recently-introduced regex segfault

[p5pRT]

Migrated from rt.perl.org#8870 (status was 'resolved')

Searchable as RT8870$

[p5pRT]

From jfriedl@yahoo.com

With the latest bleedperl, this program segfaults if 're debug' is used.

  use overload;
  BEGIN {
  overload​::constant qr => sub { return $_[0] }
  }

I'm fairly confident that this worked last week.
A gdb session is appended.
  Jeffrey

  (gdb) run -w -Ilib -Mre+debug /tmp/foo
  Starting program​: /home/jfriedl/src/bleedperl/perl -w -Ilib -Mre+debug /tmp/foo
  Unquoted string "debug" may clash with future reserved word.
  Compiling REx `​::'
  size 3 Got 28 bytes for offset annotations.
  first at 1
  1​: EXACT <​::>(3)
  3​: END(0)
  anchored `​::' at 0 (checking anchored isall) minlen 2
  Offsets​: [3]
  1[2] 0[0] 3[0]
  Compiling REx `.*​::'
  size 5 Got 44 bytes for offset annotations.
  first at 2
  1​: STAR(3)
  2​: REG_ANY(0)
  3​: EXACT <​::>(5)
  5​: END(0)
  floating `​::' at 0..2147483647 (checking floating) anchored(MBOL) implicit minlen 2
  Offsets​: [5]
  2[1] 1[1] 3[2] 0[0] 5[0]
  Compiling REx `^&'
  size 4 Got 36 bytes for offset annotations.
  first at 2
  1​: BOL(2)
  2​: EXACT <&>(4)
  4​: END(0)
  anchored `&' at 0 (checking anchored) anchored(BOL) minlen 1
  Offsets​: [4]
  1[1] 2[1] 0[0] 3[0]
  Compiling REx `\W'
  size 2 Got 20 bytes for offset annotations.
  first at 1
  1​: NALNUM(2)
  2​: END(0)
  stclass `NALNUM' minlen 1
  Offsets​: [2]
  1[2] 3[0]
  Compiling REx `\W'
  size 2 Got 20 bytes for offset annotations.
  first at 1
  1​: NALNUM(2)
  2​: END(0)
  stclass `NALNUM' minlen 1
  Offsets​: [2]
  1[2] 3[0]

