fwrite will segfault if stream is null

[p5pRT]

Migrated from rt.perl.org#73474 (status was 'resolved')

Searchable as RT73474$

[p5pRT]

From cebratcher@gmail.com

This is a bug report for perl from cebratcher@​gmail.com,
generated with the help of perlbug 1.39 running under perl 5.11.5.

The following works (but does not print "bar") in perlio. But will
segfault if you set PERLIO to stdio.

perl -le 'print "foo"; binmode "​:pop"; binmode "​:pop"; print "bar";'

This appears to've been a bug as far back as 5.8.0.
perlbug seems to be missing -u... so I'll add the patch in rt.perl.org

-Clif

---

Flags​:
  category=core
  severity=low

---

Site configuration information for perl 5.11.5​:

Configured by cbratcher at Mon Feb 22 19​:03​:59 EST 2010.

Summary of my perl5 (revision 5 version 11 subversion 5) configuration​:
  Commit id​: b3289bd
  Platform​:
  osname=linux, osvers=2.6.31-19-generic, archname=x86_64-linux
  uname='linux pith 2.6.31-19-generic #56-ubuntu smp thu jan 28 02​:39​:34 utc 2010 x86_64 gnulinux '
  config_args=''
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g -ggdb',
  cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.4.1', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
  libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lc
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
  libc=/lib/libc-2.10.1.so, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.10.1'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -ggdb -L/usr/local/lib -fstack-protector'

Locally applied patches​:
 

---

@​INC for perl 5.11.5​:
  /usr/local/lib/perl5/site_perl/5.11.5/x86_64-linux
  /usr/local/lib/perl5/site_perl/5.11.5
  /usr/local/lib/perl5/5.11.5/x86_64-linux
  /usr/local/lib/perl5/5.11.5
  .

---

Environment for perl 5.11.5​:
  HOME=/home/cbratcher
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/cbratcher/bin​:/usr/local/sbin​:/usr/local/bin​:/usr/sbin​:/usr/bin​:/sbin​:/bin​:/usr/games
  PERL_BADLANG (unset)
  SHELL=/bin/bash

---

Flags​:
  category=core
  severity=low

---

Site configuration information for perl 5.11.5​:

Configured by cbratcher at Mon Feb 22 19​:03​:59 EST 2010.

Summary of my perl5 (revision 5 version 11 subversion 5) configuration​:
  Commit id​: b3289bd
  Platform​:
  osname=linux, osvers=2.6.31-19-generic, archname=x86_64-linux
  uname='linux pith 2.6.31-19-generic #56-ubuntu smp thu jan 28 02​:39​:34 utc 2010 x86_64 gnulinux '
  config_args=''
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g -ggdb',
  cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.4.1', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
  libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lc
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
  libc=/lib/libc-2.10.1.so, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.10.1'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -ggdb -L/usr/local/lib -fstack-protector'

Locally applied patches​:
 

---

@​INC for perl 5.11.5​:
  /usr/local/lib/perl5/site_perl/5.11.5/x86_64-linux
  /usr/local/lib/perl5/site_perl/5.11.5
  /usr/local/lib/perl5/5.11.5/x86_64-linux
  /usr/local/lib/perl5/5.11.5
  .

---

Environment for perl 5.11.5​:
  HOME=/home/cbratcher
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/cbratcher/bin​:/usr/local/sbin​:/usr/local/bin​:/usr/sbin​:/usr/bin​:/sbin​:/bin​:/usr/games
  PERL_BADLANG (unset)
  SHELL=/bin/bash

---

Flags​:
  category=core
  severity=low

---

Site configuration information for perl 5.11.5​:

Configured by cbratcher at Mon Feb 22 19​:03​:59 EST 2010.

Summary of my perl5 (revision 5 version 11 subversion 5) configuration​:
  Commit id​: b3289bd
  Platform​:
  osname=linux, osvers=2.6.31-19-generic, archname=x86_64-linux
  uname='linux pith 2.6.31-19-generic #56-ubuntu smp thu jan 28 02​:39​:34 utc 2010 x86_64 gnulinux '
  config_args=''
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=undef, usemultiplicity=undef
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
  optimize='-O2 -g -ggdb',
  cppflags='-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.4.1', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib /lib64 /usr/lib64
  libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lc
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
  libc=/lib/libc-2.10.1.so, so=so, useshrplib=false, libperl=libperl.a
  gnulibc_version='2.10.1'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -g -ggdb -L/usr/local/lib -fstack-protector'

Locally applied patches​:
 

---

@​INC for perl 5.11.5​:
  /usr/local/lib/perl5/site_perl/5.11.5/x86_64-linux
  /usr/local/lib/perl5/site_perl/5.11.5
  /usr/local/lib/perl5/5.11.5/x86_64-linux
  /usr/local/lib/perl5/5.11.5
  .

