perlbug-followup at perl
Nov 15, 2009, 7:38 AM
Post #1 of 1
(169 views)
Permalink
|
|
[perl #70528] Encode memory corruption (maybe PerlIO::encoding?)
|
|
# New Ticket Created by George Greer
# Please include the string: [perl #70528]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=70528 >
This is a bug report for perl from perl [at] greerga,
generated with the help of perlbug 1.36 running under perl 5.10.0.
-----------------------------------------------------------------
[Please enter your report here]
On Ubuntu's stock perl (what perlbug picked up) and blead 5.11.1
(GitLive-blead-3146-g88a6f4f), Encode can be made to corrupt memory:
valgrind (blead):
==31935== Invalid write of size 1
==31935== at 0x689A93F: do_encode (encengine.c:119)
==31935== by 0x68900B2: encode_method (Encode.xs:128)
==31935== by 0x6895938: XS_Encode__XS_encode (Encode.xs:632)
==31935== by 0x54B86B: Perl_pp_entersub (pp_hot.c:2875)
==31935== by 0x4F64DE: Perl_runops_debug (dump.c:2045)
==31935== by 0x449D89: S_run_body (perl.c:2302)
==31935== by 0x449274: perl_run (perl.c:2227)
==31935== by 0x41FA53: main (perlmain.c:117)
==31935== Address 0x644d988 is 0 bytes after a block of size 552 alloc'd
==31935== at 0x4C25153: malloc (vg_replace_malloc.c:195)
==31935== by 0x4F6DA5: Perl_safesysmalloc (util.c:94)
==31935== by 0x55248D: Perl_sv_grow (sv.c:1559)
==31935== by 0x57776E: Perl_newSV (sv.c:4883)
==31935== by 0x688E8BF: encode_method (Encode.xs:105)
==31935== by 0x6895938: XS_Encode__XS_encode (Encode.xs:632)
==31935== by 0x54B86B: Perl_pp_entersub (pp_hot.c:2875)
==31935== by 0x4F64DE: Perl_runops_debug (dump.c:2045)
==31935== by 0x449D89: S_run_body (perl.c:2302)
==31935== by 0x449274: perl_run (perl.c:2227)
==31935== by 0x41FA53: main (perlmain.c:117)
valgrind (ubuntu 5.10.0):
==8012== Conditional jump or move depends on uninitialised value(s)
==8012== at 0x4EAB9EF: Perl_re_compile (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E8F7C5: Perl_pmruntime (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E83E15: Perl_yyparse (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4F0762D: ??? (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4F09950: Perl_pp_require (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED2F85: Perl_runops_standard (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED09EC: Perl_call_sv (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED0E8C: Perl_call_list (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E85DF8: ??? (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E93BA1: Perl_newATTRSUB (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E92AD2: Perl_utilize (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E84CB3: Perl_yyparse (in /usr/lib/libperl.so.5.10.0)
==8012==
==8012== Conditional jump or move depends on uninitialised value(s)
==8012== at 0x4EAB9EF: Perl_re_compile (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4F12DD5: Perl_pp_regcomp (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED2F85: Perl_runops_standard (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED09EC: Perl_call_sv (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED0E8C: Perl_call_list (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E85DF8: ??? (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E93BA1: Perl_newATTRSUB (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E92AD2: Perl_utilize (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E84CB3: Perl_yyparse (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4F0762D: ??? (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4F09950: Perl_pp_require (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED2F85: Perl_runops_standard (in /usr/lib/libperl.so.5.10.0)
==8012==
==8012== Conditional jump or move depends on uninitialised value(s)
==8012== at 0x4EAB9EF: Perl_re_compile (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E8F7C5: Perl_pmruntime (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E8FBF0: Perl_ck_split (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E8FECC: Perl_convert (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E849AF: Perl_yyparse (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4F0762D: ??? (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4F09950: Perl_pp_require (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED2F85: Perl_runops_standard (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED09EC: Perl_call_sv (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED0E8C: Perl_call_list (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E85DF8: ??? (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E93BA1: Perl_newATTRSUB (in /usr/lib/libperl.so.5.10.0)
==8012==
==8012== Conditional jump or move depends on uninitialised value(s)
==8012== at 0x4EAB9EF: Perl_re_compile (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E8F7C5: Perl_pmruntime (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4E83E15: Perl_yyparse (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ECF0C8: ??? (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED19B2: perl_parse (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x400D0B: main (in /usr/bin/perl)
==8012==
