situations like this (although I can only recall having seen the bug tickled by regexps involving alternation -- the '|' operator\, not lookahead as in your script). If you can look at the core dump with a debugger -- say

$ gdb perl core ... (gdb) bt 10

and it says that perl expired out in the regmatch() function\, with a load more regmatch() stack frames above it\, then that's your problem. If the script works with a small dataset\, but not with a big one\, then that's your problem. If You can make the script run with a larger dataset by increasing perl's stack allocation (with ulimit -s) than that's your problem.

If none of these is the case\, then your problem is something else.

That said\, I can't make your script crash perl5.6.0 running on Mac OS X (Darwin)\, even when I restrict the stack to just 100k -- although Michael G Schwern has managed to reproduce it. It did take an hour to do the initial split of a 7.5Mb mail box\, though -- admittedly on a busy system. This leads me to...

What can you do to prevent your data from inciting your script to crash perl or perform badly? Rewrite your regular expressions. Your first one is splitting on a null string with trailing context of the whole of the rest of the rest of the mail box. You really need something a lot less greedy.

You should also have another shot at installing 5.6.1. Please submit another bug report if it is not stable on your system.

-- Dominic Dunlop

_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com

p5pRT commented 19 years ago

From @smpeters

[RT_System - Wed Dec 12 08:46:13 2001]:

On Wed\, Dec 12\, 2001 at 12:32:31PM -0800\, Pierre Demartines wrote:

Hello\,

That's the first time it happens to me with such a simple program: perl crashes in a Segmentation Fault. I boiled down the program and the data to the minimum possible. I'd be very glad if this can help resolve a bug.

I am using perl5.6.0 on linux RedHat7.2 (on this OS\, perl5.6.0 is the standard version that comes with the OS; I tried to upgrade another machine to 5.6.1 with CPAN\, but it made my whole system very unstable --many scripts wouldn't work anymore; apparently on 5.6.1 the same program seems to work). Anyway\, here is the report for perl5.6.0:

Confirmed\, it does segfault in 5.6.0. The bug's been fixed in 5.6.1

I've confirmed that the segfault no longer occurs.

p5pRT commented 19 years ago

@smpeters - Status changed from 'open' to 'resolved'

Perl / perl5