Bug 839788 - NULL pointer dereference in Perl
NULL pointer dereference in Perl
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: perl (Show other bugs)
6.3
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Petr Pisar
Martin Kyral
https://rt.perl.org/rt3//Public/Bug/D...
: Patch
Depends On:
Blocks: 947775 960054
  Show dependency treegraph
 
Reported: 2012-07-12 16:33 EDT by john.r.moser
Modified: 2013-11-20 23:40 EST (History)
6 users (show)

See Also:
Fixed In Version: perl-5.10.1-132.el6
Doc Type: Bug Fix
Doc Text:
Cause: Exiting scope of an object whose desctructor method has been declared but has not been defined. Consequence: The Perl interpreter crashes. Fix: Variable dealocator has been fixed not to dereference NULL pointer that designated undefined destructor method. Result: Interpreter copes with undefined destructors properly.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-20 23:40:44 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch for perl bug 71952 (1019 bytes, patch)
2012-07-17 15:51 EDT, john.r.moser
no flags Details | Diff
RPM spec file, modified from perl-5.10.1-127.el6 (84.07 KB, text/plain)
2012-09-07 18:27 EDT, Will Saxon
no flags Details
modified patch (1008 bytes, patch)
2012-09-07 18:28 EDT, Will Saxon
no flags Details | Diff

  None (edit)
Description john.r.moser 2012-07-12 16:33:00 EDT
Description of problem:

When trying to run PandoraFMS agent, Perl segfaults.  I have traced this to a bug as per the following URL:

http://stackoverflow.com/questions/5038337/why-does-my-threaded-perl-script-segfault



Version-Release number of selected component (if applicable):

perl.x86_64                        4:5.10.1-127.el6                        @base

[root@pandora pandora_server]# perl -Mthreads -e 'print "$threads::VERSION\n"'
1.82



How reproducible:

Extremely.  Here's a test command:

[root@pandora pandora_server]# perl -e "sub M::DESTROY; bless {}, M;"
Segmentation fault



Steps to Reproduce:
1. The following command specifically triggers this bug:

  perl -e "sub M::DESTROY; bless {}, M;"

Additionally, you could attempt to run PandoraFMS agent on x86-64 running RedHat 6.3.  It sends one alert, then segfaults the second round.


  
Actual results:

Segmentation fault.

perl[19896]: segfault at 0 ip 00007f41a5694d6c sp 00007fffe20e3050 error 4 in libperl.so[7f41a55dc000+162000]

pandora_agent[19528] general protection ip:7f69181eafd0 sp:7f690e55ba40 error:0 in libperl.so[7f6918156000+162000]

Note that in any case the fault is in libperl.so, 162000 bytes from the base of the library's load address.  The fault is thus extremely reproducible and can easily be traced by running the given perl one-liner through perl while watching with a debugger.  A newer version of perl may have the bug fixed already; current is 5.16.



Expected results:

Should work.


Additional info:

This particular issue should have been fixed in threads 1.73, yet it still exists in version 1.82 of Perl threads on RHEL 6.3.  This leads me to believe there's another coding error responsible that's not triggered on x86, but is on x86-64.
Comment 2 john.r.moser 2012-07-16 09:02:57 EDT
According to tests, this also segfaults in Perl 5.11.0.  A fellow on Freenode ran the above test through his development environment and reports:

All stable releases between and including 5.6.2 and 5.10.0 x86_64 Perl run the code without crashing.

All stable releases from and including 5.12 and above run the code without crashing.

Perl releases 5.10.1 and 5.11.0 segfault on the above test case.
Comment 3 john.r.moser 2012-07-17 15:38:07 EDT
http://www.nntp.perl.org/group/perl.perl5.porters/2010/01/msg155286.html

Appears to be this exact bug!
Comment 4 john.r.moser 2012-07-17 15:51:51 EDT
Created attachment 598738 [details]
Patch for perl bug 71952

Patch as per perl #71952:

http://code.activestate.com/lists/perl5-porters/147074/
Comment 5 Marcela Mašláňová 2012-07-18 06:55:33 EDT
Thank you for the report and the patch.
Comment 7 Jon Hermansen 2012-08-02 19:06:19 EDT
I'm experiencing this same bug while using Thread::Pool::Simple on CentOS 6.3. Would be great to see it fixed!
Comment 8 Will Saxon 2012-09-07 18:25:28 EDT
I rebuilt perl based on the SRPM using this patch, and it seems to work. I had to modify the spec file and the patch so that it would apply cleanly. I'll attach both to this bug.
Comment 9 Will Saxon 2012-09-07 18:27:37 EDT
Created attachment 610850 [details]
RPM spec file, modified from perl-5.10.1-127.el6
Comment 10 Will Saxon 2012-09-07 18:28:46 EDT
Created attachment 610851 [details]
modified patch

this is modified from the original patch to apply cleanly against the perl-5.10.1-127.el6 SRPM as new patch 23.
Comment 18 errata-xmlrpc 2013-11-20 23:40:44 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1534.html

Note You need to log in before you can comment on or make changes to this bug.