==8012== Conditional jump or move depends on uninitialised value(s)
==8012== at 0x4F3CA41: Perl_bytes_to_utf8 (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4EEF21C: Perl_sv_utf8_upgrade_flags (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4EEF498: Perl_sv_catsv_flags (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x69F0C57: ??? (in /usr/lib/perl/5.10.0/auto/Encode/Encode.so)
==8012== by 0x69F12F9: XS_Encode__XS_encode (in /usr/lib/perl/5.10.0/auto/Encode/Encode.so)
==8012== by 0x4ED4C0E: Perl_pp_entersub (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED2F85: Perl_runops_standard (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED144B: perl_run (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x400D7B: main (in /usr/bin/perl)
==8012==
==8012== Invalid write of size 1
==8012== at 0x69F3350: do_encode (in /usr/lib/perl/5.10.0/auto/Encode/Encode.so)
==8012== by 0x69F09F3: ??? (in /usr/lib/perl/5.10.0/auto/Encode/Encode.so)
==8012== by 0x69F12F9: XS_Encode__XS_encode (in /usr/lib/perl/5.10.0/auto/Encode/Encode.so)
==8012== by 0x4ED4C0E: Perl_pp_entersub (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED2F85: Perl_runops_standard (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED144B: perl_run (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x400D7B: main (in /usr/bin/perl)
==8012== Address 0x7ce77b8 is 0 bytes after a block of size 216 alloc'd
==8012== at 0x4C2524D: realloc (vg_replace_malloc.c:476)
==8012== by 0x4EB562E: Perl_safesysrealloc (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4EE9E81: Perl_sv_grow (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4EEB999: Perl_sv_catpvn_flags (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4EEF4AE: Perl_sv_catsv_flags (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x69F0C57: ??? (in /usr/lib/perl/5.10.0/auto/Encode/Encode.so)
==8012== by 0x69F12F9: XS_Encode__XS_encode (in /usr/lib/perl/5.10.0/auto/Encode/Encode.so)
==8012== by 0x4ED4C0E: Perl_pp_entersub (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED2F85: Perl_runops_standard (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x4ED144B: perl_run (in /usr/lib/libperl.so.5.10.0)
==8012== by 0x400D7B: main (in /usr/bin/perl)
glibc (ubuntu):
*** glibc detected *** perl: realloc(): invalid next size: 0x00000000029dbee0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7fdafbb5add6]
/lib/libc.so.6[0x7fdafbb60254]
/lib/libc.so.6(realloc+0xf0)[0x7fdafbb605b0]
/usr/lib/libperl.so.5.10(Perl_safesysrealloc+0x3f)[0x7fdafc58362f]
/usr/lib/libperl.so.5.10(Perl_sv_grow+0x72)[0x7fdafc5b7e82]
/usr/lib/perl/5.10/auto/Encode/Encode.so[0x7fdafb29ad64]
/usr/lib/perl/5.10/auto/Encode/Encode.so(XS_Encode__XS_encode+0x14a)[0x7fdafb29b2fa]
/usr/lib/libperl.so.5.10(Perl_pp_entersub+0x53f)[0x7fdafc5a2c0f]
/usr/lib/libperl.so.5.10(Perl_runops_standard+0x16)[0x7fdafc5a0f86]
/usr/lib/libperl.so.5.10(perl_run+0x33c)[0x7fdafc59f44c]
perl(main+0xec)[0x400d7c]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fdafbb03abd]
perl[0x400bc9]
glibc (blead):
*** glibc detected *** /tmp/perl/bin/perl5.11.1: malloc(): memory corruption: 0x00000000029b34a0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f77eba29dd6]
/lib/libc.so.6[0x7f77eba2cc0e]
/lib/libc.so.6[0x7f77eba2f0c6]
/lib/libc.so.6(realloc+0xf0)[0x7f77eba2f5b0]
/tmp/perl/bin/perl5.11.1(Perl_safesysrealloc+0x75)[0x4f6ebf]
/tmp/perl/bin/perl5.11.1(Perl_sv_grow+0x243)[0x552479]
/tmp/perl/bin/perl5.11.1(Perl_sv_setsv_flags+0x3e4a)[0x570a1c]
/tmp/perl/bin/perl5.11.1(Perl_pp_sassign+0x11d0)[0x5316f3]
/tmp/perl/bin/perl5.11.1(Perl_runops_debug+0x157)[0x4f64df]
/tmp/perl/bin/perl5.11.1[0x449d8a]
/tmp/perl/bin/perl5.11.1(perl_run+0x100)[0x449275]
/tmp/perl/bin/perl5.11.1(main+0xc0)[0x41fa54]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f77eb9d2abd]
/tmp/perl/bin/perl5.11.1[0x41f8d9]
I don't have a stock 5.10.1 handy to test, but if blead and 5.10.0 does
it then I expect it would too.
[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=library
severity=high
---
Site configuration information for perl 5.10.0:
Configured by Debian Project at Thu Oct 1 22:36:47 UTC 2009.
Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
Platform:
osname=linux, osvers=2.6.24-23-server, archname=x86_64-linux-gnu-thread-multi
uname='linux crested 2.6.24-23-server #1 smp wed apr 1 22:14:30 utc 2009 x86_64 gnulinux '
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.10.0 -Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2 -g',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
ccversion='', gccversion='4.4.1', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
perllibs=-ldl -lm -lpthread -lc -lcrypt
libc=/lib/libc-2.10.1.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0
gnulibc_version='2.10.1'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'
Locally applied patches:
---
@INC for perl 5.10.0:
/etc/perl
/usr/local/lib/perl/5.10.0
/usr/local/share/perl/5.10.0
/usr/lib/perl5
/usr/share/perl5
/usr/lib/perl/5.10
/usr/share/perl/5.10
/usr/local/lib/site_perl
.
---
Environment for perl 5.10.0:
HOME=/home/tivrusky
LANG=en_US.UTF-8
LANGUAGE (unset)
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
PERL_BADLANG (unset)
SHELL=/bin/bash
|