  Program received signal SIGSEGV, Segmentation fault.
  0x401b23fd in my_regexec (prog=0x8148b98, stringarg=0x813e948 "confess", strend=0x813e94f "",
  strbeg=0x813e948 "confess", minend=0, sv=0x813cecc, data=0x0, flags=2) at re_exec.c​:1592
  1592 SV *dsv0 = PERL_DEBUG_PAD_ZERO(0);
  (gdb) where
  #0 0x401b23fd in my_regexec (prog=0x8148b98, stringarg=0x813e948 "confess", strend=0x813e94f "",
  strbeg=0x813e948 "confess", minend=0, sv=0x813cecc, data=0x0, flags=2) at re_exec.c​:1592
  #1 0x0809efb5 in Perl_pp_match () at pp_hot.c​:1287
  #2 0x0809c6e0 in Perl_runops_standard () at run.c​:25
  #3 0x0805fa9f in S_call_body (myop=0xbfffe98c, is_eval=0) at perl.c​:1987
  #4 0x0805f881 in perl_call_sv (sv=0x8138638, flags=6) at perl.c​:1905
  #5 0x08062396 in S_call_list_body (cv=0x8138638) at perl.c​:3986
  #6 0x08062086 in Perl_call_list (oldscope=12, paramList=0x81385cc) at perl.c​:3914
  #7 0x080834ff in Perl_newATTRSUB (floor=684, o=0x813d0d8, proto=0x0, attrs=0x0, block=0x813d0a0) at op.c​:5109
  #8 0x08080535 in Perl_utilize (aver=1, floor=684, version=0x0, id=0x8137d60, arg=0x0) at op.c​:3449
  #9 0x08079dec in Perl_yyparse () at perly.y​:414
  #10 0x080c03b8 in S_doeval (gimme=0, startop=0x0) at pp_ctl.c​:2750
  #11 0x080c16de in Perl_pp_require () at pp_ctl.c​:3227
  #12 0x0809c6e0 in Perl_runops_standard () at run.c​:25
  #13 0x0805fa9f in S_call_body (myop=0xbfffedfc, is_eval=0) at perl.c​:1987
  #14 0x0805f881 in perl_call_sv (sv=0x8135aa8, flags=6) at perl.c​:1905
  #15 0x08062396 in S_call_list_body (cv=0x8135aa8) at perl.c​:3986
  #16 0x08062086 in Perl_call_list (oldscope=6, paramList=0x811e980) at perl.c​:3914
  #17 0x080834ff in Perl_newATTRSUB (floor=325, o=0x8136d18, proto=0x0, attrs=0x0, block=0x8136cf0) at op.c​:5109
  #18 0x08080535 in Perl_utilize (aver=1, floor=325, version=0x0, id=0x81366a0, arg=0x0) at op.c​:3449
  #19 0x08079dec in Perl_yyparse () at perly.y​:414
  #20 0x080c03b8 in S_doeval (gimme=0, startop=0x0) at pp_ctl.c​:2750
  #21 0x080c16de in Perl_pp_require () at pp_ctl.c​:3227
  #22 0x0809c6e0 in Perl_runops_standard () at run.c​:25
  #23 0x0805fa9f in S_call_body (myop=0xbffff26c, is_eval=0) at perl.c​:1987
  #24 0x0805f881 in perl_call_sv (sv=0x8119e94, flags=6) at perl.c​:1905
  #25 0x08062396 in S_call_list_body (cv=0x8119e94) at perl.c​:3986
  #26 0x08062086 in Perl_call_list (oldscope=1, paramList=0x8119f30) at perl.c​:3914
  #27 0x080834ff in Perl_newATTRSUB (floor=107, o=0x8125dc0, proto=0x0, attrs=0x0, block=0x8125d98) at op.c​:5109
  #28 0x08080535 in Perl_utilize (aver=1, floor=107, version=0x0, id=0x8116708, arg=0x0) at op.c​:3449
  #29 0x08079dec in Perl_yyparse () at perly.y​:414
  #30 0x0805ee17 in S_parse_body (env=0x0, xsinit=0x805c8f4 <xs_init>) at perl.c​:1463
  #31 0x0805e253 in perl_parse (my_perl=0x81103a8, xsinit=0x805c8f4 <xs_init>, argc=5, argv=0xbffff6a4, env=0x0)
  at perl.c​:990
  #32 0x0805c8af in main (argc=5, argv=0xbffff6a4, env=0xbffff6bc) at perlmain.c​:83
  #33 0x400756cf in __libc_start_main () from /lib/libc.so.6
  (gdb)

Perl Info

Flags:
    category=core
    severity=medium

This perlbug was built using Perl v5.7.3 - Sat Mar 23 20:17:40 PST 2002
It is being executed now by  Perl v5.7.3 - Sun Mar 17 16:13:39 PST 2002.

Site configuration information for perl v5.7.3:

Configured by jfriedl at Sun Mar 17 16:13:39 PST 2002.

Summary of my perl5 (revision 5.0 version 7 subversion 3 patch 15276) configuration:
  Platform:
    osname=linux, osvers=2.4.17, archname=i686-linux
    uname='linux fummy 2.4.17 #5 smp thu feb 14 15:21:38 pst 2002 i686 unknown '
    config_args='-Dusedevel -d -e -s -O -D optimize=-O2 -g'
    hint=previous, useposix=true, d_sigaction=define
    usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=define
  Compiler:
    cc='cc', ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g',
    cppflags='-DDEBUGGING -fno-strict-aliasing -I/usr/local/include -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    ccversion='', gccversion='2.95.4  (Debian prerelease)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lnsl -ldl -lm -lc -lcrypt -lutil
    perllibs=-lnsl -ldl -lm -lc -lcrypt -lutil
    libc=/lib/libc-2.2.5.so, so=so, useshrplib=false, libperl=libperl.a
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    DEVEL15449


@INC for perl v5.7.3:
    /home/jfriedl/lib/perl
    /home/jfriedl/lib/perl/yahoo
    /usr/local/lib/perl5/5.7.3/i686-linux
    /usr/local/lib/perl5/5.7.3
    /usr/local/lib/perl5/site_perl/5.7.3/i686-linux
    /usr/local/lib/perl5/site_perl/5.7.3
    /usr/local/lib/perl5/site_perl
    .


