Bug 459918 - perl segfaults in module Storable
Summary: perl segfaults in module Storable
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: perl
Version: 9
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Marcela Mašláňová
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-08-24 14:16 UTC by Vegard Nossum
Modified: 2008-10-07 14:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-10-07 12:54:55 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Vegard Nossum 2008-08-24 14:16:00 UTC 
Description of problem:

perl crashes (Segmentation fault) when using the Storable module.

I am using perl module CGI::Session and the serializer "storable" and the driver "mysql". It seems to be a problem with the perl module "Storable".

I don't know the exact reason why it crashes, but it only happens sometimes, and then I have to clear the MySQL data in order to make it not crash any more.


Version-Release number of selected component (if applicable):

This is perl, v5.10.0 built for i386-linux-thread-multi

How reproducible:

Only sometimes (has happened three times in total). But once it crashes, it will keep crashing until I clear the data that Storable is trying to load.
  
Actual results:

perl crashes.

Expected results:

An error instead of a crash.

Additional info:

Running under valgrind gives this info:

==4697== Invalid read of size 4
==4697==    at 0x5D9ECB1: (within /usr/lib/perl5/5.10.0/i386-linux-thread-multi/auto/Storable/Storable.so)
==4697==    by 0x5D9F237: XS_Storable_mstore (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/auto/Storable/Storable.so)
==4697==    by 0x40E7818: Perl_pp_entersub (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40A9022: Perl_runops_debug (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40E0B77: Perl_call_sv (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410E3F2: Perl_sv_clear (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410F176: Perl_sv_free2 (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410F2D0: Perl_sv_free (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410FF5B: (within /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40F5AB8: (within /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40F5B5C: Perl_sv_clean_objs (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40E3717: perl_destruct (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==4697==
==4697== Process terminating with default action of signal 11 (SIGSEGV)
==4697==  Access not within mapped region at address 0x8
==4697==    at 0x5D9ECB1: (within /usr/lib/perl5/5.10.0/i386-linux-thread-multi/auto/Storable/Storable.so)
==4697==    by 0x5D9F237: XS_Storable_mstore (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/auto/Storable/Storable.so)
==4697==    by 0x40E7818: Perl_pp_entersub (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40A9022: Perl_runops_debug (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40E0B77: Perl_call_sv (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410E3F2: Perl_sv_clear (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410F176: Perl_sv_free2 (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410F2D0: Perl_sv_free (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x410FF5B: (within /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40F5AB8: (within /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40F5B5C: Perl_sv_clean_objs (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==    by 0x40E3717: perl_destruct (in /usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE/libperl.so)
==4697==
==4697== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 59 from 1)
==4697== malloc/free: in use at exit: 5,598,788 bytes in 107,470 blocks.
==4697== malloc/free: 244,175 allocs, 136,705 frees, 135,769,229 bytes allocated.
==4697== For counts of detected errors, rerun with: -v
==4697== searching for pointers to 107,470 not-freed blocks.
==4697== checked 6,188,456 bytes.
==4697==
==4697== LEAK SUMMARY:
==4697==    definitely lost: 0 bytes in 0 blocks.
==4697==      possibly lost: 0 bytes in 0 blocks.
==4697==    still reachable: 5,598,788 bytes in 107,470 blocks.
==4697==         suppressed: 0 bytes in 0 blocks.
==4697== Rerun with --leak-check=full to see details of leaked memory.
Comment 1 Marcela Mašláňová 2008-08-25 12:28:21 UTC 
This is know Storable bug. The fix wasn't found yet, but you can try workaround, which I found after googling around.

It's suggested to force your CGI::Session object to be destroyed before the program ends. Also you should call flush() explicitly.

Example:
$session->flush();
undef $session;

Let me know, if this solve your issue, or if it's different problem.
Comment 2 Marcela Mašláňová 2008-10-07 12:54:55 UTC 
Segfault has an upstream ticket 
http://rt.cpan.org/Public/Bug/Display.html?id=33242
Comment 3 Vegard Nossum 2008-10-07 14:07:39 UTC 
(In reply to comment #1)
> This is know Storable bug. The fix wasn't found yet, but you can try
> workaround, which I found after googling around.
> 
> It's suggested to force your CGI::Session object to be destroyed before the
> program ends. Also you should call flush() explicitly.
> 
> Example:
> $session->flush();
> undef $session;
> 
> Let me know, if this solve your issue, or if it's different problem.

Works, thanks! (Sorry for the delay.)
Note You need to log in before you can comment on or make changes to this bug.