Bug #49029 for Exception-SEH: Perl dumps core in reaction to certain syntax errors

Wed Aug 26 12:57:37 2009 FERRENCY [...] cpan.org - Ticket created

In some cases when there is a syntax error inside a try {} block, Perl dumps core. This is perl, v5.8.8 built for i386-freebsd Here is a minimal failing test case: use Exception::SEH; use strict; try { if (1) { } else { do_something(test => 1}); } } When I run this, I get: % perl test-seh2.pl syntax error at test-seh2.pl line 7, near "1}" Execution of test-seh2.pl aborted due to compilation errors. perl in realloc(): error: modified (page-) pointer Abort (core dumped) I found this bug deeply buried in some code we're working on. In that case, which had slightly more complex logic within the try, perl did not report on the syntax error before it dumped core. This made tracking down the problem very difficult. I still don't know why it would act differently in that case. The problem above does not occur unless the syntax error is within an } else { block as it was there. I believe the problem may be related to the fact that the } else { block looks a bit like a } catch { block (but with a different name). Thank you for any help you can provide on this problem, Alan Ferrency

Wed Aug 26 12:58:03 2009 FERRENCY [...] cpan.org - Subject changed from (no value) to 'Perl dumps core in reaction to certain syntax errors'

Wed Aug 26 16:12:05 2009 FERRENCY [...] cpan.org - Correspondence added

It turns out the failing test case I provided does not fail on Perl 5.8.9. I'm not sure whether this is a bug in Perl that was fixed, or a bug in Exception::SEH. Thanks, Alan

Wed Aug 26 16:12:06 2009 FERRENCY [...] cpan.org - Status changed from 'new' to 'open'

Thu Aug 27 10:10:26 2009 RANDIR [...] cpan.org - Correspondence added

warmechs% perl -v This is perl, v5.8.8 built for i386-freebsd warmechs% perl -e 'use Devel::Declare; print $Devel::Declare::VERSION' 0.005006% warmechs% perl crash.pl syntax error at crash.pl line 9, near "1}" Execution of crash.pl aborted due to compilation errors. ====== To investigate what's happening, i need: perl -V (or just is your build threaded/unthreaded) and versions of Devel::Declare, B::Hooks::OP::PPAddr, B::Hooks::OP::Check you have installed. If you have different versions of them on your 5.8.8/5.8.9 installations - try install latest Devel::Declare with dependencies on 5.8.8, this'll probably solve your problem.

Thu Aug 27 10:20:16 2009 FERRENCY [...] cpan.org - Correspondence added

Subject:	Re: [rt.cpan.org #49029] Perl dumps core in reaction to certain syntax errors
Date:	Thu, 27 Aug 2009 10:19:48 -0400 (EDT)
To:	Sergey Aleynikov via RT <bug-Exception-SEH [...] rt.cpan.org>
From:	FERRENCY [...] cpan.org

