dankogai at dan
Nov 16, 2009, 12:23 AM
Post #4 of 5
(339 views)
Permalink
|
|
Re: Encode memory corruption [perl #70528]
[In reply to]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
George,
I think I have fixed it now.
On 16 Nov 2009, at 14:46, George Greer wrote:
> It might not crash under perl 5.8.9, but making it crash is finicky anyway since the script doesn't exercise memory much afterward. Valgrind says 5.8.9 still causes the errant write:
>
> ==30569== Command: /home/perl/work/cpan_maint-5.8/perl/bin/perl5.8.9 -MEncode -le print\ encode\ "ascii",\ "\ a\\x{b6}\\x{2022}a"x8,\ sub{"\\x{2022}"}
> ==30569==
> ==30569== Invalid write of size 1
> ==30569== at 0x629D113: do_encode (encengine.c:119)
> ==30569== by 0x62970B3: encode_method (Encode.xs:128)
> ==30569== by 0x629920D: XS_Encode__XS_encode (Encode.xs:621)
> ==30569== by 0x479D0F: Perl_pp_entersub (pp_hot.c:2862)
> ==30569== by 0x444896: Perl_runops_debug (dump.c:1639)
> ==30569== by 0x465582: S_run_body (perl.c:2453)
> ==30569== by 0x464E77: perl_run (perl.c:2368)
> ==30569== by 0x421CA8: main (perlmain.c:109)
> ==30569== Address 0x61bb4c0 is 0 bytes after a block of size 48 alloc'd
> ==30569== at 0x4C2524D: realloc (vg_replace_malloc.c:476)
> ==30569== by 0x4451F1: Perl_safesysrealloc (util.c:177)
> ==30569== by 0x47D440: Perl_sv_grow (sv.c:1440)
> ==30569== by 0x48445A: Perl_sv_catpvn_flags (sv.c:3915)
> ==30569== by 0x484752: Perl_sv_catsv_flags (sv.c:3975)
> ==30569== by 0x6296D7A: encode_method (Encode.xs:204)
> ==30569== by 0x629920D: XS_Encode__XS_encode (Encode.xs:621)
> ==30569== by 0x479D0F: Perl_pp_entersub (pp_hot.c:2862)
> ==30569== by 0x444896: Perl_runops_debug (dump.c:1639)
> ==30569== by 0x465582: S_run_body (perl.c:2453)
> ==30569== by 0x464E77: perl_run (perl.c:2368)
> ==30569== by 0x421CA8: main (perlmain.c:109)
>
> perl 5.10.0 crashed a lot more than blead 5.11.1 during my test case reduction, but the valgrind still showed the write being there even when blead didn't crash.
Would you try the patch below? That fixed the problem on my OS X.
====
% perl -MEncode -le 'print encode "ascii", " a\x{b6}\x{2022}a"x8, sub{ "\x{2022}" }'
Segmentation fault
% perl -Mblib -MEncode -le 'print encode "ascii", " a\x{b6}\x{2022}a"x8, sub{ "\x{2022}" }'
a••a a••a a••a a••a a••a a••a a••a a••a
====
The patch applies SvUTF8_off when encoding. I also did a little optimization but that does not matter on fixing the problem.
I will VERSION++ after your report. Thank you in advance for testing.
Dan the Maintainer THereof.
===================================================================
RCS file: Encode.xs,v
retrieving revision 2.16
diff -u -r2.16 Encode.xs
- --- Encode.xs 2009/09/06 14:32:21 2.16
+++ Encode.xs 2009/11/16 08:17:11
@@ -68,7 +68,7 @@
{
dSP;
int argc;
- - SV *temp, *retval;
+ SV *retval = newSVpv("",0);
ENTER;
SAVETMPS;
PUSHMARK(sp);
@@ -79,13 +79,10 @@
if (argc != 1){
croak("fallback sub must return scalar!");
}
- - temp = newSVsv(POPs);
+ sv_catsv(retval, POPs);
PUTBACK;
FREETMPS;
LEAVE;
- - retval = newSVpv("",0);
- - sv_catsv(retval, temp);
- - SvREFCNT_dec(temp);
return retval;
}
@@ -199,6 +196,7 @@
: newSVpvf(check & ENCODE_PERLQQ ? "\\x{%04"UVxf"}" :
check & ENCODE_HTMLCREF ? "&#%" UVuf ";" :
"&#x%" UVxf ";", (UV)ch);
+ SvUTF8_off(subchar); /* make sure no decoded string gets in */
sdone += slen + clen;
ddone += dlen + SvCUR(subchar);
sv_catsv(dst, subchar);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAksBDBsACgkQErJia/WXtBuXBgCdEvbSBofXhu+DlP6qm6mo6ZJW
HUwAnjIAj+daYPByCbCd0ST28PDoSpkA
=84SB
-----END PGP SIGNATURE-----
|
