Skip Menu |

This queue is for tickets about the Devel-QuickCover CPAN distribution.

Report information
The Basics
Id: 130307
Status: open
Priority: 0/
Queue: Devel-QuickCover
People
Owner: Nobody in particular
Requestors: sloane [...] cpanel.net
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
smime.p7s

History Show all quoted text
  Thu Aug 15 17:16:28 2019 sloane [...] cpanel.net - Ticket created
Subject: Devel::QuickCover segfaults if a function resulting from a typeglob alias is called after the original is undefined
Date: Thu, 15 Aug 2019 16:16:10 -0500
To: bug-Devel-QuickCover [...] rt.cpan.org
From: Sloane Bernstein <sloane [...] cpanel.net>
If a function is given a typeglob alias by assigning a reference of that function to the typeglob, then the original symbol is undefined, Perl will segfault inside of Devel::QuickCover as a result of a null pointer when the function is invoked as its alias. Specifically, consider the following program: ======================================================================== # cat bad.pl sub a { 0; } sub b { 1; } *a = \&b; my ( $a_ref, $b_ref ) = ( \&a, \&b ); print "$a_ref, $b_ref\n"; undef *b if $ARGV[1]; $a_ref = \&a; print "$a_ref\n"; my $i = a(); print "$i\n”; ======================================================================== The expected result of the program under all cases is that $i will be assigned the value 1. However, if Devel::QuickCover is included when an argument is passed (which causes the original &b to become undefined), Perl will segfault: ======================================================================== [root@sandbox ~]# perl bad.pl -- CODE(0xdeecd0), CODE(0xdeecd0) CODE(0xdeecd0) 1 [root@sandbox ~]# perl bad.pl -- undefine CODE(0x1dfac98), CODE(0x1dfac98) CODE(0x1dfac98) 1 [root@sandbox ~]# perl -MDevel::QuickCover bad.pl -- CODE(0x1976ce0), CODE(0x1976ce0) CODE(0x1976ce0) 1 [root@sandbox ~]# perl -MDevel::QuickCover bad.pl -- undefine CODE(0x2276cc8), CODE(0x2276cc8) CODE(0x2276cc8) Segmentation fault ======================================================================== The immediate cause of the segfault is that the file variable is NULL when add_covered_sub_helper() in quickcover.xs is called: ======================================================================== static void add_covered_sub_helper(pTHX_ CoverList* cover, const char* file, const char* name, U32 line, int phase) { U32 file_hash, name_hash; PERL_HASH(file_hash, file, strlen(file)); PERL_HASH(name_hash, name, strlen(name)); cover_sub_add_covered_sub(cover, file, file_hash, name, name_hash, line, phase); } ======================================================================== I have reproduced this with a custom build of Perl 5.28.0 and Devel::QuickCover 0.900010 on CentOS 7.6, as well as the system build of Perl 5.22.2 and CPAN build of Devel::QuickCover 0.900014 on Slackware 14.2.
Download smime.p7s
application/pkcs7-signature 3.9k

Message body not shown because it is not plain text.