Hi, Here you go. Perl isn't threaded, but I've included perl -V below as well. I'll look into reproducing this on 5.8.9 as well, since it may be related to a different CPAN module version. The machine that crashes does have the latest Devel::Declare, I had to install the entire dependency tree from scratch. Thank you for your help! This does look like the best Exception handling module available, but I'll need to quell some paranoia before getting it heavily into production. Alan Ferrency perl -e 'use Devel::Declare; print $Devel::Declare::VERSION' 0.005011 perl -e 'use B::Hooks::OP::PPAddr; print $B::Hooks::OP::PPAddr::VERSION' 0.03 perl -e 'use B::Hooks::OP::Check; print $B::Hooks::OP::Check::VERSION' 0.18 Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Platform: osname=freebsd, osvers=6.2-prerelease, archname=i386-freebsd uname='freebsd mayon.pair.com 6.2-prerelease freebsd 6.2-prerelease #2: wed sep 13 23:00:26 utc 2006 <snip>:usrobjusrsrcsysgeneric i386 ' config_args='-de' hint=previous, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=define d_sfio=undef uselargefiles=define usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cc', ccflags ='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include', optimize='-O', cppflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include' ccversion='', gccversion='3.4.6 [FreeBSD] 20060305', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, prototype=define Linker and Libraries: ld='cc', ldflags ='-Wl,-E -L/usr/local/lib' libpth=/usr/lib /usr/local/lib libs=-lm -lcrypt -lutil -lc perllibs=-lm -lcrypt -lutil -lc libc=, so=so, useshrplib=false, libperl=libperl.a gnulibc_version='' Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' ' cccdlflags='-DPIC -fPIC', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: PERL_MALLOC_WRAP USE_LARGE_FILES USE_PERLIO Built under freebsd Compiled at Sep 19 2006 14:25:44 @INC: /usr/local/lib/perl5/5.8.8/i386-freebsd /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/i386-freebsd /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl . On Thu, 27 Aug 2009, Sergey Aleynikov via RT wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=49029 > > > warmechs% perl -v > This is perl, v5.8.8 built for i386-freebsd > > warmechs% perl -e 'use Devel::Declare; print $Devel::Declare::VERSION' > 0.005006% > > > warmechs% perl crash.pl > syntax error at crash.pl line 9, near "1}" > Execution of crash.pl aborted due to compilation errors. > > ====== > > To investigate what's happening, i need: > perl -V (or just is your build threaded/unthreaded) and versions of > Devel::Declare, B::Hooks::OP::PPAddr, B::Hooks::OP::Check you have > installed. > > If you have different versions of them on your 5.8.8/5.8.9 installations > - try install latest Devel::Declare with dependencies on 5.8.8, this'll > probably solve your problem. >

Thu Aug 27 22:25:46 2009 RANDIR [...] cpan.org - Correspondence added

I've got some result, but it's strange. Full -V output was really required. I always compile my perls with -Dusemymalloc=y, but default for freebsd is 'no', and thus use a system malloc. I've built perl with config_args='-de' (exactly as your), the only difference between working perl was malloc setting, and got a coredump. I'll try to produce a shorter crash with pure Devel::Declare and ask Florian Ragwitz, what can be source and can it be corrected.

Fri Aug 28 10:26:37 2009 FERRENCY [...] cpan.org - Correspondence added

Subject:	Re: [rt.cpan.org #49029] Perl dumps core in reaction to certain syntax errors
Date:	Fri, 28 Aug 2009 10:26:14 -0400 (EDT)
To:	Sergey Aleynikov via RT <bug-Exception-SEH [...] rt.cpan.org>
From:	FERRENCY [...] cpan.org

Okay, that's interesting and good to know. I'm not sure of any reason to use one malloc() or the other, and it seems likely we didn't have any good reason for using those defaults. I tried to reproduce the problem on our Perl 5.8.9 box with the same module versions, but I couldn't reproduce the problem. Now that you mention "usemymalloc" I see that we have it set to "yes" on our 5.8.9. So that's consistent, at least. Thanks for looking into this. I suppose I'd reduce the priority from "important" to "unimportant" now that we at least have a clear definition of when the problem might occur. Thanks, Alan Ferrency On Thu, 27 Aug 2009, Sergey Aleynikov via RT wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=49029 > > > I've got some result, but it's strange. Full -V output was really required. > > I always compile my perls with -Dusemymalloc=y, but default for freebsd > is 'no', and thus use a system malloc. I've built perl with > config_args='-de' (exactly as your), the only difference between working > perl was malloc setting, and got a coredump. > > I'll try to produce a shorter crash with pure Devel::Declare and ask > Florian Ragwitz, what can be source and can it be corrected. >

