Bug 172587 - upstream patch #26011: "A surprising segfault"
upstream patch #26011: "A surprising segfault"
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: perl (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-07 12:34 EST by Jason Vas Dias
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 5.8.7-0.7.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 493362 (view as bug list)
Environment:
Last Closed: 2006-10-04 14:35:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jason Vas Dias 2005-11-07 12:34:50 EST
Description of problem:

 $ ./perl -e 'map print(reverse), ("")x68'
 Segmentation fault

Version-Release number of selected component (if applicable):
perl-5.8.7

How reproducible:
100%
Comment 1 Jason Vas Dias 2005-11-07 12:39:28 EST
Issue fixed with upstream patches 26009 and 26011:

Change 26011 by rgs@marais on 2005/11/05 10:10:09

        Subject: Re: A surprising segfault
        From: SADAHIRO Tomoyuki <bqw10602@nifty.com>
        Date: Nov 5, 2005 5:54 AM
        Message-Id: <20051105135053.27D7.BQW10602@nifty.com>

Affected files ...

... //depot/perl/pp.c#483 edit
... //depot/perl/pp_sort.c#47 edit
... //depot/perl/pp_sys.c#469 edit

Differences ...

==== //depot/perl/pp.c#483 (text) ====
Index: perl/pp.c
--- perl/pp.c#482~26004~        Fri Nov  4 13:39:44 2005
+++ perl/pp.c   Sat Nov  5 02:10:09 2005
@@ -700,7 +700,7 @@
     while (MARK < SP)
        do_chop(TARG, *++MARK);
     SP = ORIGMARK;
-    PUSHTARG;
+    XPUSHTARG;
     RETURN;
 }
 
@@ -718,7 +718,7 @@
 
     while (SP > MARK)
        count += do_chomp(POPs);
-    PUSHi(count);
+    XPUSHi(count);
     RETURN;
 }
 

==== //depot/perl/pp_sort.c#47 (text) ====
Index: perl/pp_sort.c
--- perl/pp_sort.c#46~25953~    Wed Nov  2 04:49:54 2005
+++ perl/pp_sort.c      Sat Nov  5 02:10:09 2005
@@ -1504,6 +1504,7 @@
 
     if (gimme != G_ARRAY) {
        SP = MARK;
+       EXTEND(SP,1);
        RETPUSHUNDEF;
     }
 

==== //depot/perl/pp_sys.c#469 (text) ====
Index: perl/pp_sys.c
--- perl/pp_sys.c#468~26000~    Fri Nov  4 12:20:56 2005
+++ perl/pp_sys.c       Sat Nov  5 02:10:09 2005
@@ -430,12 +430,16 @@
     SV *tmpsv;
     const char *tmps;
     STRLEN len;
-    if (SP - MARK != 1) {
+    if (SP - MARK > 1) {
        dTARGET;
        do_join(TARG, &PL_sv_no, MARK, SP);
        tmpsv = TARG;
        SP = MARK + 1;
     }
+    else if (SP == MARK) {
+       tmpsv = &PL_sv_no;
+       EXTEND(SP, 1);
+    }
     else {
        tmpsv = TOPs;
     }
@@ -3402,7 +3406,7 @@
     const I32 value = (I32)apply(PL_op->op_type, MARK, SP);
 
     SP = MARK;
-    PUSHi(value);
+    XPUSHi(value);
     RETURN;
 }
 
@@ -3993,7 +3997,7 @@
            if (errno != EAGAIN) {
                value = -1;
                SP = ORIGMARK;
-               PUSHi(value);
+               XPUSHi(value);
                if (did_pipes) {
                    PerlLIO_close(pp[0]);
                    PerlLIO_close(pp[1]);
@@ -4042,7 +4046,7 @@
                    STATUS_NATIVE_CHILD_SET(-1);
                }
            }
-           PUSHi(STATUS_CURRENT);
+           XPUSHi(STATUS_CURRENT);
            RETURN;
        }
        if (did_pipes) {
@@ -4088,7 +4092,7 @@
     STATUS_NATIVE_CHILD_SET(value);
     do_execfree();
     SP = ORIGMARK;
-    PUSHi(result ? value : STATUS_CURRENT);
+    XPUSHi(result ? value : STATUS_CURRENT);
 #endif /* !FORK or VMS */
     RETURN;
 }
@@ -4140,7 +4144,7 @@
     }
 
     SP = ORIGMARK;
-    PUSHi(value);
+    XPUSHi(value);
     RETURN;
 }
 
End of Patch.
Change 26009 by davem@davem-splatty on 2005/11/05 01:57:23

        pp_print didn't extend the stack before pushing its return value

Affected files ...

... //depot/perl/pp_hot.c#424 edit

Differences ...

==== //depot/perl/pp_hot.c#424 (text) ====

@@ -677,12 +677,12 @@
        }
     }
     SP = ORIGMARK;
-    PUSHs(&PL_sv_yes);
+    XPUSHs(&PL_sv_yes);
     RETURN;
 
   just_say_no:
     SP = ORIGMARK;
-    PUSHs(&PL_sv_undef);
+    XPUSHs(&PL_sv_undef);
     RETURN;
 }
Comment 2 Jason Vas Dias 2005-11-07 12:41:01 EST
Patches applied in perl-5.8.7-0.7.fc5 .


Note You need to log in before you can comment on or make changes to this bug.