Bug 493362 - upstream patch #26011: "A surprising segfault"
upstream patch #26011: "A surprising segfault"
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: perl (Show other bugs)
4.8
All Linux
medium Severity medium
: rc
: ---
Assigned To: Marcela Mašláňová
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-01 10:58 EDT by Petr Šplíchal
Modified: 2016-05-31 21:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 172587
Environment:
Last Closed: 2010-02-22 08:07:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Šplíchal 2009-04-01 10:58:17 EDT
Present in the latest RHEL4.8 perl package as well (perl-5.8.5-49.el4)
RHTS test: /CoreOS/perl/Sanity/taps
RHTS job: http://rhts.redhat.com/cgi-bin/rhts/jobs.cgi?id=52844

+++ This bug was initially created as a clone of Bug #172587 +++

Description of problem:

 $ ./perl -e 'map print(reverse), ("")x68'
 Segmentation fault

Version-Release number of selected component (if applicable):
perl-5.8.7

How reproducible:
100%

--- Additional comment from jvdias@redhat.com on 2005-11-07 12:39:28 EDT ---

Issue fixed with upstream patches 26009 and 26011:

Change 26011 by rgs@marais on 2005/11/05 10:10:09

        Subject: Re: A surprising segfault
        From: SADAHIRO Tomoyuki <bqw10602@nifty.com>
        Date: Nov 5, 2005 5:54 AM
        Message-Id: <20051105135053.27D7.BQW10602@nifty.com>

Affected files ...

... //depot/perl/pp.c#483 edit
... //depot/perl/pp_sort.c#47 edit
... //depot/perl/pp_sys.c#469 edit

Differences ...

==== //depot/perl/pp.c#483 (text) ====
Index: perl/pp.c
--- perl/pp.c#482~26004~        Fri Nov  4 13:39:44 2005
+++ perl/pp.c   Sat Nov  5 02:10:09 2005
@@ -700,7 +700,7 @@
     while (MARK < SP)
        do_chop(TARG, *++MARK);
     SP = ORIGMARK;
-    PUSHTARG;
+    XPUSHTARG;
     RETURN;
 }
 
@@ -718,7 +718,7 @@
 
     while (SP > MARK)
        count += do_chomp(POPs);
-    PUSHi(count);
+    XPUSHi(count);
     RETURN;
 }
 

==== //depot/perl/pp_sort.c#47 (text) ====
Index: perl/pp_sort.c
--- perl/pp_sort.c#46~25953~    Wed Nov  2 04:49:54 2005
+++ perl/pp_sort.c      Sat Nov  5 02:10:09 2005
@@ -1504,6 +1504,7 @@
 
     if (gimme != G_ARRAY) {
        SP = MARK;
+       EXTEND(SP,1);
        RETPUSHUNDEF;
     }
 

==== //depot/perl/pp_sys.c#469 (text) ====
Index: perl/pp_sys.c
--- perl/pp_sys.c#468~26000~    Fri Nov  4 12:20:56 2005
+++ perl/pp_sys.c       Sat Nov  5 02:10:09 2005
@@ -430,12 +430,16 @@
     SV *tmpsv;
     const char *tmps;
     STRLEN len;
-    if (SP - MARK != 1) {
+    if (SP - MARK > 1) {
        dTARGET;
        do_join(TARG, &PL_sv_no, MARK, SP);
        tmpsv = TARG;
        SP = MARK + 1;
     }
+    else if (SP == MARK) {
+       tmpsv = &PL_sv_no;
+       EXTEND(SP, 1);
+    }
     else {
        tmpsv = TOPs;
     }
@@ -3402,7 +3406,7 @@
     const I32 value = (I32)apply(PL_op->op_type, MARK, SP);
 
     SP = MARK;
-    PUSHi(value);
+    XPUSHi(value);
     RETURN;
 }
 
@@ -3993,7 +3997,7 @@
            if (errno != EAGAIN) {
                value = -1;
                SP = ORIGMARK;
-               PUSHi(value);
+               XPUSHi(value);
                if (did_pipes) {
                    PerlLIO_close(pp[0]);
                    PerlLIO_close(pp[1]);
@@ -4042,7 +4046,7 @@
                    STATUS_NATIVE_CHILD_SET(-1);
                }
            }
-           PUSHi(STATUS_CURRENT);
+           XPUSHi(STATUS_CURRENT);
            RETURN;
        }
        if (did_pipes) {
@@ -4088,7 +4092,7 @@
     STATUS_NATIVE_CHILD_SET(value);
     do_execfree();
     SP = ORIGMARK;
-    PUSHi(result ? value : STATUS_CURRENT);
+    XPUSHi(result ? value : STATUS_CURRENT);
 #endif /* !FORK or VMS */
     RETURN;
 }
@@ -4140,7 +4144,7 @@
     }
 
     SP = ORIGMARK;
-    PUSHi(value);
+    XPUSHi(value);
     RETURN;
 }
 
End of Patch.
Change 26009 by davem@davem-splatty on 2005/11/05 01:57:23

        pp_print didn't extend the stack before pushing its return value

Affected files ...

... //depot/perl/pp_hot.c#424 edit

Differences ...

==== //depot/perl/pp_hot.c#424 (text) ====

@@ -677,12 +677,12 @@
        }
     }
     SP = ORIGMARK;
-    PUSHs(&PL_sv_yes);
+    XPUSHs(&PL_sv_yes);
     RETURN;
 
   just_say_no:
     SP = ORIGMARK;
-    PUSHs(&PL_sv_undef);
+    XPUSHs(&PL_sv_undef);
     RETURN;
 }


--- Additional comment from jvdias@redhat.com on 2005-11-07 12:41:01 EDT ---

Patches applied in perl-5.8.7-0.7.fc5 .
Comment 1 Marcela Mašláňová 2010-02-22 08:07:05 EST
The last planned update of RHEL-4 will be focused on performance and security bugs only. This should be fixed in next update.

Note You need to log in before you can comment on or make changes to this bug.