search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.85k stars 527 forks source link

not() || 1 produces segmentation fault #7793

Closed p5pRT closed 19 years ago

p5pRT commented 19 years ago

Migrated from rt.perl.org#34101 (status was 'resolved')

Searchable as RT34101$

p5pRT commented 19 years ago

From robin.stocker@nibor.org

Created by robin.stocker@nibor.org

Hi\,

It seems like I just stumbled over a funny bug.

perl -e 'not() || 1' perl -e 'die unless not()' ...

Like in the two examples above\, the evaluation of not() produces a segmentation fault or a freeze of the interpreter. This problem occurred on several platforms ( x86/Linux\, sparc64/Solaris ) and perl versions ( 5.6.1\, 5.8.4\, 5.8.6 ).

Regards\, Robin Stocker

Perl Info ``` Flags: category=core severity=low Site configuration information for perl v5.8.6: Configured by Gentoo at Thu Jan 27 14:16:31 CET 2005. Summary of my perl5 (revision 5 version 8 subversion 6) configuration: Platform: osname=linux, osvers=2.6.10-gentoo-r6, archname=i686-linux uname='linux saturn 2.6.10-gentoo-r6 #1 smp wed jan 19 19:13:17 cet 2005 i686 mobile intel(r) pentium(r) 4 - m cpu 2.00ghz genuineintel gnulinux ' config_args='-des -Darchname=i686-linux -Dcccdlflags=-fPIC -Dccdlflags=-rdynamic -Dcc=gcc -Dprefix=/usr -Dvendorprefix=/usr -Dsiteprefix=/usr -Dlocincpth= -Doptimize=-pipe -march=pentium4 -O2 -Duselargefiles -Dd_semctl_semun -Dscriptdir=/usr/bin -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dinstallman1dir=/usr/share/man/man1 -Dinstallman3dir=/var/tmp/portage/perl-5.8.6-r2/image//usr/share/man/man3 -Dman1ext=1 -Dman3ext=3pm -Dinc_version_list=5.8.2 5.8.2/i686-linux 5.8.4 5.8.4/i686-linux 5.8.5 5.8.5/i686-linux -Dcf_by=Gentoo -Ud_csh -Di_ndbm -Di_gdbm -Di_db' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='gcc', ccflags ='-fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-pipe -march=pentium4 -O2', cppflags='-DPERL5 -fno-strict-aliasing -pipe' ccversion='', gccversion='3.4.3 20050110 (Gentoo Linux 3.4.3.20050110, ssp-3.4.3.20050110-0, pie-8.7.7)', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='gcc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lpthread -lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc libc=/lib/libc-2.3.4.so, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='2.3.4' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib' Locally applied patches: @INC for perl v5.8.6: /etc/perl /usr/lib/perl5/site_perl/5.8.6/i686-linux /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.4/i686-linux /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i686-linux /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.6/i686-linux /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.4/i686-linux /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 /usr/local/lib/site_perl /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.4/i686-linux /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i686-linux . Environment for perl v5.8.6: HOME=/home/nibor LANG (unset) LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.4.3:/opt/ati/bin:/usr/X11R6/bin:/usr/games/bin:/sbin:/usr/sbin:/home/nibor/bin PERL_BADLANG (unset) SHELL=/bin/bash ```
p5pRT commented 19 years ago

From alexeyt@freeshell.org

On Thu\, 10 Feb 2005\, robin.stocker@​nibor.org (via RT) wrote​:

It seems like I just stumbled over a funny bug.

perl -e 'not() || 1' perl -e 'die unless not()' ...

Confirmed on x86/win32 version 5.8.4.

What's also interesting is that\, in my case​:

perl -e 'not() || \'

crashes\, while

perl -e '1; not() || \'

hangs and

perl -m\ -e 'not() || \'

hangs\, yet

perl -e -m\ 'not() || \'

doesn't crash or hang. A very interesting bug :)

  Alexey

p5pRT commented 19 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 19 years ago

From @tamias

On Thu\, Feb 10\, 2005 at 05​:00​:02PM +0000\, Alexey Toptygin wrote​:

perl -m\ -e 'not() || \'

hangs\, yet

perl -e -m\ 'not() || \'

doesn't crash or hang. A very interesting bug :)

That last one's not that interesting.

% perl -MO=Deparse -e -mCGI 'not() || 1' -'mCGI'; -e syntax OK %

:)

Ronald

p5pRT commented 19 years ago

From @rgs

robin.stocker@​nibor.org (via RT) wrote​:

perl -e 'not() || 1' perl -e 'die unless not()' ...

