Brian Carpenter (via RT)
2015-06-06 16:02:12 UTC
# New Ticket Created by Brian Carpenter
# Please include the string: [perl #125341]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/Ticket/Display.html?id=125341 >
The following "script" causes two behaviors to manifest in two different versions of Perl.
perl -e 'BEGIN<>'
1st, in Perl 5.23.0 (v5.22.0-63-g216b41c), it causes Perl_newATTRSUB_x: Assertion `proto->op_type == OP_CONST' failed at op.c:8458.
2nd, in Perl 5.21.6-602-ge9d2bd8, it causes a segfault at Perl_op_free (op.c:757).
==34585== Invalid read of size 2
==34585== at 0x43D368: Perl_op_free (op.c:757)
==34585== by 0x8B93D7: Perl_leave_scope (scope.c:986)
==34585== by 0x4AD9F6: Perl_newATTRSUB_x (op.c:8870)
==34585== by 0x5CD38A: Perl_yyparse (perly.y:294)
==34585== by 0x4F0874: perl_parse (perl.c:2271)
==34585== by 0x42A87B: main (perlmain.c:114)
==34585== Address 0x300000020 is not stack'd, malloc'd or (recently) free'd
==34585==
==34585==
==34585== Process terminating with default action of signal 11 (SIGSEGV)
==34585== Access not within mapped region at address 0x300000020
==34585== at 0x43D368: Perl_op_free (op.c:757)
==34585== by 0x8B93D7: Perl_leave_scope (scope.c:986)
==34585== by 0x4AD9F6: Perl_newATTRSUB_x (op.c:8870)
==34585== by 0x5CD38A: Perl_yyparse (perly.y:294)
==34585== by 0x4F0874: perl_parse (perl.c:2271)
==34585== by 0x42A87B: main (perlmain.c:114)
==34585== If you believe this happened as a result of a stack
==34585== overflow in your program's main thread (unlikely but
==34585== possible), you can try to increase the size of the
==34585== main thread stack using the --main-stacksize= flag.
==34585== The main thread stack size used in this run was 8388608.
Program received signal SIGSEGV, Segmentation fault.
Perl_op_free (o=0xe46898) at op.c:757
757 op.c: No such file or directory.
(gdb) bt
#0 Perl_op_free (o=0xe46898) at op.c:757
#1 0x00000000008b93d8 in Perl_leave_scope (base=39) at scope.c:986
#2 0x00000000004ad9f7 in Perl_newATTRSUB_x (floor=39, o=<optimized out>,
proto=0xe46898, attrs=0x0, block=<optimized out>, o_is_gv=<optimized out>)
at op.c:8870
#3 0x00000000005cd38b in Perl_yyparse (gramtype=<optimized out>)
at perly.y:294
#4 0x00000000004f0875 in S_parse_body (xsinit=0x42ac70 <xs_init>, env=0x0)
at perl.c:2271
#5 perl_parse (my_perl=<optimized out>, xsinit=0x42ac70 <xs_init>,
argc=<optimized out>, argv=<optimized out>, env=0x0) at perl.c:1605
#6 0x000000000042a87c in main (argc=2, argv=0x7fffffffe3a8,
env=0x7fffffffe3c0) at perlmain.c:114
#7 0x00007ffff6f98ead in __libc_start_main (main=<optimized out>,
argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe398)
at libc-start.c:244
#8 0x000000000042ab95 in _start ()
# Please include the string: [perl #125341]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/Ticket/Display.html?id=125341 >
The following "script" causes two behaviors to manifest in two different versions of Perl.
perl -e 'BEGIN<>'
1st, in Perl 5.23.0 (v5.22.0-63-g216b41c), it causes Perl_newATTRSUB_x: Assertion `proto->op_type == OP_CONST' failed at op.c:8458.
2nd, in Perl 5.21.6-602-ge9d2bd8, it causes a segfault at Perl_op_free (op.c:757).
==34585== Invalid read of size 2
==34585== at 0x43D368: Perl_op_free (op.c:757)
==34585== by 0x8B93D7: Perl_leave_scope (scope.c:986)
==34585== by 0x4AD9F6: Perl_newATTRSUB_x (op.c:8870)
==34585== by 0x5CD38A: Perl_yyparse (perly.y:294)
==34585== by 0x4F0874: perl_parse (perl.c:2271)
==34585== by 0x42A87B: main (perlmain.c:114)
==34585== Address 0x300000020 is not stack'd, malloc'd or (recently) free'd
==34585==
==34585==
==34585== Process terminating with default action of signal 11 (SIGSEGV)
==34585== Access not within mapped region at address 0x300000020
==34585== at 0x43D368: Perl_op_free (op.c:757)
==34585== by 0x8B93D7: Perl_leave_scope (scope.c:986)
==34585== by 0x4AD9F6: Perl_newATTRSUB_x (op.c:8870)
==34585== by 0x5CD38A: Perl_yyparse (perly.y:294)
==34585== by 0x4F0874: perl_parse (perl.c:2271)
==34585== by 0x42A87B: main (perlmain.c:114)
==34585== If you believe this happened as a result of a stack
==34585== overflow in your program's main thread (unlikely but
==34585== possible), you can try to increase the size of the
==34585== main thread stack using the --main-stacksize= flag.
==34585== The main thread stack size used in this run was 8388608.
Program received signal SIGSEGV, Segmentation fault.
Perl_op_free (o=0xe46898) at op.c:757
757 op.c: No such file or directory.
(gdb) bt
#0 Perl_op_free (o=0xe46898) at op.c:757
#1 0x00000000008b93d8 in Perl_leave_scope (base=39) at scope.c:986
#2 0x00000000004ad9f7 in Perl_newATTRSUB_x (floor=39, o=<optimized out>,
proto=0xe46898, attrs=0x0, block=<optimized out>, o_is_gv=<optimized out>)
at op.c:8870
#3 0x00000000005cd38b in Perl_yyparse (gramtype=<optimized out>)
at perly.y:294
#4 0x00000000004f0875 in S_parse_body (xsinit=0x42ac70 <xs_init>, env=0x0)
at perl.c:2271
#5 perl_parse (my_perl=<optimized out>, xsinit=0x42ac70 <xs_init>,
argc=<optimized out>, argv=<optimized out>, env=0x0) at perl.c:1605
#6 0x000000000042a87c in main (argc=2, argv=0x7fffffffe3a8,
env=0x7fffffffe3c0) at perlmain.c:114
#7 0x00007ffff6f98ead in __libc_start_main (main=<optimized out>,
argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe398)
at libc-start.c:244
#8 0x000000000042ab95 in _start ()