Escalated to Bugzilla from IssueTracker
Event posted on 2010-08-19 16:33 BST by spoyarek Problem Description: Perl gives the error "Attempt to free unreferenced scalar" with nested foreach loops using the same variable. How Reproducible: Always Steps to Reproduce: 1) Execute the following perl script: #! /usr/bin/perl use strict; my $element; foreach $element ("a", "b") { foreach $element ("c", "d") {1;} } Actual Result: Attempt to free unreferenced scalar: SV 0x986b90c, Perl interpreter: 0x986a008. Attempt to free unreferenced scalar: SV 0x986b918, Perl interpreter: 0x986a008. Expected result: No output. Additional Information: This seems to have been fixed in 5.8.9 and in 5.10.x. This event sent from IssueTracker by mpoole [Support Engineering Group] issue 1285203
Upstream bug http://rt.perl.org/rt3/Public/Bug/Display.html?id=24254 fix in change #26027
Is not the upstream quoted. That patch is in the current RHEL5 build.
This bug has been fixed by upstream between 5.10.0 and 5.10.1 versions. Because RHEL-5.5 contains perl-5.8.8, there is low possibility the patch will be applicable.
I managed to back-port the patch however I discovered vanilla 5.8.8 perl compiled on Fedora does not suffer from this problem. I'm going to clone my development environment into RHEL-5.5 to get normative environment because there are significant differences (RHEL's spec file does not compile in Fedora, vanilla 5.8.8 does not compile in Fedora without hacks, RHEL's spec file adds bunch of patches etc.).
When applying my vanilla-5.8.8 patch onto perl-5.8.8-27, I got short conflict: *************** *** 285,295 **** #define POPLOOP(cx) \ SvREFCNT_dec(cx->blk_loop.iterlval); \ - if (CxITERVAR(cx)) { \ - SV **s_v_p = CxITERVAR(cx); \ - sv_2mortal(*s_v_p); \ - *s_v_p = cx->blk_loop.itersave; \ - } \ if (cx->blk_loop.iterary && cx->blk_loop.iterary != PL_curstack)\ SvREFCNT_dec(cx->blk_loop.iterary); --- 284,289 ---- #define POPLOOP(cx) \ SvREFCNT_dec(cx->blk_loop.iterlval); \ if (cx->blk_loop.iterary && cx->blk_loop.iterary != PL_curstack)\ SvREFCNT_dec(cx->blk_loop.iterary); The conflicting lines has been added by perl-5.8.8-bug24254.patch (bug #379791): @@ -286,9 +286,14 @@ struct block_loop { #define POPLOOP(cx) \ SvREFCNT_dec(cx->blk_loop.iterlval); \ if (CxITERVAR(cx)) { \ - SV **s_v_p = CxITERVAR(cx); \ - sv_2mortal(*s_v_p); \ - *s_v_p = cx->blk_loop.itersave; \ + if (SvPADMY(cx->blk_loop.itersave)) { \ + SV **s_v_p = CxITERVAR(cx); \ + sv_2mortal(*s_v_p); \ + *s_v_p = cx->blk_loop.itersave; \ + } \ + else { \ + SvREFCNT_dec(cx->blk_loop.itersave); \ + } \ } \ if (cx->blk_loop.iterary && cx->blk_loop.iterary != PL_curstack)\ SvREFCNT_dec(cx->blk_loop.iterary); After disabling perl-5.8.8-bug24254.patch, this issue disappeared. More ever the test case from bug #379791 did not show any problems. Only a test added by perl-5.8.8-bug24254.patch failed.
Created attachment 441278 [details] Fix backported from perl-5.10.1 Diff against perl-5.8.8-27. Fixes this issue, does not break bug #379791, all tests pass, no memory leaks.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This request was erroneously denied for the current release of Red Hat Enterprise Linux. The error has been fixed and this request has been re-proposed for the current release.
How to test Test case in first comment exhibits warning on error output. Following code causes run-time error with non-zero exit code: my $global_var; my $ref_global_var = \$global_var; for (1..2) { my $element; for $element (0) { for $element (0) {} } local $local_var = 42; local $ref_local_var = \$local_var; $global_var = $local_var; $global_var = $$local_var; $$ref_global_var = $local_var; }
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause Running two nested loops using the same iterator. Consequence Interpreter tries to double-free the iterator resulting in a warning. Referring such variable causes run-time error. Fix Fix for handling shared iterator has been back-ported from Perl 5.10.1. Result Interpreter handles shared iterators properly.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0199.html