Beefy Boxes and Bandwidth Generously Provided by pair Networks vroom
Perl Monk, Perl Meditation
 
PerlMonks  

"double free or corruption" in Perl 5.16.0 but not in 5.14.2

by mje (Deacon)
on Sep 20, 2012 at 15:18 UTC ( #994686=perlquestion: print w/ replies, xml ) Need Help??
mje has asked for the wisdom of the Perl Monks concerning the following question:

I realise this is a horrible example. It was part of a much bigger bit of code and I've tried to reduce it as much as possible but almost anything I change now makes it work. It works in all versions of perl before 5.16.0 I've tried and also fails in 5.16.1.

use strict; use warnings; use v5.16.0; # change any of the numbers below 305 or 1205) and it works. # it is not stack size as I've changed that with ulimit my @md = (1..305); my @mp = (1000..1205); print "market detail: ", scalar(@md), "\n"; print "market price: ", scalar(@mp), "\n"; my $path = "/tmp/x"; mkdir $path or die "making $path, $!"; foreach (@md) { open(my $f, ">", "$path/md_$_.dat"); close $f; } foreach (@mp) { open(my $f, ">", "$path/mp_$_.dat"); close $f; } chdir $path or die "failed to chdir to $path"; my @b = glob(qq{$path/mp_[0123456789]*.dat $path/md_[0123456789]*.dat}); print scalar(@b), "\n";

which completes with:

*** glibc detected *** perl: double free or corruption (!prev): 0x09ca +5390 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb7639f22] /lib/i386-linux-gnu/libc.so.6(+0x70bc2)[0xb763abc2] /lib/i386-linux-gnu/libc.so.6(cfree+0x6d)[0xb763dcad] perl(Perl_av_extend+0x19d)[0x80d40dd] perl(Perl_stack_grow+0x32)[0x80ff512] perl(Perl_pp_padav+0x114)[0x80f05c4] perl(Perl_runops_standard+0xb)[0x80d5a3b] perl(perl_run+0x325)[0x807ca15] perl(main+0x105)[0x8061c45] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb75e3113] perl[0x8061c75] ======= Memory map: ======== 08048000-0818b000 r-xp 00000000 08:01 15075154 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/bin/perl 0818b000-0818c000 r--p 00142000 08:01 15075154 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/bin/perl 0818c000-0818f000 rw-p 00143000 08:01 15075154 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/bin/perl 09c81000-09ce4000 rw-p 00000000 00:00 0 [heap] b7100000-b7121000 rw-p 00000000 00:00 0 b7121000-b7200000 ---p 00000000 00:00 0 b7214000-b7230000 r-xp 00000000 08:01 12756973 /lib/i386-linux-gnu/l +ibgcc_s.so.1 b7230000-b7231000 r--p 0001b000 08:01 12756973 /lib/i386-linux-gnu/l +ibgcc_s.so.1 b7231000-b7232000 rw-p 0001c000 08:01 12756973 /lib/i386-linux-gnu/l +ibgcc_s.so.1 b7251000-b7256000 r-xp 00000000 08:01 15082170 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/auto/File/Glob/Glob.so b7256000-b7257000 r--p 00004000 08:01 15082170 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/auto/File/Glob/Glob.so b7257000-b7258000 rw-p 00005000 08:01 15082170 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/auto/File/Glob/Glob.so b7258000-b7298000 r--p 006a5000 08:01 12665422 /usr/lib/locale/local +e-archive b7298000-b73c9000 r--p 00446000 08:01 12665422 /usr/lib/locale/local +e-archive b73c9000-b75c9000 r--p 00000000 08:01 12665422 /usr/lib/locale/local +e-archive b75c9000-b75ca000 rw-p 00000000 00:00 0 b75ca000-b7742000 r-xp 00000000 08:01 12755031 /lib/i386-linux-gnu/l +ibc-2.13.so b7742000-b7744000 r--p 00178000 08:01 12755031 /lib/i386-linux-gnu/l +ibc-2.13.so b7744000-b7745000 rw-p 0017a000 08:01 12755031 /lib/i386-linux-gnu/l +ibc-2.13.so b7745000-b7748000 rw-p 00000000 00:00 0 b7748000-b7750000 r-xp 00000000 08:01 12755033 /lib/i386-linux-gnu/l +ibcrypt-2.13.so b7750000-b7751000 r--p 00007000 08:01 12755033 /lib/i386-linux-gnu/l +ibcrypt-2.13.so b7751000-b7752000 rw-p 00008000 08:01 12755033 /lib/i386-linux-gnu/l +ibcrypt-2.13.so b7752000-b777a000 rw-p 00000000 00:00 0 b777a000-b77a2000 r-xp 00000000 08:01 12755035 /lib/i386-linux-gnu/l +ibm-2.13.so b77a2000-b77a3000 r--p 00028000 08:01 12755035 /lib/i386-linux-gnu/l +ibm-2.13.so b77a3000-b77a4000 rw-p 00029000 08:01 12755035 /lib/i386-linux-gnu/l +ibm-2.13.so b77a4000-b77a7000 r-xp 00000000 08:01 12755034 /lib/i386-linux-gnu/l +ibdl-2.13.so b77a7000-b77a8000 r--p 00002000 08:01 12755034 /lib/i386-linux-gnu/l +ibdl-2.13.so b77a8000-b77a9000 rw-p 00003000 08:01 12755034 /lib/i386-linux-gnu/l +ibdl-2.13.so b77c7000-b77c8000 r--p 003fc000 08:01 12665422 /usr/lib/locale/local +e-archive b77c8000-b77ca000 rw-p 00000000 00:00 0 b77ca000-b77cb000 r-xp 00000000 00:00 0 [vdso] b77cb000-b77e9000 r-xp 00000000 08:01 12755028 /lib/i386-linux-gnu/l +d-2.13.so b77e9000-b77ea000 r--p 0001d000 08:01 12755028 /lib/i386-linux-gnu/l +d-2.13.so b77ea000-b77eb000 rw-p 0001e000 08:01 12755028 /lib/i386-linux-gnu/l +d-2.13.so bf9cf000-bf9f0000 rw-p 00000000 00:00 0 [stack] Aborted

valgrind says:

