Non assignment to *DB::DB causes segfault

[p5pRT]

Migrated from rt.perl.org#114990 (status was 'resolved')

Searchable as RT114990$

[p5pRT]

From @Leont

This is a bug report for perl from fawaka@​gmail.com,
generated with the help of perlbug 1.39 running under perl 5.16.1.

---

cat Devel/foo.pm
package Devel​::foo;
*DB​::DB = sub {} if 0;
1;

perl -d​:foo -e0
Segmentation fault (core dumped)

It seems pp_dbstate doesn't check it the &DB​::DB is really defined,
only that it has been seen.

---

---

Flags​:
  category=core
  severity=low

---

Site configuration information for perl 5.16.1​:

Configured by leon at Thu Aug 9 12​:30​:13 EEST 2012.

Summary of my perl5 (revision 5 version 16 subversion 1) configuration​:

  Platform​:
  osname=linux, osvers=3.2.0-27-generic, archname=x86_64-linux-thread-multi
  uname='linux leon-laptop 3.2.0-27-generic #43-ubuntu smp fri jul 6
14​:25​:57 utc 2012 x86_64 x86_64 x86_64 gnulinux '
  config_args='-de
-Dprefix=/home/leon/perl5/perlbrew/perls/perl-5.16.1 -Duseshrplib
-Dusethreads'
  hint=recommended, useposix=true, d_sigaction=define
  useithreads=define, usemultiplicity=define
  useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
  use64bitint=define, use64bitall=define, uselongdouble=undef
  usemymalloc=n, bincompat5005=undef
  Compiler​:
  cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing
-pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64',
  optimize='-O2',
  cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe
-fstack-protector -I/usr/local/include'
  ccversion='', gccversion='4.6.3', gccosandvers=''
  intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
  ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
  alignbytes=8, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
  libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib
/usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib
  libs=-lnsl -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
  libc=, so=so, useshrplib=true, libperl=libperl.so
  gnulibc_version='2.15'
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
-Wl,-rpath,/home/leon/perl5/perlbrew/perls/perl-5.16.1/lib/5.16.1/x86_64-linux-thread-multi/CORE'
  cccdlflags='-fPIC', lddlflags='-shared -O2 -L/usr/local/lib
-fstack-protector'

Locally applied patches​:

---

@​INC for perl 5.16.1​:
  /home/leon/perl5/perlbrew/perls/perl-5.16.1/lib/site_perl/5.16.1/x86_64-linux-thread-multi
  /home/leon/perl5/perlbrew/perls/perl-5.16.1/lib/site_perl/5.16.1
  /home/leon/perl5/perlbrew/perls/perl-5.16.1/lib/5.16.1/x86_64-linux-thread-multi
  /home/leon/perl5/perlbrew/perls/perl-5.16.1/lib/5.16.1
  .

---

Environment for perl 5.16.1​:
  HOME=/home/leon
  LANG=en_US.UTF-8
  LANGUAGE=en_US​:en
  LC_ADDRESS=en_US.UTF-8
  LC_IDENTIFICATION=en_US.UTF-8
  LC_MEASUREMENT=en_US.UTF-8
  LC_MONETARY=en_US.UTF-8
  LC_NAME=en_US.UTF-8
  LC_NUMERIC=en_US.UTF-8
  LC_PAPER=en_US.UTF-8
  LC_TELEPHONE=en_US.UTF-8
  LC_TIME=en_US.UTF-8
  LD_LIBRARY_PATH (unset)
  LOGDIR (unset)
  PATH=/home/leon/perl5/perlbrew/bin​:/home/leon/perl5/perlbrew/perls/perl-5.16.1/bin​:/home/leon/bin​:/usr/lib/lightdm/lightdm​:/usr/local/sbin​:/usr/local/bin​:/usr/sbin​:/usr/bin​:/sbin​:/bin​:/usr/games
  PERLBREW_HOME=/home/leon/.perlbrew
  PERLBREW_PATH=/home/leon/perl5/perlbrew/bin​:/home/leon/perl5/perlbrew/perls/perl-5.16.1/bin
  PERLBREW_PERL=perl-5.16.1
  PERLBREW_ROOT=/home/leon/perl5/perlbrew
  PERLBREW_VERSION=0.25
  PERL_BADLANG (unset)
  SHELL=/bin/bash

[p5pRT]

From @doy

Fixed in 432d456.
--
-doy

[p5pRT]

From [Unknown Contact. See original ticket]

Fixed in 432d456.
--
-doy

[p5pRT]

@doy - Status changed from 'new' to 'resolved'

[p5pRT]

From [email protected]

On Fri Sep 21 05​:35​:18 2012, LeonT wrote​:

cat Devel/foo.pm
package Devel​::foo;
*DB​::DB = sub {} if 0;
1;

perl -d​:foo -e0
Segmentation fault (core dumped)

It seems pp_dbstate doesn't check it the &DB​::DB is really defined,
only that it has been seen.