---

Environment for perl 5.11.5​:
  HOME=/home/cbratcher
  LANG=en_US.UTF-8
  LANGUAGE (unset)
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/cbratcher/bin​:/usr/local/sbin​:/usr/local/bin​:/usr/sbin​:/usr/bin​:/sbin​:/bin​:/usr/games
  PERL_BADLANG (unset)
  SHELL=/bin/bash

[p5pRT]

cebratcher@gmail.com - Status changed from 'new' to 'open'

[p5pRT]

From cebratcher@gmail.com

Check for valid IO and flip the err to EBADF if there's a problem in
PerlIOStdio_write.

[p5pRT]

From cebratcher@gmail.com

perlio_fwrite.patch

commit 2d0df07e7da6b2743477d99e63afd55c42945566
Author: Clif Bratcher <cebratcher@gmail.com>
Date:   Tue Mar 9 17:55:12 2010 -0500

    Bug 73474 - fwrite happily segfaults with a null stream

diff --git a/perlio.c b/perlio.c
index ddcc357..603be7b 100644
--- a/perlio.c
+++ b/perlio.c
@@ -3303,6 +3303,12 @@ PerlIOStdio_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
 {
     dVAR;
     SSize_t got;
+
+    if (!PerlIOValid(f)) {
+	SETERRNO(EBADF, SS_IVCHAN);
+	return 0;
+    }
+
     for (;;) {
 	got = PerlSIO_fwrite(vbuf, 1, count,
 			      PerlIOSelf(f, PerlIOStdio)->stdio);

[p5pRT]

From @doy

I can't reproduce this with any version of perl, going back to 5.8.1.
Does this depend on the underlying C library or something? "bar" is
printed in all cases even if PERLIO isn't set to stdio.

-doy

[p5pRT]

From @Leont

On Tue Mar 09 15​:42​:51 2010, cbratcher wrote​:

The following works (but does not print "bar") in perlio. But will
segfault if you set PERLIO to stdio.

perl -le 'print "foo"; binmode "​:pop"; binmode "​:pop"; print "bar";'

This appears to've been a bug as far back as 5.8.0.
perlbug seems to be missing -u... so I'll add the patch in
rt.perl.org

That code is binmoding the filehandle *{"​:pop"}, instead of STDOUT as
you probably intended, which makes it hard for us to reproduce your bug.

The same code using binmode STDOUT, "​:pop" doesn't segfault for me on
anything I tried.

Leon

[p5pRT]

From @jkeenan

On Thu Jul 05 04​:28​:12 2012, LeonT wrote​:

On Tue Mar 09 15​:42​:51 2010, cbratcher wrote​:

The following works (but does not print "bar") in perlio. But will
segfault if you set PERLIO to stdio.

perl -le 'print "foo"; binmode "​:pop"; binmode "​:pop"; print "bar";'

This appears to've been a bug as far back as 5.8.0.
perlbug seems to be missing -u... so I'll add the patch in
rt.perl.org

That code is binmoding the filehandle *{"​:pop"}, instead of STDOUT as
you probably intended, which makes it hard for us to reproduce your bug.

The same code using binmode STDOUT, "​:pop" doesn't segfault for me on
anything I tried.

Leon

Leon,

Neither the original poster nor anyone else has responded to your post
of last year. Should we close this RT?

Thank you very much.
Jim Keenan

[p5pRT]

From cebratcher@gmail.com

Woah, I'd all but forgotten about this! Apologies for never following
up here, can only assume Leon's question got stuck in my junk mail.

Just tried to reproduce the issue and I'm not seeing it in 5.12. Feel
free to close this.

Thanks and sorry again,
-Clif

On Sat, Jun 29, 2013 at 8​:28 PM, James E Keenan via RT
<perlbug-followup@​perl.org> wrote​:

On Thu Jul 05 04​:28​:12 2012, LeonT wrote​:

On Tue Mar 09 15​:42​:51 2010, cbratcher wrote​:

The following works (but does not print "bar") in perlio. But will
segfault if you set PERLIO to stdio.

perl -le 'print "foo"; binmode "​:pop"; binmode "​:pop"; print "bar";'

This appears to've been a bug as far back as 5.8.0.
perlbug seems to be missing -u... so I'll add the patch in
rt.perl.org

That code is binmoding the filehandle *{"​:pop"}, instead of STDOUT as
you probably intended, which makes it hard for us to reproduce your bug.

The same code using binmode STDOUT, "​:pop" doesn't segfault for me on
anything I tried.

Leon

Leon,

Neither the original poster nor anyone else has responded to your post
of last year. Should we close this RT?

Thank you very much.
Jim Keenan

[p5pRT]

@cpansprout - Status changed from 'open' to 'resolved'