==26288== Invalid write of size 4 ==26288== at 0x4029C3E: memcpy (mc_replace_strmem.c:635) ==26288== by 0x4032D9E: iterate (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/au +to/File/Glob/Glob.so) ==26288== by 0x8111B36: Perl_pp_glob (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x40C8112: (below main) (libc-start.c:226) ==26288== Address 0x42c3730 is 0 bytes after a block of size 2,032 al +loc'd ==26288== at 0x4028876: malloc (vg_replace_malloc.c:236) ==26288== by 0x80BAB88: Perl_safesysmalloc (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x80D4087: Perl_av_extend (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x80FF511: Perl_stack_grow (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x8108483: Perl_pp_flop (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x80D5A3A: Perl_runops_standard (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806B701: Perl_list (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806BC6F: S_listkids (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806B796: Perl_list (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806E1DA: Perl_newASSIGNOP (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x809C316: Perl_yyparse (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x807B9DA: perl_parse (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288==

UPDATE: also fails in 5.17.4

Comment on "double free or corruption" in Perl 5.16.0 but not in 5.14.2
Select or Download Code
Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by tobyink (Abbot) on Sep 20, 2012 at 15:32 UTC

    Confirmed. No crash in Perls 5.8 to 5.14, but crashes in 5.16. Tried it in threaded and unthreaded Perls and same results.

    Hmmm... I really need to grab 5.17.x for testing things like this.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by VinsWorldcom (Priest) on Sep 20, 2012 at 15:59 UTC

    Crashes Strawberry Perl 5.16.1 on Windows 7 x64 also. Note I changed the $path variable for Windows:

    my $path = "c:/users/VinsWorldcom/tmp/x";

    And here goes:

    VinsWorldcom@C:\Users\VinsWorldcom\tmp> perl -v This is perl 5, version 16, subversion 1 (v5.16.1) built for MSWin32-x +64-multi-thread [...] VinsWorldcom@C:\Users\VinsWorldcom\tmp> test market detail: 305 market price: 206 511

    At that point a pop-up window says "perl.exe has stopped working".

Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by chromatic (Archbishop) on Sep 20, 2012 at 17:58 UTC

    I reproduced this with bleadperl. This patch fixes the problem and all core tests pass, but it doesn't quite pass my eyeball test. It's worth filing a bug with p5p.

    diff --git a/ext/File-Glob/Glob.xs b/ext/File-Glob/Glob.xs index 3ea0590..f8bc20f 100644 --- a/ext/File-Glob/Glob.xs +++ b/ext/File-Glob/Glob.xs @@ -237,8 +237,8 @@ csh_glob(pTHX_ AV *entries, SV *patsv) SV **svp = AvARRAY(patav); while (items--) { PUSHMARK(SP); - PUTBACK; doglob(aTHX_ SvPVXx(*svp++), flags); + PUTBACK; SPAGAIN; { dMARK;

      Thanks. I just reported it with perlbug half an hour ago at https://rt.perl.org/rt3/Ticket/Display.html?id=114984. I'll try your patch.

        Unfortunately, patch applied against 5.17.4 gave the following test errors.

        ../cpan/CGI/t/tmpdir.t (Wstat +: 0 Tests: 9 Failed: 0) TODO passed: 3-9 ../ext/File-Glob/t/basic.t (Wstat +: 768 Test s: 49 Failed: 3) Failed tests: 19, 21-22 Non-zero exit status: 3 Files=2336, Tests=548419, 725 wallclock secs (50.53 usr 6.81 sys + 40 +1.23 cusr 34.93 csys = 493.50 CPU) Result: FAIL

        Perhaps I applied it incorrectly - will check.

Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by Khen1950fx (Canon) on Sep 21, 2012 at 03:22 UTC
    I couldn't replicate your problem, tested on 5.8x thru 5.17.4. At first, I thought the problem was with File::Glob; however, I kept getting an exception with chdir. It seems that there's a portability issue. I don't have fchdir, so I can't pass it a filehandle nor dirhandle without getting
    chdir('') has been deprecated...
    I stopped after this:
    #!perl -l BEGIN { $| = 1; } use autodie; use strict 'refs'; use warnings FATAL => 'syntax'; use Data::Dumper::Concise; use File::Glob ':globally'; use Memoize; memoize('no_bug', LIST_CACHE => 'MEMORY'); no_bug(); sub no_bug { my(@md) = (1..305); my(@mp) = (1000..1205); print "market detail: ", scalar(@md); print "market price: ", scalar(@mp); my $path = '/tmp/xx'; foreach my $md(@md) { &open(my $f, '<', $path); &close($f); } foreach my $mp(@mp) { &open(my $f, '<', $path); &close($f); } chdir '/tmp/xx'; my(@sources) = <~$path/mp_*>, <~$path/md_* >; print Dumper(scalar @sources); }
Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by mje (Deacon) on Sep 21, 2012 at 10:33 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://994686]
Approved by marto
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (15)
As of 2014-04-18 12:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (466 votes), past polls