Closed p5pRT closed 18 years ago
The following scalar leak is reproduced under any perl 5.8+ w/ithreads:
#!/usr/bin/perl -T use Devel::Peek; use threads;
local $0 = "test"; # \<== XXX: leaks scalar my $thr = threads->new(sub { Dump $0 }); $thr->join; # \<== XXX: triggers the leak
% perl -T leak.pl SV = PVMG(0x81129a0) at 0x816dc10 REFCNT = 1 FLAGS = (GMG\,SMG\,pPOK) IV = 0 NV = 0 PV = 0x816e370 "test"\0 CUR = 4 LEN = 5 MAGIC = 0x816e2a8 MG_VIRTUAL = &PL_vtbl_sv MG_TYPE = PERL_MAGIC_sv(\0) MG_OBJ = 0x816dc04 MG_LEN = 1 MG_PTR = 0x816e2c8 "0" MAGIC = 0x816e2d8 MG_VIRTUAL = &PL_vtbl_taint MG_TYPE = PERL_MAGIC_taint(t) MG_OBJ = 0x816dc1c MG_LEN = 2
Scalars leaked: 1 leaked: sv=0x816dc1c flags=0x084046007 refcnt=0\, Perl interpreter: 0x8102770
As the dump shows that leaked scalar is MG_OBJ = 0x816dc1c. This magic object is a taint magic (and it happens under -T).
It happens so that ModPerl::Registry localizes $0\, so anybody trying to spawn a thread is going to get this leak. There are probably other cases where this happens in the same way\, but at the moment I've only one *easy* testcase.
(resubmitting Steve Hay's followup so it'll be stored in rt)
Stas Bekman (via RT) wrote:
# New Ticket Created by Stas Bekman # Please include the string: [perl #34341] # in the subject line of all future correspondence about this issue. # \<URL: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=34341 >
This is a bug report for perl from stas@rabbit.stason.org\, generated with the help of perlbug 1.35 running under perl v5.8.6.
----------------------------------------------------------------- [Please enter your report here]
The following scalar leak is reproduced under any perl 5.8+ w/ithreads:
#!/usr/bin/perl -T use Devel::Peek; use threads;
local $0 = "test"; # \<== XXX: leaks scalar my $thr = threads->new(sub { Dump $0 }); $thr->join; # \<== XXX: triggers the leak [...] Scalars leaked: 1 leaked: sv=0x816dc1c flags=0x084046007 refcnt=0\, Perl interpreter: 0x8102770
As the dump shows that leaked scalar is MG_OBJ = 0x816dc1c. This magic object is a taint magic (and it happens under -T).
From: Steve Hay \steve\.hay@​uk\.radan\.com
Is this anything to do with the following comment found in scope.c::S_save_scalar_at()
/* XXX SvMAGIC() is *shared* between osv and sv. This can * lead to coredumps when both SVs are destroyed without one * of their SvMAGIC() slots being NULLed. */
There's certiainly some stuff to do with taint magic and localizing going on in that function\, so since that's what this particular problem revolves around\, maybe its worth a closer look by someone that understands it?
I'm not sure what the following chunk from that function is trying to achieve:
if (PL_tainting && PL_tainted && (mg = mg_find(osv\, PERL_MAGIC_taint))) { SAVESPTR(mg->mg_obj); mg->mg_obj = osv; }
but could it be related to the leaked MG_OBJ?
- Steve
Looks like the leak has been fixed by my change #24942\, which fixed local() and magic (and specifically removed the code related to that XXX comment above)
@iabyn - Status changed from 'new' to 'resolved'
Migrated from rt.perl.org#34341 (status was 'resolved')
Searchable as RT34341$