Bug 839788

Summary: NULL pointer dereference in Perl
Product: Red Hat Enterprise Linux 6 Reporter: john.r.moser
Component: perlAssignee: Petr Pisar <ppisar>
Status: CLOSED ERRATA QA Contact: Martin Kyral <mkyral>
Severity: high Docs Contact:
Priority: high    
Version: 6.3CC: herrold, john.r.moser, mkyral, ppisar, psabata, will.saxon
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: https://rt.perl.org/rt3//Public/Bug/Display.html?id=71952
Whiteboard:
Fixed In Version: perl-5.10.1-132.el6 Doc Type: Bug Fix
Doc Text:
Cause: Exiting scope of an object whose desctructor method has been declared but has not been defined. Consequence: The Perl interpreter crashes. Fix: Variable dealocator has been fixed not to dereference NULL pointer that designated undefined destructor method. Result: Interpreter copes with undefined destructors properly.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-21 04:40:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 947775, 960054    
Attachments:
Description Flags
Patch for perl bug 71952
none
RPM spec file, modified from perl-5.10.1-127.el6
none
modified patch none

Description john.r.moser 2012-07-12 20:33:00 UTC 
Description of problem:

When trying to run PandoraFMS agent, Perl segfaults.  I have traced this to a bug as per the following URL:

http://stackoverflow.com/questions/5038337/why-does-my-threaded-perl-script-segfault



Version-Release number of selected component (if applicable):

perl.x86_64                        4:5.10.1-127.el6                        @base

[root@pandora pandora_server]# perl -Mthreads -e 'print "$threads::VERSION\n"'
1.82



How reproducible:

Extremely.  Here's a test command:

[root@pandora pandora_server]# perl -e "sub M::DESTROY; bless {}, M;"
Segmentation fault



Steps to Reproduce:
1. The following command specifically triggers this bug:

  perl -e "sub M::DESTROY; bless {}, M;"

Additionally, you could attempt to run PandoraFMS agent on x86-64 running RedHat 6.3.  It sends one alert, then segfaults the second round.


  
Actual results:

Segmentation fault.

perl[19896]: segfault at 0 ip 00007f41a5694d6c sp 00007fffe20e3050 error 4 in libperl.so[7f41a55dc000+162000]

pandora_agent[19528] general protection ip:7f69181eafd0 sp:7f690e55ba40 error:0 in libperl.so[7f6918156000+162000]

Note that in any case the fault is in libperl.so, 162000 bytes from the base of the library's load address.  The fault is thus extremely reproducible and can easily be traced by running the given perl one-liner through perl while watching with a debugger.  A newer version of perl may have the bug fixed already; current is 5.16.



Expected results:

Should work.


Additional info:

This particular issue should have been fixed in threads 1.73, yet it still exists in version 1.82 of Perl threads on RHEL 6.3.  This leads me to believe there's another coding error responsible that's not triggered on x86, but is on x86-64.
Comment 2 john.r.moser 2012-07-16 13:02:57 UTC 
According to tests, this also segfaults in Perl 5.11.0.  A fellow on Freenode ran the above test through his development environment and reports:

All stable releases between and including 5.6.2 and 5.10.0 x86_64 Perl run the code without crashing.

All stable releases from and including 5.12 and above run the code without crashing.

Perl releases 5.10.1 and 5.11.0 segfault on the above test case.
Comment 3 john.r.moser 2012-07-17 19:38:07 UTC 
http://www.nntp.perl.org/group/perl.perl5.porters/2010/01/msg155286.html

Appears to be this exact bug!
Comment 4 john.r.moser 2012-07-17 19:51:51 UTC 
Created attachment 598738 [details]
Patch for perl bug 71952

Patch as per perl #71952:

http://code.activestate.com/lists/perl5-porters/147074/
Comment 5 Marcela Mašláňová 2012-07-18 10:55:33 UTC 
Thank you for the report and the patch.
Comment 7 Jon Hermansen 2012-08-02 23:06:19 UTC 
I'm experiencing this same bug while using Thread::Pool::Simple on CentOS 6.3. Would be great to see it fixed!
Comment 8 Will Saxon 2012-09-07 22:25:28 UTC 
I rebuilt perl based on the SRPM using this patch, and it seems to work. I had to modify the spec file and the patch so that it would apply cleanly. I'll attach both to this bug.
Comment 9 Will Saxon 2012-09-07 22:27:37 UTC 
Created attachment 610850 [details]
RPM spec file, modified from perl-5.10.1-127.el6
Comment 10 Will Saxon 2012-09-07 22:28:46 UTC 
Created attachment 610851 [details]
modified patch

this is modified from the original patch to apply cleanly against the perl-5.10.1-127.el6 SRPM as new patch 23.
Comment 18 errata-xmlrpc 2013-11-21 04:40:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1534.html