Sun Aug 30 09:15:52 2009 RANDIR [...] cpan.org - Correspondence added

Further investigation: this is only 5.8.8 (and, probably, below) bug. 5.8.9, 5.9.5, 5.10.0 with both usemymalloc possibilities are free. Here is patch to test with your complex 5.8.8 case (it works for short code above, but you've told that you didn't get anything meaningful for your default case): --- Exception-SEH-0.01005/lib/Exception/SEH/Parser.pm Sat Jun 20 11:14:43 2009 +++ Exception-SEH-0.01006/lib/Exception/SEH/Parser.pm Sun Aug 30 17:00:37 2009 @@ -13,7 +13,7 @@ sub CATCH() { 1 } sub FINALLY() { 2 } -our $VERSION = '0.01002'; +our $VERSION = '0.01003'; sub new{ my ($class, $offset) = @_; @@ -80,6 +80,8 @@ $length < 0 || $self->{'offset'} + $length > length($linestr) + || + $self->{'offset'} < 0 ){ require Carp; Carp::croak "Unbalanced text supplied as catch argument"; @@ -100,7 +102,11 @@ print STDERR "inject called at $self->{offset} for '$inject'\r\n" if DEBUG; my $linestr = Devel::Declare::get_linestr; - if ($self->{'offset'} > length($linestr)){ + if ( + $self->{'offset'} > length($linestr) + || + $self->{'offset'} < 0 + ){ require Carp; Carp::croak "Parser tried to inject data outside program source, stopping"; } @@ -154,8 +160,18 @@ } my $before = Devel::Declare::get_linestr(); + if ( + $parser->{'offset'} > length($before) + || + $parser->{'offset'} < 0 + ){ + my (undef, $file, $line) = caller(1); + print STDERR "Got some syntax error (misplaced '}' ?) at $file:$line\n"; + exit -1; + } $parser->skip_spaces; my $after = Devel::Declare::get_linestr(); + if ($parser->get_symbols(5) ne 'catch' && $parser->get_symbols(7) ne 'finally'){ if ($Exception::SEH::parser_state != INITIAL){

Sun Aug 30 09:19:59 2009 RANDIR [...] cpan.org - Correspondence added

Formatting is broken in message, so i attach patch as file.

--- Exception-SEH-0.01005/lib/Exception/SEH/Parser.pm Sat Jun 20 11:14:43 2009 +++ Exception-SEH-0.01006/lib/Exception/SEH/Parser.pm Sun Aug 30 17:00:37 2009 @@ -13,7 +13,7 @@ sub CATCH() { 1 } sub FINALLY() { 2 } -our $VERSION = '0.01002'; +our $VERSION = '0.01003'; sub new{ my ($class, $offset) = @_; @@ -80,6 +80,8 @@ $length < 0 || $self->{'offset'} + $length > length($linestr) + || + $self->{'offset'} < 0 ){ require Carp; Carp::croak "Unbalanced text supplied as catch argument"; @@ -100,7 +102,11 @@ print STDERR "inject called at $self->{offset} for '$inject'\r\n" if DEBUG; my $linestr = Devel::Declare::get_linestr; - if ($self->{'offset'} > length($linestr)){ + if ( + $self->{'offset'} > length($linestr) + || + $self->{'offset'} < 0 + ){ require Carp; Carp::croak "Parser tried to inject data outside program source, stopping"; } @@ -154,8 +160,18 @@ } my $before = Devel::Declare::get_linestr(); + if ( + $parser->{'offset'} > length($before) + || + $parser->{'offset'} < 0 + ){ + my (undef, $file, $line) = caller(1); + print STDERR "Got some syntax error (misplaced '}' ?) at $file:$line\n"; + exit -1; + } $parser->skip_spaces; my $after = Devel::Declare::get_linestr(); + if ($parser->get_symbols(5) ne 'catch' && $parser->get_symbols(7) ne 'finally'){ if ($Exception::SEH::parser_state != INITIAL){ print STDERR "End-of-try called in inapropriate parser state.\r\n Here we can't die normally - you won't get normal parse error.\r\n";

Wed Sep 02 11:53:02 2009 alan [...] ferrency.com - Correspondence added

CC:	FERRENCY [...] cpan.org
Subject:	Re: [rt.cpan.org #49029] Perl dumps core in reaction to certain syntax errors
Date:	Wed, 2 Sep 2009 11:52:39 -0400 (EDT)
To:	Sergey Aleynikov via RT <bug-Exception-SEH [...] rt.cpan.org>
From:	alan [...] ferrency.com