Environment for perl v5.7.3:
    HOME=/home/jfriedl
    LANG=C
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/jfriedl/bin:/home/jfriedl/common/bin:.:/usr/local/pgsql/bin:/usr/local/bin:/usr/X11R6/bin:/bin:/usr/bin:/usr/sbin:/sbin:/home/jfriedl/src/rvplayer5.0:/usr/local/prod/bin:/usr/local/java/bin
    PERLLIB=/home/jfriedl/lib/perl:/home/jfriedl/lib/perl/yahoo
    PERL_BADLANG (unset)
    SHELL=/bin/tcsh

[p5pRT]

From @schwern

On Sat, Mar 23, 2002 at 08​:53​:16PM -0800, Jeffrey Friedl wrote​:

With the latest bleedperl, this program segfaults if 're debug' is used.

use overload;
BEGIN \{
      overload​::constant qr => sub \{ return $\_\[0\] \}
\}

Only 'use overload' is necessary for me.

It segfaults @​15421 without -DDEBUGGING. Can't tell exactly where
since it's not -g. @​15421 with -DDEBUGGING it works fine.

This appears to be the opposite of what you're seeing since line 1592
is right in the middle of an #ifdef DEBUGGING block.

cppflags='\-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64'

err.. what happened there?

--

Michael G. Schwern <schwern@​pobox.com> http​://www.pobox.com/~schwern/
Perl Quality Assurance <perl-qa@​perl.org> Kwalitee Is Job One
....and that, children, is how to clean and load a .38 revolver. Questions?

[p5pRT]

From @jhi

cppflags='\-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-DDEBUGGING \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64 \-fno\-strict\-aliasing \-I/usr/local/include \-D\_LARGEFILE\_SOURCE \-D\_FILE\_OFFSET\_BITS=64'

err.. what happened there?

Repeated Configures without make distclean. (The hints files do
not reset the flags.)

--
$jhi++; # http​://www.iki.fi/jhi/
  # There is this special biologist word we use for 'stable'.
  # It is 'dead'. -- Jack Cohen

[p5pRT]

From @schwern

The segfault *is* in the PERL_DEBUG_PAD_ZERO(0) call. Here's what
that expands to​:

  (((XPV*) ( &(PL_debug_pad.pad[ 0 ]) )->sv_any )->xpv_pv [0] = 0, ((XPV*) ( &(PL_debug_pad.pad[ 0 ]) )->sv_any )->xpv_cur = 0, &(PL_debug_pad.pad[ 0 ]) ) ;

pretty.

PL_debug_pad does not seem to contain anything useful.

(gdb) p PL_debug_pad
$51 = {pad = {{sv_any = 0x0, sv_refcnt = 0, sv_flags = 0}, {sv_any = 0x0,
  sv_refcnt = 0, sv_flags = 0}, {sv_any = 0x0, sv_refcnt = 0,
  sv_flags = 0}}}

and so those dereferences above will bomb.

(gdb) p ((XPV*) ( &(PL_debug_pad.pad[ 0 ]) )->sv_any )->xpv_pv [0]
Cannot access memory at address 0x0
(gdb) p ((XPV*) ( &(PL_debug_pad.pad[ 0 ]) )->sv_any )->xpv_cur
Cannot access memory at address 0x4

This only happens if -DDEBUGGING is off. re.pm turns -DDEBUGGING back
on for reexec.c.

  /* need access to debugger hooks */
  # if defined(PERL_EXT_RE_DEBUG) && !defined(DEBUGGING)
  # define DEBUGGING
  # endif

I think what causes the problem is this code in perl.h​:

  #ifdef DEBUGGING
  sv_setpvn(PERL_DEBUG_PAD(0), "", 0);
  sv_setpvn(PERL_DEBUG_PAD(1), "", 0);
  sv_setpvn(PERL_DEBUG_PAD(2), "", 0);
  #endif

without -DDEBUGGING when perl.h is compiled DEBUGGING is off so the
init code doesn't run. When ext/re/ compiles re_exec.c (which is
really regexec.c) it turns DEBUGGING on, but PL_debug_pad was never
initialized. Boom.

