perl5 icon indicating copy to clipboard operation
perl5 copied to clipboard

Published 20 hours ago verified publisher icon Perl

perl: mg.c:1046: Perl_magic_get: Assertion `isGV_with_GP(PL_last_in_gv)' failed.

Open tonycoz opened this issue 4 years ago • 2 comments

Module:

Description

An assertion can be thrown when using ${^LAST_FH} if:

  • PL_last_in_gv was implicitly localized,
  • and the glob that it pointed to was destroyed within the localized block

This happens because PL_last_in_gv is a simple pointer to the GV, and doesn't retain a reference count to the GV, the localization performed also doesn't keep a reference count.

The normal way PL_last_in_gv is cleared is via checks in sv_clear(), and this does clear PL_last_in_gv when the GV is destroyed, but then it's restored to the bad pointer when the block exits.

The only real fix I can see is keeping a weak reference to the GV in PL_last_in_gv, but that would be significantly more expensive than the current mechanism.

This came up while looking at at #1420.

Steps to Reproduce

$ ./perl -e 'open my $x, "<", "toke.c"; <$x>; { local $.; undef $x; } seek ${^LAST_FH}, 0, 0;'
perl: mg.c:1046: Perl_magic_get: Assertion `isGV_with_GP(PL_last_in_gv)' failed.
Aborted

Expected behavior No assertion should be thrown, and ${^LAST_FH} should be undef at this point.

Perl configuration

Summary of my perl5 (revision 5 version 35 subversion 4) configuration:
  Commit id: 6128f436cec56eb058997a31b6565620b6d9109d
  Platform:
    osname=linux
    osvers=4.19.0-17-amd64
    archname=x86_64-linux
    uname='linux venus 4.19.0-17-amd64 #1 smp debian 4.19.194-2 (2021-06-21) x86_64 gnulinux '
    config_args='-des -Dusedevel -DDEBUGGING'
    hint=recommended
    useposix=true
    d_sigaction=define
    useithreads=undef
    usemultiplicity=undef
    use64bitint=define
    use64bitall=define
    uselongdouble=undef
    usemymalloc=n
    default_inc_excludes_dot=define
  Compiler:
    cc='cc'
    ccflags ='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
    optimize='-O2 -g'
    cppflags='-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
    ccversion=''
    gccversion='8.3.0'
    gccosandvers=''
    intsize=4
    longsize=8
    ptrsize=8
    doublesize=8
    byteorder=12345678
    doublekind=3
    d_longlong=define
    longlongsize=8
    d_longdbl=define
    longdblsize=16
    longdblkind=3
    ivtype='long'
    ivsize=8
    nvtype='double'
    nvsize=8
    Off_t='off_t'
    lseeksize=8
    alignbytes=8
    prototype=define
  Linker and Libraries:
    ld='cc'
    ldflags =' -fstack-protector-strong -L/usr/local/lib'
    libpth=/usr/local/lib /usr/lib/x86_64-linux-gnu /usr/lib /usr/lib64
    libs=-lpthread -lnsl -lgdbm -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=libc-2.28.so
    so=so
    useshrplib=false
    libperl=libperl.a
    gnulibc_version='2.28'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs
    dlext=so
    d_dlsymun=undef
    ccdlflags='-Wl,-E'
    cccdlflags='-fPIC'
    lddlflags='-shared -O2 -g -L/usr/local/lib -fstack-protector-strong'


Characteristics of this binary (from libperl): 
  Compile-time options:
    DEBUGGING
    HAS_TIMES
    PERLIO_LAYERS
    PERL_COPY_ON_WRITE
    PERL_DONT_CREATE_GVSV
    PERL_MALLOC_WRAP
    PERL_OP_PARENT
    PERL_PRESERVE_IVUV
    PERL_USE_DEVEL
    USE_64_BIT_ALL
    USE_64_BIT_INT
    USE_LARGE_FILES
    USE_LOCALE
    USE_LOCALE_COLLATE
    USE_LOCALE_CTYPE
    USE_LOCALE_NUMERIC
    USE_LOCALE_TIME
    USE_PERLIO
    USE_PERL_ATOF
  Built under linux
  Compiled at Sep 14 2021 11:04:41
  %ENV:
    PERLBREW_BASHRC_VERSION="0.43"
    PERLBREW_HOME="/home/tony/.perlbrew"
    PERLBREW_MANPATH=""
    PERLBREW_PATH="/home/tony/perl5/perlbrew/bin"
    PERLBREW_ROOT="/home/tony/perl5/perlbrew"
    PERLBREW_VERSION="0.67"
  @INC:
    lib
    /usr/local/lib/perl5/site_perl/5.35.4/x86_64-linux
    /usr/local/lib/perl5/site_perl/5.35.4
    /usr/local/lib/perl5/5.35.4/x86_64-linux
    /usr/local/lib/perl5/5.35.4

tonycoz avatar Sep 14 '21 05:09 tonycoz

the localization performed also doesn't keep a reference count.

But at the point that the localisation is performed that code does know (or could know) that the GV it's localising happens to be pointed to by PL_last_in_gv?

The first thought was "but it could keep a reference in this case"... but that didn't seem to be useful.

Keep the normal case the way it is, but.

In the (rare) case that one is localising the GV that PL_last_in_gv is pointing to, could we

  • create an RV that is a weakref to the GV
  • store that on the save stack
  • and the address to restore to (feels bad to hard code this to PL_last_in_gv - I feel there will be other pointers with this bug)

I think that this is going to take a new save type. There's not quite enough info available to SAVEt_DESTRUCTOR_X is there?

(Well, heck, unless the RV is a bigger type, and we hide the address in the UV slot)

nwc10 avatar Sep 14 '21 07:09 nwc10

But at the point that the localisation is performed that code does know (or could know) that the GV it's localising happens to be pointed to by PL_last_in_gv?

In the case I'm aware of the user is localizing $., I don't think it can be an issue when the GV is being localized, since a reference count is kept then.

Since #19125 already has the fetch accessor, I'll re-work that to add a set accessor (since PL_last_in_gv may end up containing a RV that needs to be released).

tonycoz avatar Sep 16 '21 00:09 tonycoz