This seems familiar. Yup​: bug #34892 -- a bug from years ago which
claims that declaring DB​::sub without defining it can cause a segfault.

If you know what caused this bug, maybe check all the other debugger
callbacks for similar problems now.

Ambrus

[p5pRT]

From [email protected]

On Mon Sep 24 05​:34​:57 2012, b_jonas wrote​:

On Fri Sep 21 05​:35​:18 2012, LeonT wrote​:

cat Devel/foo.pm
package Devel​::foo;
*DB​::DB = sub {} if 0;
1;

perl -d​:foo -e0
Segmentation fault (core dumped)

It seems pp_dbstate doesn't check it the &DB​::DB is really defined,
only that it has been seen.

This seems familiar. Yup​: bug #34892 -- a bug from years ago which
claims that declaring DB​::sub without defining it can cause a segfault.

If you know what caused this bug, maybe check all the other debugger
callbacks for similar problems now.

In fact, you might be able to get a smaller test case for this bug using
that knowledge. Try this​:

perl -we 'sub DB​::DB; BEGIN { $^P = 0x22; } for (0 .. 9) { warn "hello
world"; }'

This should give some kind of error or just print hello world ten times,
but instead at least perl 5.14 seems to do nothing and exit
successfully. I don't have a more recent perl at hand to test now, sorry.

Ambrus

[p5pRT]

From @nwc10

On Mon, Sep 24, 2012 at 05​:40​:02AM -0700, Zsban Ambrus via RT wrote​:

perl -we 'sub DB​::DB; BEGIN { $^P = 0x22; } for (0 .. 9) { warn "hello
world"; }'

Thanks for the terse test case.

This should give some kind of error or just print hello world ten times,
but instead at least perl 5.14 seems to do nothing and exit
successfully. I don't have a more recent perl at hand to test now, sorry.

I do, but I don't have time to investigate this further (until at least
Thursday, but more likely November)

commit 432d456
Author​: Jesse Luehrs <doy@​tozt.net>
Date​: Mon Sep 24 00​:29​:06 2012 -0500

  don't crash with -d if DB​::DB is seen but not defined [perl #114990]

(gdb) r
Starting program​: /home/nick/Perl/perl/perl -we sub\ DB​::DB\;\ BEGIN\ \{\ \$\^P\ =\ 0x22\;\ \}\ for\ \(0\ ..\ 9\)\ \{\ warn\ \"hello\ world\"\;\ \}

Program received signal SIGSEGV, Segmentation fault.
0x0000000000528185 in Perl_pp_dbstate () at pp_ctl.c​:1997
1997 PAD_SET_CUR_NOSAVE(CvPADLIST(cv), 1);
(gdb) p cv
$1 = (CV *) 0x7f2f78
(gdb) call Perl_sv_dump(cv)
SV = PVCV(0x7f1098) at 0x7f2f78
  REFCNT = 3
  FLAGS = ()
  COMP_STASH = 0x7dfff8 "DB"
  ROOT = 0x0
  GVGV​::GV = 0x7f2e88 "DB" :​: "DB"
  FILE = "-e"
  DEPTH = 1
  FLAGS = 0x0
  OUTSIDE_SEQ = 0
  PADLIST = 0x0
  OUTSIDE = 0x0 (null)

Nicholas Clark

[p5pRT]

From @cpansprout

On Mon Sep 24 05​:40​:01 2012, b_jonas wrote​:

On Mon Sep 24 05​:34​:57 2012, b_jonas wrote​:

On Fri Sep 21 05​:35​:18 2012, LeonT wrote​:

cat Devel/foo.pm
package Devel​::foo;
*DB​::DB = sub {} if 0;
1;

perl -d​:foo -e0
Segmentation fault (core dumped)

It seems pp_dbstate doesn't check it the &DB​::DB is really defined,
only that it has been seen.

This seems familiar. Yup​: bug #34892 -- a bug from years ago which
claims that declaring DB​::sub without defining it can cause a
segfault.

If you know what caused this bug, maybe check all the other debugger
callbacks for similar problems now.

In fact, you might be able to get a smaller test case for this bug using
that knowledge. Try this​:

perl -we 'sub DB​::DB; BEGIN { $^P = 0x22; } for (0 .. 9) { warn "hello
world"; }'

This should give some kind of error or just print hello world ten times,
but instead at least perl 5.14 seems to do nothing and exit
successfully. I don't have a more recent perl at hand to test now, sorry.

I’ve just fixed that in commit c2cb6f7.

--

Father Chrysostomos