Perl
syntax error provoking a core dump
I'm posting this issue here because there is no "Issues" tab in the UI of this repository: https://github.com/Dual-Life/Scalar-List-Utils.
This is the golfed script triggering the core dump.
#!/usr/bin/perl
use List::Util "all";
all { $_->[0] } map { [ }
Those are various errors messages outputted when I was in the process of golfing the script. They might help find the source of the bug.
$ ./test.pl
Useless use of array element in void context at ./test.pl line 16.
malloc_consolidate(): unaligned fastbin chunk detected
Aborted (core dumped)
$ ./test.pl
Useless use of array element in void context at ./test.pl line 16.
free(): double free detected in tcache 2
Aborted (core dumped)
$ ./test.pl
Useless use of array element in void context at ./test.pl line 23.
double free or corruption (fasttop)
Aborted (core dumped)
$ ./test.pl
Useless use of array element in void context at ./test.pl line 15.
syntax error at ./test.pl line 15, near "] }"
Execution of ./test.pl aborted due to compilation errors.
free(): double free detected in tcache 2
Aborted (core dumped)
$ ./test.pl
syntax error at ./test.pl line 5, near "[ }"
Execution of ./test.pl aborted due to compilation errors.
free(): double free detected in tcache 2
Aborted (core dumped)
List::Util's verion:
$ perl -MList::Util=all -E 'say $List::Util::VERSION'
1.63
$ perl -V
Summary of my perl5 (revision 5 version 38 subversion 1) configuration:
Platform:
osname=linux
osvers=5.12.15-arch1-1
archname=x86_64-linux-thread-multi
uname='archlinux'
config_args='-des -Dusethreads -Duseshrplib -Doptimize=-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -g -ffile-prefix-map=/build/perl/src=/usr/src/debug/perl -flto=auto -Dprefix=/usr -Dvendorprefix=/usr -Dprivlib=/usr/share/perl5/core_perl -Darchlib=/usr/lib/perl5/5.38/core_perl -Dsitelib=/usr/share/perl5/site_perl -Dsitearch=/usr/lib/perl5/5.38/site_perl -Dvendorlib=/usr/share/perl5/vendor_perl -Dvendorarch=/usr/lib/perl5/5.38/vendor_perl -Dscriptdir=/usr/bin/core_perl -Dsitescript=/usr/bin/site_perl -Dvendorscript=/usr/bin/vendor_perl -Dinc_version_list=none -Dman1ext=1perl -Dman3ext=3perl -Dlddlflags=-shared -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto -Dldflags=-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto'
hint=recommended
useposix=true
d_sigaction=define
useithreads=define
usemultiplicity=define
use64bitint=define
use64bitall=define
uselongdouble=undef
usemymalloc=n
default_inc_excludes_dot=define
Compiler:
cc='cc'
ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
optimize='-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -g -ffile-prefix-map=/build/perl/src=/usr/src/debug/perl -flto=auto'
cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
ccversion=''
gccversion='13.2.1 20230801'
gccosandvers=''
intsize=4
longsize=8
ptrsize=8
doublesize=8
byteorder=12345678
doublekind=3
d_longlong=define
longlongsize=8
d_longdbl=define
longdblsize=16
longdblkind=3
ivtype='long'
ivsize=8
nvtype='double'
nvsize=8
Off_t='off_t'
lseeksize=8
alignbytes=8
prototype=define
Linker and Libraries:
ld='cc'
ldflags ='-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto -fstack-protector-strong -L/usr/local/lib'
libpth=/usr/local/lib /usr/lib
libs=-lpthread -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat
perllibs=-lpthread -ldl -lm -lcrypt -lutil -lc
libc=/lib/../lib/libc.so.6
so=so
useshrplib=true
libperl=libperl.so
gnulibc_version='2.38'
Dynamic Linking:
dlsrc=dl_dlopen.xs
dlext=so
d_dlsymun=undef
ccdlflags='-Wl,-E -Wl,-rpath,/usr/lib/perl5/5.38/core_perl/CORE'
cccdlflags='-fPIC'
lddlflags='-shared -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -flto=auto -L/usr/local/lib -fstack-protector-strong'
Characteristics of this binary (from libperl):
Compile-time options:
HAS_LONG_DOUBLE
HAS_STRTOLD
HAS_TIMES
MULTIPLICITY
PERLIO_LAYERS
PERL_COPY_ON_WRITE
PERL_DONT_CREATE_GVSV
PERL_HASH_FUNC_SIPHASH13
PERL_HASH_USE_SBOX32
PERL_MALLOC_WRAP
PERL_OP_PARENT
PERL_PRESERVE_IVUV
PERL_USE_SAFE_PUTENV
USE_64_BIT_ALL
USE_64_BIT_INT
USE_ITHREADS
USE_LARGE_FILES
USE_LOCALE
USE_LOCALE_COLLATE
USE_LOCALE_CTYPE
USE_LOCALE_NUMERIC
USE_LOCALE_TIME
USE_PERLIO
USE_PERL_ATOF
USE_REENTRANT_API
USE_THREAD_SAFE_LOCALE
Built under linux
Compiled at Nov 27 2023 20:20:27
@INC:
/usr/lib/perl5/5.38/site_perl
/usr/share/perl5/site_perl
/usr/lib/perl5/5.38/vendor_perl
/usr/share/perl5/vendor_perl
/usr/lib/perl5/5.38/core_perl
/usr/share/perl5/core_perl
I'm posting this issue here because there is no "Issues" tab in the UI of this repository: https://github.com/Dual-Life/Scalar-List-Utils.