Solution? Remove the #ifdef DEBUGGING.

--- perl.c 2002/03/24 07​:20​:56 1.1
+++ perl.c 2002/03/24 07​:21​:10
@​@​ -258,11 +258,9 @​@​
  PL_fdpid = newAV(); /* for remembering popen pids by fd */
  PL_modglobal = newHV(); /* pointers to per-interpreter module globals */
  PL_errors = newSVpvn("",0);
-#ifdef DEBUGGING
  sv_setpvn(PERL_DEBUG_PAD(0), "", 0); /* For regex debugging. */
  sv_setpvn(PERL_DEBUG_PAD(1), "", 0);
  sv_setpvn(PERL_DEBUG_PAD(2), "", 0);
-#endif
#ifdef USE_ITHREADS
  PL_regex_padav = newAV();
  av_push(PL_regex_padav,(SV*)newAV()); /* First entry is an array of empty elements */

--

Michael G. Schwern <schwern@​pobox.com> http​://www.pobox.com/~schwern/
Perl Quality Assurance <perl-qa@​perl.org> Kwalitee Is Job One
My enormous capacity for love is being WASTED on YOU guys
  -- http​://www.angryflower.com/497day.gif

[p5pRT]

From @jhi

I think what causes the problem is this code in perl.h​:

\#ifdef DEBUGGING
    sv\_setpvn\(PERL\_DEBUG\_PAD\(0\)\, ""\, 0\);
    sv\_setpvn\(PERL\_DEBUG\_PAD\(1\)\, ""\, 0\);
    sv\_setpvn\(PERL\_DEBUG\_PAD\(2\)\, ""\, 0\);
\#endif

without -DDEBUGGING when perl.h is compiled DEBUGGING is off so the
init code doesn't run. When ext/re/ compiles re_exec.c (which is
really regexec.c) it turns DEBUGGING on, but PL_debug_pad was never
initialized. Boom.

Solution? Remove the #ifdef DEBUGGING.

Looks good to me. In fact I have a severe case of of dejavu... ahhh, yes​:

____________________________________________________________________________
[ 13246] By​: jhi on 2001/11/24 21​:45​:32
  Log​: The debug_pag needs to be visible at all times
  because of the re extension.
  Branch​: perl
  ! intrpvar.h makedef.pl perl.c perl.h regexec.c
____________________________________________________________________________

--
$jhi++; # http​://www.iki.fi/jhi/
  # There is this special biologist word we use for 'stable'.
  # It is 'dead'. -- Jack Cohen

[p5pRT]

From @smpeters

[RT_System - Sat Mar 23 22​:49​:25 2002]​:

I think what causes the problem is this code in perl.h​:

\#ifdef DEBUGGING
    sv\_setpvn\(PERL\_DEBUG\_PAD\(0\)\, ""\, 0\);
    sv\_setpvn\(PERL\_DEBUG\_PAD\(1\)\, ""\, 0\);
    sv\_setpvn\(PERL\_DEBUG\_PAD\(2\)\, ""\, 0\);
\#endif

without -DDEBUGGING when perl.h is compiled DEBUGGING is off so the
init code doesn't run. When ext/re/ compiles re_exec.c (which is
really regexec.c) it turns DEBUGGING on, but PL_debug_pad was never
initialized. Boom.

Solution? Remove the #ifdef DEBUGGING.

Looks good to me. In fact I have a severe case of of dejavu... ahhh,
yes​:

____________________________________________________________________________

[ 13246] By​: jhi on 2001/11/24 21​:45​:32
Log​: The debug_pag needs to be visible at all times
because of the re extension.
Branch​: perl
! intrpvar.h makedef.pl perl.c perl.h regexec.c

____________________________________________________________________________

This all appears to be working fine in multiple versions of 5.8 and
bleadperl.

[p5pRT]

@smpeters - Status changed from 'open' to 'resolved'