Like in the two examples above\, the evaluation of not() produces a segmentation fault or a freeze of the interpreter.

It occurs in bleadperl as well; but that's not the evaluation of not() that segfault\, since the bug appears with -c as well.

p5pRT commented 19 years ago

From @smpeters

On Thu\, Feb 10\, 2005 at 12​:29​:51PM -0500\, Ronald J Kimball wrote​:

On Thu\, Feb 10\, 2005 at 05​:00​:02PM +0000\, Alexey Toptygin wrote​:

perl -m\ -e 'not() || \'

hangs\, yet

perl -e -m\ 'not() || \'

doesn't crash or hang. A very interesting bug :)

That last one's not that interesting.

% perl -MO=Deparse -e -mCGI 'not() || 1' -'mCGI'; -e syntax OK %

Here's the backtrace from blead...

(gdb) bt #0 0x1c05f94d in S_new_logop (my_perl=0x3c030000\, type=159\, flags=0\,   firstp=0xcfbf2d34\, otherp=0xcfbf2d38) at op.c​:3484 #1 0x1c05f846 in Perl_newLOGOP (my_perl=0x3c030000\, type=160\, flags=0\,   first=0x0\, other=0x3c03c940) at op.c​:3459 #2 0x1c053f22 in Perl_yyparse (my_perl=0x3c030000) at perly.y​:515 #3 0x1c01ced5 in S_parse_body (my_perl=0x3c030000\, env=0x0\,   xsinit=0x1c016e5c \<xs_init>) at perl.c​:1684 #4 0x1c01bbc7 in perl_parse (my_perl=0x3c030000\, xsinit=0x1c016e5c \<xs_init>\,   argc=3\, argv=0xcfbf2f40\, env=0x0) at perl.c​:1194 #5 0x1c016dc8 in main (argc=3\, argv=0xcfbf2f40\, env=0xcfbf2f50)   at perlmain.c​:96

Steve Peters steve@​fisharerojo.org

p5pRT commented 19 years ago

From @mhx

The segfault can be reproduced with all versions of Perl since 5.6.0.

It has been fixed by the following change​:

Change 23960 by mhx@​mhx-r2d2 on 2005/02/10 20​:50​:31

  [perl #34101] not() || 1 produces segmentation fault  
  Fixed by making not() behave like not(0). This is also the   way not() behaved before it started segfaulting in 5.6.0.

p5pRT commented 19 years ago

@mhx - Status changed from 'open' to 'resolved'

p5pRT commented 19 years ago

From @iabyn

On Thu\, Feb 10\, 2005 at 06​:15​:17PM +0100\, Rafael Garcia-Suarez wrote​:

robin.stocker@​nibor.org (via RT) wrote​:

perl -e 'not() || 1' perl -e 'die unless not()' ...

Like in the two examples above\, the evaluation of not() produces a segmentation fault or a freeze of the interpreter.

It occurs in bleadperl as well; but that's not the evaluation of not() that segfault\, since the bug appears with -c as well.

Its the fact that the OP struct containing the NOT operator doesn't have a child\, and various parts of the the core assume that it always has a child. The proper fix is to stop the lexer/parser generating such a bad op in the first place\, but it's (as always) too late at night for my poor brain to work out how to do such a thing.

-- Nothing ventured\, nothing lost.

p5pRT commented 19 years ago

From @mhx

On 2005-02-11\, at 00​:29​:58 +0000\, Dave Mitchell wrote​:

On Thu\, Feb 10\, 2005 at 06​:15​:17PM +0100\, Rafael Garcia-Suarez wrote​:

robin.stocker@​nibor.org (via RT) wrote​:

perl -e 'not() || 1' perl -e 'die unless not()' ...

Like in the two examples above\, the evaluation of not() produces a segmentation fault or a freeze of the interpreter.

It occurs in bleadperl as well; but that's not the evaluation of not() that segfault\, since the bug appears with -c as well.

Its the fact that the OP struct containing the NOT operator doesn't have a child\, and various parts of the the core assume that it always has a child. The proper fix is to stop the lexer/parser generating such a bad op in the first place\, but it's (as always) too late at night for my poor brain to work out how to do such a thing.

It has already been fixed by change #23960\, but somehow my RT response didn't show up on the list (yet).

Marcus

-- To iterate is human\, to recurse\, divine.   -- Robert Heller