Thanks for this report. https://metacpan.org/pod/List::Util indicates that the issue tracker for the Scalar-List-Utils distribution is on RT: https://rt.cpan.org/Dist/Display.html?Name=Scalar-List-Utils. It would be good to file a ticket there.
Hi @jkeenan, I would report the bug at the link you posted but I cannot find where to go to open a new ticket, I've never reported yet a bug on rt.cpan.org.
Simplified to crash without List::Util:
sub all (&@);
all { $_->[0] } map { [ }
Result:
$ perl try.pl
syntax error at try.pl line 2, near "[ }"
Execution of try.pl aborted due to compilation errors.
free(): double free detected in tcache 2
Aborted
Bisecting on -e 'sub all (&@); eval q#all { $_->[0] } map { [ }#' blames 73cdf3a836756ebe82b64077bf38de0bf44736dc:
bad - non-zero exit from ./perl -Ilib -e sub all (&@); eval q#all { $_->[0] } map { [ }#
73cdf3a836756ebe82b64077bf38de0bf44736dc is the first bad commit
commit 73cdf3a836756ebe82b64077bf38de0bf44736dc
Author: David Mitchell <[email protected]>
Date: Mon Apr 8 14:17:59 2019 +0100
Make op_free() non-recursive
Stop using the DEFER mechanism (which could leak if something croaks)
and instead tree walk using the new OP_PARENT link to allow walking
back up the tree.
The freeing is done depth-first: children are freed before their
parents.
op.c | 114 +++++++++++++++++++++++++++++++++++++------------------------------
1 file changed, 63 insertions(+), 51 deletions(-)
bisect found first bad commitThat took 1538 seconds.
$ valgrind -q ./perl -e 'sub all (&@); all { $_->[0] } map { [ }'
syntax error at -e line 1, near "[ }"
Execution of -e aborted due to compilation errors.
==408790== Invalid read of size 1
==408790== at 0x157F8D: Perl_op_free (op.c:920)
==408790== by 0x250217: Perl_cv_undef_flags (pad.c:339)
==408790== by 0x24FC19: Perl_cv_undef (pad.c:300)
==408790== by 0x47650D: Perl_sv_clear (sv.c:6731)
==408790== by 0x4794E5: Perl_sv_free2 (sv.c:7244)
==408790== by 0x24F37F: Perl_SvREFCNT_dec_NN (sv_inline.h:717)
==408790== by 0x25097A: Perl_cv_undef_flags (pad.c:420)
==408790== by 0x24FC19: Perl_cv_undef (pad.c:300)
==408790== by 0x47650D: Perl_sv_clear (sv.c:6731)
==408790== by 0x4794E5: Perl_sv_free2 (sv.c:7244)
==408790== by 0x193C79: Perl_SvREFCNT_dec (sv_inline.h:694)
==408790== by 0x1957C2: perl_destruct (perl.c:910)
==408790== Address 0x4bad142 is 34 bytes inside a block of size 56 free'd
==408790== at 0x484317B: free (vg_replace_malloc.c:872)
==408790== by 0x156B5A: Perl_Slab_Free (op.c:499)
==408790== by 0x158258: Perl_op_free (op.c:991)
==408790== by 0x271CEB: S_clear_yystack (perly.c:251)
==408790== by 0x438B5B: Perl_leave_scope (scope.c:1537)
==408790== by 0x1A7461: S_my_exit_jump (perl.c:5479)
==408790== by 0x1A73C7: Perl_my_failure_exit (perl.c:5463)
==408790== by 0x2BC201: Perl_die_unwind (pp_ctl.c:2077)
==408790== by 0x50246C: Perl_vcroak (util.c:1894)
==408790== by 0x50251D: Perl_croak (util.c:1945)
==408790== by 0x4EC1DF: Perl_abort_execution (toke.c:12975)
==408790== by 0x2BB192: Perl_qerror (pp_ctl.c:1872)
==408790== Block was alloc'd at
==408790== at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==408790== by 0x156320: Perl_Slab_Alloc (op.c:334)
==408790== by 0x16796B: Perl_newUNOP_AUX (op.c:5845)
==408790== by 0x25EBC7: S_maybe_multideref (peep.c:2366)
==408790== by 0x25F9A3: Perl_rpeep (peep.c:2917)
==408790== by 0x26385B: Perl_peep (peep.c:4183)
==408790== by 0x15C87B: S_process_optree (op.c:2793)
==408790== by 0x17CB60: Perl_newATTRSUB_x (op.c:11054)
==408790== by 0x1817FC: Perl_newANONATTRSUB (op.c:11828)
==408790== by 0x2754C7: Perl_yyparse (perly.y:1134)
==408790== by 0x199DB7: S_parse_body (perl.c:2608)
==408790== by 0x197E7C: perl_parse (perl.c:1911)
...
(this continues)
It looks like we have ops both in the OP tree and on the parse stack, and both are being freed.
I'm posting this issue here because there is no "Issues" tab in the UI of this repository: https://github.com/Dual-Life/Scalar-List-Utils.
Thanks for this report. https://metacpan.org/pod/List::Util indicates that the issue tracker for the Scalar-List-Utils distribution is on RT: https://rt.cpan.org/Dist/Display.html?Name=Scalar-List-Utils. It would be good to file a ticket there.
Note that although other users have been using the RT queue, the maintainer hasn't responded to anybody in over a year. Same mostly goes for the pull requests on the github repo. This is a dual-life module maintained by a single person who probably won't have any spare tuits for a long time.
