unpacking a 4-byte long on a 32-bit system causes segfault

p5pRT commented 15 years ago

Migrated from rt.perl.org#65862 (status was 'rejected')

Searchable as RT65862$

p5pRT commented 15 years ago

From cjac@colliertech.org

Created by cjac@colliertech.org

08:05 \< dngor> Here's an example of Perl\, pointer arithmetic\, and segfaulting: perl -wle 'print unpack("P4"\,pack("L"\,~0));' 08:08 \<%cj> $ perl -wle 'print unpack("P4"\,pack("L"\,~0));' && echo $? 08:08 \<%cj> 0 08:08 \<%cj> but on solaris: 08:09 \<%cj> $ perl -wle 'print unpack("P4"\,pack("L"\,~0));' && echo $? 08:09 \<%cj> Segmentation Fault 08:11 \< dnm> $ uname -srm ; perl -wle 'print $];print unpack("P4"\,pack("L"\,~0));' 08:11 \< dnm> Linux 2.6.29.3 i686 08:11 \< dnm> 5.010000 08:11 \< dnm> Segmentation fault 08:22 \<%cj> dnm: ah\, i686

(turns out the one which worked [the system details below] is 'Linux 2.6.28-11-generic x86_64' and the solaris is 'SunOS 5.9 sun4u')

Perl Info

``` Flags: category=core severity=medium Site configuration information for perl 5.10.0: Configured by Debian Project at Mon Jan 5 22:36:05 UTC 2009. Summary of my perl5 (revision 5 version 10 subversion 0) configuration: Platform: osname=linux, osvers=2.6.24-16-server, archname=x86_64-linux-gnu-thread-multi uname='linux yellow 2.6.24-16-server #1 smp thu apr 10 13:15:38 utc 2008 x86_64 gnulinux ' config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des' hint=recommended, useposix=true, d_sigaction=define useithreads=define, usemultiplicity=define useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef use64bitint=define, use64bitall=define, uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64', optimize='-O2 -g', cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include' ccversion='', gccversion='4.3.3 20081217 (prerelease)', gccosandvers='' intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16 ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=8, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64 libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt perllibs=-ldl -lm -lpthread -lc -lcrypt libc=/lib/libc-2.9.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0 gnulibc_version='2.9' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E' cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib' Locally applied patches: @INC for perl 5.10.0: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . Environment for perl 5.10.0: HOME=/home/cjac LANG=en_US.UTF-8 LANGUAGE (unset) LD_LIBRARY_PATH (unset) LOGDIR (unset) PATH=/home/cjac/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games PERL_BADLANG (unset) SHELL=/bin/bash ```

p5pRT commented 15 years ago

From @iabyn

On Wed\, May 20\, 2009 at 08:57:26AM -0700\, C.J. Adams-Collier (via RT) wrote:

08:09 \<%cj> $ perl -wle 'print unpack("P4"\,pack("L"\,~0));' && echo $? 08:09 \<%cj> Segmentation Fault

So\, you are creating a pointer whose value is 0xffffffff (or longer for 64-bit)\, then trying to access a 4-character string at that address\, which gives a SEGV. What behaviour were you expecting?

-- "Emacs isn't a bad OS once you get used to it. It just lacks a decent editor."

p5pRT commented 15 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 15 years ago

From cjac@colliertech.org

a handoff to die() or some other friendly-like\, non-broken failure

On Fri\, May 22\, 2009 at 8:33 AM\, Dave Mitchell \davem@iabyn\.com wrote:

On Wed\, May 20\, 2009 at 08:57:26AM -0700\, C.J. Adams-Collier (via RT) wrote:

08:09 \<%cj> $ perl -wle 'print unpack("P4"\,pack("L"\,~0));' && echo $? 08:09 \<%cj> Segmentation Fault

So\, you are creating a pointer whose value is 0xffffffff (or longer for 64-bit)\, then trying to access a 4-character string at that address\, which gives a SEGV. What behaviour were you expecting?

-- "Emacs isn't a bad OS once you get used to it. It just lacks a decent editor."

p5pRT commented 15 years ago

From @iabyn

On Fri\, May 22\, 2009 at 10:07:10AM -0400\, C.J. Adams-Collier wrote:

a handoff to die() or some other friendly-like\, non-broken failure

Which is essentially impossible to do portably.

On Fri\, May 22\, 2009 at 8:33 AM\, Dave Mitchell \davem@iabyn\.com wrote:

On Wed\, May 20\, 2009 at 08:57:26AM -0700\, C.J. Adams-Collier (via RT) wrote:

08:09 \<%cj> $ perl -wle 'print unpack("P4"\,pack("L"\,~0));' && echo $? 08:09 \<%cj> Segmentation Fault

So\, you are creating a pointer whose value is 0xffffffff (or longer for 64-bit)\, then trying to access a 4-character string at that address\, which gives a SEGV. What behaviour were you expecting?

-- "Emacs isn't a bad OS once you get used to it. It just lacks a decent editor."

-- This is a great day for France! -- Nixon at Charles De Gaulle's funeral

p5pRT commented 12 years ago

@cpansprout - Status changed from 'open' to 'rejected'

Perl / perl5