Beefy Boxes and Bandwidth Generously Provided by pair Networks httptech
XP is just a number
 
PerlMonks  

"double free or corruption" in Perl 5.16.0 but not in 5.14.2

by mje (Deacon)
on Sep 20, 2012 at 15:18 UTC ( #994686=perlquestion: print w/ replies, xml ) Need Help??
mje has asked for the wisdom of the Perl Monks concerning the following question:

I realise this is a horrible example. It was part of a much bigger bit of code and I've tried to reduce it as much as possible but almost anything I change now makes it work. It works in all versions of perl before 5.16.0 I've tried and also fails in 5.16.1.

use strict; use warnings; use v5.16.0; # change any of the numbers below 305 or 1205) and it works. # it is not stack size as I've changed that with ulimit my @md = (1..305); my @mp = (1000..1205); print "market detail: ", scalar(@md), "\n"; print "market price: ", scalar(@mp), "\n"; my $path = "/tmp/x"; mkdir $path or die "making $path, $!"; foreach (@md) { open(my $f, ">", "$path/md_$_.dat"); close $f; } foreach (@mp) { open(my $f, ">", "$path/mp_$_.dat"); close $f; } chdir $path or die "failed to chdir to $path"; my @b = glob(qq{$path/mp_[0123456789]*.dat $path/md_[0123456789]*.dat}); print scalar(@b), "\n";

which completes with:

*** glibc detected *** perl: double free or corruption (!prev): 0x09ca +5390 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb7639f22] /lib/i386-linux-gnu/libc.so.6(+0x70bc2)[0xb763abc2] /lib/i386-linux-gnu/libc.so.6(cfree+0x6d)[0xb763dcad] perl(Perl_av_extend+0x19d)[0x80d40dd] perl(Perl_stack_grow+0x32)[0x80ff512] perl(Perl_pp_padav+0x114)[0x80f05c4] perl(Perl_runops_standard+0xb)[0x80d5a3b] perl(perl_run+0x325)[0x807ca15] perl(main+0x105)[0x8061c45] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb75e3113] perl[0x8061c75] ======= Memory map: ======== 08048000-0818b000 r-xp 00000000 08:01 15075154 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/bin/perl 0818b000-0818c000 r--p 00142000 08:01 15075154 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/bin/perl 0818c000-0818f000 rw-p 00143000 08:01 15075154 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/bin/perl 09c81000-09ce4000 rw-p 00000000 00:00 0 [heap] b7100000-b7121000 rw-p 00000000 00:00 0 b7121000-b7200000 ---p 00000000 00:00 0 b7214000-b7230000 r-xp 00000000 08:01 12756973 /lib/i386-linux-gnu/l +ibgcc_s.so.1 b7230000-b7231000 r--p 0001b000 08:01 12756973 /lib/i386-linux-gnu/l +ibgcc_s.so.1 b7231000-b7232000 rw-p 0001c000 08:01 12756973 /lib/i386-linux-gnu/l +ibgcc_s.so.1 b7251000-b7256000 r-xp 00000000 08:01 15082170 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/auto/File/Glob/Glob.so b7256000-b7257000 r--p 00004000 08:01 15082170 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/auto/File/Glob/Glob.so b7257000-b7258000 rw-p 00005000 08:01 15082170 /home/martin/perl5/pe +rlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/auto/File/Glob/Glob.so b7258000-b7298000 r--p 006a5000 08:01 12665422 /usr/lib/locale/local +e-archive b7298000-b73c9000 r--p 00446000 08:01 12665422 /usr/lib/locale/local +e-archive b73c9000-b75c9000 r--p 00000000 08:01 12665422 /usr/lib/locale/local +e-archive b75c9000-b75ca000 rw-p 00000000 00:00 0 b75ca000-b7742000 r-xp 00000000 08:01 12755031 /lib/i386-linux-gnu/l +ibc-2.13.so b7742000-b7744000 r--p 00178000 08:01 12755031 /lib/i386-linux-gnu/l +ibc-2.13.so b7744000-b7745000 rw-p 0017a000 08:01 12755031 /lib/i386-linux-gnu/l +ibc-2.13.so b7745000-b7748000 rw-p 00000000 00:00 0 b7748000-b7750000 r-xp 00000000 08:01 12755033 /lib/i386-linux-gnu/l +ibcrypt-2.13.so b7750000-b7751000 r--p 00007000 08:01 12755033 /lib/i386-linux-gnu/l +ibcrypt-2.13.so b7751000-b7752000 rw-p 00008000 08:01 12755033 /lib/i386-linux-gnu/l +ibcrypt-2.13.so b7752000-b777a000 rw-p 00000000 00:00 0 b777a000-b77a2000 r-xp 00000000 08:01 12755035 /lib/i386-linux-gnu/l +ibm-2.13.so b77a2000-b77a3000 r--p 00028000 08:01 12755035 /lib/i386-linux-gnu/l +ibm-2.13.so b77a3000-b77a4000 rw-p 00029000 08:01 12755035 /lib/i386-linux-gnu/l +ibm-2.13.so b77a4000-b77a7000 r-xp 00000000 08:01 12755034 /lib/i386-linux-gnu/l +ibdl-2.13.so b77a7000-b77a8000 r--p 00002000 08:01 12755034 /lib/i386-linux-gnu/l +ibdl-2.13.so b77a8000-b77a9000 rw-p 00003000 08:01 12755034 /lib/i386-linux-gnu/l +ibdl-2.13.so b77c7000-b77c8000 r--p 003fc000 08:01 12665422 /usr/lib/locale/local +e-archive b77c8000-b77ca000 rw-p 00000000 00:00 0 b77ca000-b77cb000 r-xp 00000000 00:00 0 [vdso] b77cb000-b77e9000 r-xp 00000000 08:01 12755028 /lib/i386-linux-gnu/l +d-2.13.so b77e9000-b77ea000 r--p 0001d000 08:01 12755028 /lib/i386-linux-gnu/l +d-2.13.so b77ea000-b77eb000 rw-p 0001e000 08:01 12755028 /lib/i386-linux-gnu/l +d-2.13.so bf9cf000-bf9f0000 rw-p 00000000 00:00 0 [stack] Aborted

valgrind says:

