Bug #128594 for C-Mlock: SEGV possible in test suite

> On 23 Feb 2019, at 20:25, Slaven_Rezic via RT <bug-C-Mlock@rt.cpan.org> wrote: > > Sat Feb 23 04:25:33 2019: Request 128594 was acted upon. > Transaction: Ticket created by SREZIC > Queue: C-Mlock > Subject: SEGV possible in test suite > Broken in: 1.11 > Severity: (no value) > Owner: Nobody > Requestors: SREZIC@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=128594 > > > > Sometimes t/04-resize.t terminates with a SEGV: > > ... > t/04-resize.t ..... > All 7 subtests passed > ... > Test Summary Report > ------------------- > t/04-resize.t (Wstat: 11 Tests: 7 Failed: 0) > Non-zero wait status: 11 > ... > > I looked with valgrind into this test script: > > ... > ok 3 - Set size to smaller > ==5225== Invalid write of size 1 > ==5225== at 0x7D88ADE: set_size (store.c:80) > ==5225== by 0x7D889F8: set_pages (store.c:54) > ==5225== by 0x7D877CE: XS_C__Mlock_set_pages (in /home/cpansand/.cpan/build/2019022309/C-Mlock-1.11-0/blib/arch/auto/C/Mlock/Mlock.so) > ==5225== by 0x1CFDF7: Perl_pp_entersub (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1C8702: Perl_runops_standard (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x152515: Perl_call_sv (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x154749: Perl_call_list (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1380AE: S_process_special_blocks.isra.10 (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x14BA3E: Perl_newATTRSUB_x (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x180C6E: Perl_yyparse (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x158499: perl_parse (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1363C5: main (in /opt/perl-5.24.3/bin/perl) > ==5225== Address 0x7af6e20 is 16 bytes before a block of size 120 free'd > ==5225== at 0x4C2CDDB: free (vg_replace_malloc.c:530) > ==5225== by 0x1632F1: Perl_parser_free (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1FE1D7: Perl_leave_scope (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x20C7E4: Perl_pp_leaveeval (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1C8702: Perl_runops_standard (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x152515: Perl_call_sv (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x154749: Perl_call_list (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1380AE: S_process_special_blocks.isra.10 (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x14BA3E: Perl_newATTRSUB_x (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x180C6E: Perl_yyparse (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x158499: perl_parse (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1363C5: main (in /opt/perl-5.24.3/bin/perl) > ==5225== Block was alloc'd at > ==5225== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) > ==5225== by 0x1AD074: Perl_safesysmalloc (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x16302F: Perl_lex_start (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x20BF72: Perl_pp_entereval (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1C8702: Perl_runops_standard (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x152515: Perl_call_sv (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x154749: Perl_call_list (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1380AE: S_process_special_blocks.isra.10 (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x14BA3E: Perl_newATTRSUB_x (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x180C6E: Perl_yyparse (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x158499: perl_parse (in /opt/perl-5.24.3/bin/perl) > ==5225== by 0x1363C5: main (in /opt/perl-5.24.3/bin/perl) > ==5225== > ok 4 - Set size to larger > ... > > Line 80 is: > > *(pAddressRegion->pBytes+bytes) = '\0'; /* terminate if we truncate */ > > but I don't see a condition to check if we're really truncating here? >