Hello, I'm sorry I didn't get to testing this yet, I hope to before the end of the week. Thanks for the patch! Alan On Sun, 30 Aug 2009, Sergey Aleynikov via RT wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=49029 > > > Formatting is broken in message, so i attach patch as file. >

Fri Sep 04 12:21:46 2009 FERRENCY [...] cpan.org - Correspondence added

Subject:	Re: [rt.cpan.org #49029] Perl dumps core in reaction to certain syntax errors
Date:	Fri, 4 Sep 2009 12:21:20 -0400 (EDT)
To:	Sergey Aleynikov via RT <bug-Exception-SEH [...] rt.cpan.org>
From:	ferrency [...] cpan.org

Show quoted text

> Formatting is broken in message, so i attach patch as file.

Hello, I applied the patch to Exception::SEH on the server we had a problem on previously. My minimal failing test case now works, when the patch is applied. However, my "real" code (with the same syntax error injected) still causes a seg fault with no error information printed out. It seems that my minimal failing case found a different seg fault than the real code. I will try to construct a new minimal failing case. In the mean time, I have a core and "bt", but I don't expect it to be particularly useful without debugging symbols. Thanks, Alan

Fri Sep 04 13:01:05 2009 FERRENCY [...] cpan.org - Correspondence added

Subject:	Re: [rt.cpan.org #49029] Perl dumps core in reaction to certain syntax errors
Date:	Fri, 4 Sep 2009 13:00:40 -0400 (EDT)
To:	Sergey Aleynikov via RT <bug-Exception-SEH [...] rt.cpan.org>
From:	FERRENCY [...] cpan.org

Hello. I have constructed another minimal failing test case, and unfortunately it's even more contrived and convoluted than the previous one. Like the previous one, it fails on our 5.8.9 machine, by producing a core dump. Unlike the previous one, it doesn't print a syntax error message prior to dumping core. It also fails with the patch you suggested I try. The second minimum failing test case: ------ use Exception::SEH; use strict; sub { my $thing = something(); return do_something(@_); try { if (1) { } else { [ } ]; } } } ------ Some points: - It doesn't fail if you just "my $thing" without assigning it a non-trivial value - It doesn't fail if you return a function call that doesn't use @_ - It doesn't fail if you return @_ without a function call - It still requires the unmatched curly nested in the else block It seems likely related to your return munging, considering it requires the "return" in order to fail. The backtrace: #0 0x0808bb87 in Perl_pad_free () #1 0x0807f4f1 in Perl_op_clear () #2 0x0807f2fd in Perl_op_free () #3 0x0807f2c0 in Perl_op_free () #4 0x0807f2c0 in Perl_op_free () #5 0x0808609f in Perl_newATTRSUB () #6 0x08086ef5 in Perl_newANONATTRSUB () #7 0x0807e446 in Perl_yyparse () #8 0x0805ffcf in S_parse_body () #9 0x0805f3e0 in perl_parse () #10 0x0805d685 in main () Thanks! I hope this helps. Alan Ferrency

Sat Sep 05 07:51:20 2009 RANDIR [...] cpan.org - Correspondence added

I've reproduced coredump on 5.8.8 with debug symbols (again, usemymalloc=y is ok). It seems unrelated to return hook - passing '-noret' still produces core. I'll think more about it.

Sat Nov 14 05:54:13 2009 RANDIR [...] cpan.org - Correspondence added

In case you're still interested. I've just uploaded v0.02 to CPAN, that has a completly rewritten parser. This has 2 effects: 1. many-switches code should work faster 2. no coredumps should happen during parsing, as parser produces much simplier code 3. but parser errors are now followed by some perl message If you find any regressions - report them, i'll fix asap.

Sat Nov 14 05:54:14 2009 RANDIR [...] cpan.org - Status changed from 'open' to 'patched'

Wed Nov 18 05:52:25 2009 RANDIR [...] cpan.org - Status changed from 'patched' to 'resolved'