Bug 1169705

Summary: Perl core-dumps if a hash is tied to DB_File before spawning a thread
Product: Red Hat Enterprise Linux 6 Reporter: Martin Kyral <mkyral>
Component: perlAssignee: perl-maint-list
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.6CC: cww, isenfeld, jplesnik, mkyral, perl-maint-list, ppisar, psabata, tbowling
Target Milestone: rcKeywords: Patch, Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1107728 Environment:
Last Closed: 2017-08-15 18:08:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1107728    
Bug Blocks:    
Attachments:
Description Flags
Fix ported to perl-5.10.1 none

Description Martin Kyral 2014-12-02 09:14:57 UTC 
+++ This bug was initially created as a clone of Bug #1107728 +++

+++ This bug was initially created as a clone of Bug #1107542 +++

+++ This bug was initially created as a clone of Bug #1104827 +++

Description of problem:

Perl script using DB_File module is core dumping. Seems to match this upstream bug:  https://rt.perl.org/Public/Bug/Display.html?id=61912#txn-515026

[...]

Steps to Reproduce:

Create reproducer test script sdbm_test.pl containing the following lines, as described in the upstream bug report:

	#!/usr/bin/perl
	
	use strict;
	use Fcntl;
	use DB_File;
	use threads;
	use threads::shared;
	
	my %dbtest;
	tie(%dbtest, 'DM_File', "test.db", O_RDWR|O_CREAT, 0666);
	
	for (1 .. 2)
	{
	        my $thr = threads->new(\&testThread, $_);
	        $thr->detach();
	}
	sleep 4;
	
	sub testThread
	{
	        my $n = shift;
	        print "thread #" . $n . " started\n";
	}

Make script executable and run which produces the following output:

	[root@util6vm ~]# chmod u+x sdbm_test.pl 
	[root@util6vm ~]# ./sdbm_test.pl 

Expected results:

No errors.

Actual results:

	thread #1 started
	thread #2 started
	*** glibc detected *** /usr/bin/perl: double free or corruption (out): 0x0000000000e2c2c0 ***
	======= Backtrace: =========
	/lib64/libc.so.6[0x3d2ca76166]
	/lib64/libc.so.6[0x3d2ca78c93]
	/usr/lib64/perl5/auto/SDBM_File/SDBM_File.so(XS_SDBM_File_DESTROY+0xc0)[0x7f9d58fb06f0]

[...]

----

DB_File (BerkeleyDB binding) in RHEL-6 is affected too (perl(DB_File) = 1.820
 included in perl-5.10.1-136.el6).
Comment 2 Petr Pisar 2014-12-02 12:55:19 UTC 

*** This bug has been marked as a duplicate of bug 1104827 ***
Comment 4 Petr Pisar 2017-01-18 11:52:46 UTC 
(In reply to Petr Pisar from comment #2)
> 
> *** This bug has been marked as a duplicate of bug 1104827 ***

It isn't. This is a report against RHEL-6, while bug #1104827 is against RHEL-7.

Indeed, perl-5.10.1-141.el6_7.1 does crash. This is because RHEL-6 contains fixes for NDBM_File, GDBM_File, and AnyDBM_File, but it's missing a fix for DB_File. It looks like the DB_File fix was omitted by accident.

Thank you for testing my builds.
Comment 5 Petr Pisar 2017-01-18 12:46:11 UTC 
Created attachment 1242160 [details]
Fix ported to perl-5.10.1