==26288== Invalid write of size 4 ==26288== at 0x4029C3E: memcpy (mc_replace_strmem.c:635) ==26288== by 0x4032D9E: iterate (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/lib/5.16.0/i686-linux/au +to/File/Glob/Glob.so) ==26288== by 0x8111B36: Perl_pp_glob (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x40C8112: (below main) (libc-start.c:226) ==26288== Address 0x42c3730 is 0 bytes after a block of size 2,032 al +loc'd ==26288== at 0x4028876: malloc (vg_replace_malloc.c:236) ==26288== by 0x80BAB88: Perl_safesysmalloc (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x80D4087: Perl_av_extend (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x80FF511: Perl_stack_grow (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x8108483: Perl_pp_flop (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x80D5A3A: Perl_runops_standard (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806B701: Perl_list (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806BC6F: S_listkids (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806B796: Perl_list (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x806E1DA: Perl_newASSIGNOP (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x809C316: Perl_yyparse (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288== by 0x807B9DA: perl_parse (in /home/martin/perl5/perlbrew/perls/perl-5.16.0/bin/perl) ==26288==

UPDATE: also fails in 5.17.4

Comment on "double free or corruption" in Perl 5.16.0 but not in 5.14.2
Select or Download Code
Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by tobyink (Abbot) on Sep 20, 2012 at 15:32 UTC

    Confirmed. No crash in Perls 5.8 to 5.14, but crashes in 5.16. Tried it in threaded and unthreaded Perls and same results.

    Hmmm... I really need to grab 5.17.x for testing things like this.

    perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by VinsWorldcom (Priest) on Sep 20, 2012 at 15:59 UTC

    Crashes Strawberry Perl 5.16.1 on Windows 7 x64 also. Note I changed the $path variable for Windows:

    my $path = "c:/users/VinsWorldcom/tmp/x";

    And here goes:

    VinsWorldcom@C:\Users\VinsWorldcom\tmp> perl -v This is perl 5, version 16, subversion 1 (v5.16.1) built for MSWin32-x +64-multi-thread [...] VinsWorldcom@C:\Users\VinsWorldcom\tmp> test market detail: 305 market price: 206 511

    At that point a pop-up window says "perl.exe has stopped working".

Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by chromatic (Archbishop) on Sep 20, 2012 at 17:58 UTC

    I reproduced this with bleadperl. This patch fixes the problem and all core tests pass, but it doesn't quite pass my eyeball test. It's worth filing a bug with p5p.

    diff --git a/ext/File-Glob/Glob.xs b/ext/File-Glob/Glob.xs index 3ea0590..f8bc20f 100644 --- a/ext/File-Glob/Glob.xs +++ b/ext/File-Glob/Glob.xs @@ -237,8 +237,8 @@ csh_glob(pTHX_ AV *entries, SV *patsv) SV **svp = AvARRAY(patav); while (items--) { PUSHMARK(SP); - PUTBACK; doglob(aTHX_ SvPVXx(*svp++), flags); + PUTBACK; SPAGAIN; { dMARK;

      Thanks. I just reported it with perlbug half an hour ago at https://rt.perl.org/rt3/Ticket/Display.html?id=114984. I'll try your patch.

        Unfortunately, patch applied against 5.17.4 gave the following test errors.

        ../cpan/CGI/t/tmpdir.t (Wstat +: 0 Tests: 9 Failed: 0) TODO passed: 3-9 ../ext/File-Glob/t/basic.t (Wstat +: 768 Test s: 49 Failed: 3) Failed tests: 19, 21-22 Non-zero exit status: 3 Files=2336, Tests=548419, 725 wallclock secs (50.53 usr 6.81 sys + 40 +1.23 cusr 34.93 csys = 493.50 CPU) Result: FAIL

        Perhaps I applied it incorrectly - will check.

Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by Khen1950fx (Canon) on Sep 21, 2012 at 03:22 UTC
    I couldn't replicate your problem, tested on 5.8x thru 5.17.4. At first, I thought the problem was with File::Glob; however, I kept getting an exception with chdir. It seems that there's a portability issue. I don't have fchdir, so I can't pass it a filehandle nor dirhandle without getting
    chdir('') has been deprecated...
    I stopped after this:
    #!perl -l BEGIN { $| = 1; } use autodie; use strict 'refs'; use warnings FATAL => 'syntax'; use Data::Dumper::Concise; use File::Glob ':globally'; use Memoize; memoize('no_bug', LIST_CACHE => 'MEMORY'); no_bug(); sub no_bug { my(@md) = (1..305); my(@mp) = (1000..1205); print "market detail: ", scalar(@md); print "market price: ", scalar(@mp); my $path = '/tmp/xx'; foreach my $md(@md) { &open(my $f, '<', $path); &close($f); } foreach my $mp(@mp) { &open(my $f, '<', $path); &close($f); } chdir '/tmp/xx'; my(@sources) = <~$path/mp_*>, <~$path/md_* >; print Dumper(scalar @sources); }
Re: "double free or corruption" in Perl 5.16.0 but not in 5.14.2
by mje (Deacon) on Sep 21, 2012 at 10:33 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://994686]
Approved by marto
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (7)
As of 2014-04-19 15:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (483 votes), past polls