  Fri Aug 16 02:05:55 2019 gonzalo.diethelm [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #130307] Devel::QuickCover segfaults if a function resulting from a typeglob alias is called after the original is undefined
Date: Fri, 16 Aug 2019 08:05:35 +0200
To: bug-Devel-QuickCover [...] rt.cpan.org
From: Gonzalo Diethelm <gonzalo.diethelm [...] gmail.com>
Hi Sloane, Can you please open an issue in the github repo for Devel::QuickCover, including all this info? It is easier to discuss it over there. Thanks! On Thu, Aug 15, 2019 at 11:16 PM Sloane Bernstein via RT < bug-Devel-QuickCover@rt.cpan.org> wrote: Show quoted text
> Thu Aug 15 17:16:28 2019: Request 130307 was acted upon. > Transaction: Ticket created by sloane@cpanel.net > Queue: Devel-QuickCover > Subject: Devel::QuickCover segfaults if a function resulting from a > typeglob alias is called after the original is undefined > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: sloane@cpanel.net > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=130307 > > > > If a function is given a typeglob alias by assigning a reference of that > function to the typeglob, then the original symbol is undefined, Perl will > segfault inside of Devel::QuickCover as a result of a null pointer when the > function is invoked as its alias. Specifically, consider the following > program: > > ======================================================================== > > # cat bad.pl > sub a { 0; } > sub b { 1; } > *a = \&b; > > my ( $a_ref, $b_ref ) = ( \&a, \&b ); > print "$a_ref, $b_ref\n"; > > undef *b if $ARGV[1]; > $a_ref = \&a; > print "$a_ref\n"; > > my $i = a(); > print "$i\n”; > > ======================================================================== > > The expected result of the program under all cases is that $i will be > assigned the value 1. However, if Devel::QuickCover is included when an > argument is passed (which causes the original &b to become undefined), Perl > will segfault: > > ======================================================================== > > [root@sandbox ~]# perl bad.pl -- > CODE(0xdeecd0), CODE(0xdeecd0) > CODE(0xdeecd0) > 1 > > [root@sandbox ~]# perl bad.pl -- undefine > CODE(0x1dfac98), CODE(0x1dfac98) > CODE(0x1dfac98) > 1 > > [root@sandbox ~]# perl -MDevel::QuickCover bad.pl -- > CODE(0x1976ce0), CODE(0x1976ce0) > CODE(0x1976ce0) > 1 > > [root@sandbox ~]# perl -MDevel::QuickCover bad.pl -- undefine > CODE(0x2276cc8), CODE(0x2276cc8) > CODE(0x2276cc8) > Segmentation fault > > ======================================================================== > > The immediate cause of the segfault is that the file variable is NULL when > add_covered_sub_helper() in quickcover.xs is called: > > ======================================================================== > > static void add_covered_sub_helper(pTHX_ CoverList* cover, const char* > file, const char* name, U32 line, int phase) { > U32 file_hash, name_hash; > > PERL_HASH(file_hash, file, strlen(file)); > PERL_HASH(name_hash, name, strlen(name)); > cover_sub_add_covered_sub(cover, file, file_hash, name, name_hash, > line, phase); > } > > ======================================================================== > > I have reproduced this with a custom build of Perl 5.28.0 and > Devel::QuickCover 0.900010 on CentOS 7.6, as well as the system build of > Perl 5.22.2 and CPAN build of Devel::QuickCover 0.900014 on Slackware 14.2. > > >
-- Gonzalo Diethelm gonzalo.diethelm@gmail.com
  Fri Aug 16 02:05:55 2019 The RT System itself - Status changed from 'new' to 'open'
  Fri Aug 16 11:25:59 2019 sloane [...] cpanel.net - Correspondence added
Subject: Re: [rt.cpan.org #130307] Devel::QuickCover segfaults if a function resulting from a typeglob alias is called after the original is undefined
Date: Fri, 16 Aug 2019 10:25:48 -0500
To: bug-Devel-QuickCover [...] rt.cpan.org
From: Sloane Bernstein <sloane [...] cpanel.net>
Filed at https://github.com/p5pclub/devel-quickcover/issues/20 Show quoted text
> On Aug 16, 2019, at 01:05, Gonzalo Diethelm via RT <bug-Devel-QuickCover@rt.cpan.org> wrote: > > <URL: https://rt.cpan.org/Ticket/Display.html?id=130307 > > > Hi Sloane, > > Can you please open an issue in the github repo for Devel::QuickCover, > including all this info? It is easier to discuss it over there. Thanks! > > > On Thu, Aug 15, 2019 at 11:16 PM Sloane Bernstein via RT < > bug-Devel-QuickCover@rt.cpan.org> wrote: >
>> Thu Aug 15 17:16:28 2019: Request 130307 was acted upon. >> Transaction: Ticket created by sloane@cpanel.net >> Queue: Devel-QuickCover >> Subject: Devel::QuickCover segfaults if a function resulting from a >> typeglob alias is called after the original is undefined >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: sloane@cpanel.net >> Status: new >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=130307 > >> >> >> If a function is given a typeglob alias by assigning a reference of that >> function to the typeglob, then the original symbol is undefined, Perl will >> segfault inside of Devel::QuickCover as a result of a null pointer when the >> function is invoked as its alias. Specifically, consider the following >> program: >> >> ======================================================================== >> >> # cat bad.pl >> sub a { 0; } >> sub b { 1; } >> *a = \&b; >> >> my ( $a_ref, $b_ref ) = ( \&a, \&b ); >> print "$a_ref, $b_ref\n"; >> >> undef *b if $ARGV[1]; >> $a_ref = \&a; >> print "$a_ref\n"; >> >> my $i = a(); >> print "$i\n”; >> >> ======================================================================== >> >> The expected result of the program under all cases is that $i will be >> assigned the value 1. However, if Devel::QuickCover is included when an >> argument is passed (which causes the original &b to become undefined), Perl >> will segfault: >> >> ======================================================================== >> >> [root@sandbox ~]# perl bad.pl -- >> CODE(0xdeecd0), CODE(0xdeecd0) >> CODE(0xdeecd0) >> 1 >> >> [root@sandbox ~]# perl bad.pl -- undefine >> CODE(0x1dfac98), CODE(0x1dfac98) >> CODE(0x1dfac98) >> 1 >> >> [root@sandbox ~]# perl -MDevel::QuickCover bad.pl -- >> CODE(0x1976ce0), CODE(0x1976ce0) >> CODE(0x1976ce0) >> 1 >> >> [root@sandbox ~]# perl -MDevel::QuickCover bad.pl -- undefine >> CODE(0x2276cc8), CODE(0x2276cc8) >> CODE(0x2276cc8) >> Segmentation fault >> >> ======================================================================== >> >> The immediate cause of the segfault is that the file variable is NULL when >> add_covered_sub_helper() in quickcover.xs is called: >> >> ======================================================================== >> >> static void add_covered_sub_helper(pTHX_ CoverList* cover, const char* >> file, const char* name, U32 line, int phase) { >> U32 file_hash, name_hash; >> >> PERL_HASH(file_hash, file, strlen(file)); >> PERL_HASH(name_hash, name, strlen(name)); >> cover_sub_add_covered_sub(cover, file, file_hash, name, name_hash, >> line, phase); >> } >> >> ======================================================================== >> >> I have reproduced this with a custom build of Perl 5.28.0 and >> Devel::QuickCover 0.900010 on CentOS 7.6, as well as the system build of >> Perl 5.22.2 and CPAN build of Devel::QuickCover 0.900014 on Slackware 14.2. >> >> >>
> > -- > Gonzalo Diethelm > gonzalo.diethelm@gmail.com >
Download smime.p7s
application/pkcs7-signature 3.9k

Message body not shown because it is not plain text.