Skip Menu |

This queue is for tickets about the List-MoreUtils CPAN distribution.

Report information
The Basics
Id: 77874
Status: resolved
Priority: 0/
Queue: List-MoreUtils
People
Owner: Nobody in particular
Requestors: RURBAN [...] cpan.org
Cc: DOY [...] cpan.org
ether [...] cpan.org
perl5-porters [...] perl.org
AdminCc:
Bug Information
Severity: Critical
Broken in: 0.33
Fixed in: (no value)

History Show all quoted text
  Sun Jun 17 20:33:52 2012 RURBAN [...] cpan.org - Ticket created
CC: perl5-porters [...] perl-org, doy [...] cpan.org
Subject: heap-use-after-free in List::MoreUtils::all in Moose testsuite
clang -faddress-sanitizer detected a premature free in the Moose testsuite. Tested with latest blead, non-threaded and latest Moose and List::MoreUtils. I suggest for you to reproduce it with normal cc and break with gdb at line 273 and look at the refcnt of cx->blk_sub. Or use valgrind. Or set MALLOC_PERTUBE_ as described in http://udrepper.livejournal.com/11429.html I have no idea yet how Moose plays with the context, resp. how this affected by multicall. $ pb t/metaclasses/metarole_w_metaclass_pm.t 2> list-moreutils.log $ asan_addr2dis list-moreutils.log ==6918== ERROR: AddressSanitizer heap-use-after-free on address 0x7fc17bc360c0 at pc 0x7fc17983bc29 bp 0x7fff425d28d0 sp 0x7fff425d28c8 READ of size 4 at 0x7fc17bc360c0 thread T0 #0 000000000001dc29 <XS_List__MoreUtils_all+0xb0c9>: for(i = 1 ; i < items ; i++) { GvSV(PL_defgv) = args[i]; MULTICALL; if (!SvTRUE(*PL_stack_sp)) { 273 POP_MULTICALL; 1dc29: 48 8b bc 24 00 11 00 mov 0x1100(%rsp),%rdi #1 Perl_pp_entersub+0xe968 #2 Perl_runops_debug+0x2d7 #3 S_run_body+0x10ef #4 perl_run+0x904 #5 main+0x418 #6 __libc_start_main+0xed 0x7fc17bc360c0 is located 64 bytes inside of 1920-byte region [0x7fc17bc36080,0x7fc17bc36800) freed by thread T0 here: previously allocated by thread T0 here: ==6918== ABORTING Stats: 23M malloced (68M for red zones) by 304711 calls Stats: 2M realloced by 19439 calls Stats: 12M freed by 166513 calls Stats: 0M really freed by 0 calls Stats: 120M (30728 full pages) mmaped in 30 calls mmaps by size class: 8:311277; 9:8191; 10:4095; 11:2047; 12:1024; 13:1536; 14:256; 15:128; 16:64; 17:32; mallocs by size class: 8:297934; 9:3195; 10:1231; 11:488; 12:382; 13:1280; 14:193; 15:3; 16:3; 17:2; frees by size class: 8:162535; 9:1845; 10:875; 11:408; 12:222; 13:432; 14:191; 15:3; 16:2; rfrees by size class: Stats: malloc large: 2 small slow: 733 Shadow byte and word: 0x1ff82f786c18: fd 0x1ff82f786c18: fd fd fd fd fd fd fd fd More shadow bytes: 0x1ff82f786bf8: fa fa fa fa fa fa fa fa 0x1ff82f786c00: fa fa fa fa fa fa fa fa 0x1ff82f786c08: fa fa fa fa fa fa fa fa 0x1ff82f786c10: fd fd fd fd fd fd fd fd =>0x1ff82f786c18: fd fd fd fd fd fd fd fd 0x1ff82f786c20: fd fd fd fd fd fd fd fd 0x1ff82f786c28: fd fd fd fd fd fd fd fd 0x1ff82f786c30: fd fd fd fd fd fd fd fd 0x1ff82f786c38: fd fd fd fd fd fd fd fd #define POP_MULTICALL STMT_START { if (! ((CvDEPTH(multicall_cv) = cx->blk_sub.olddepth)) ) { LEAVESUB(multicall_cv); } $ MALLOC_PERTUBE_=1 valgrind /usr/local/bin/perl5.17.0d-nt@40aae1c - Mblib t/metaclasses/metarole_w_metaclass_pm.t ==8090== Memcheck, a memory error detector ==8090== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==8090== Using Valgrind-3.6.1-Debian and LibVEX; rerun with -h for copyright info ==8090== Command: /usr/local/bin/perl5.17.0d-nt@40aae1c -Mblib t/metaclasses/metarole_w_metaclass_pm.t ==8090== ==8090== Invalid read of size 4 ==8090== at 0x6B8C1A2: XS_List__MoreUtils_all (MoreUtils.xs:273) ==8090== by 0x581F71: Perl_pp_entersub (pp_hot.c:2767) ==8090== by 0x51D46F: Perl_runops_debug (dump.c:2130) ==8090== by 0x452193: S_run_body (perl.c:2412) ==8090== by 0x45151B: perl_run (perl.c:2330) ==8090== by 0x41E413: main (perlmain.c:120) ==8090== Address 0x5b27720 is 64 bytes inside a block of size 1,920 free'd ==8090== at 0x4C29097: realloc (vg_replace_malloc.c:525) ==8090== by 0x51DE93: Perl_safesysrealloc (util.c:194) ==8090== by 0x605910: Perl_cxinc (scope.c:80) ==8090== by 0x5810A5: Perl_pp_entersub (pp_hot.c:2678) ==8090== by 0x51D46F: Perl_runops_debug (dump.c:2130) ==8090== by 0x6B8BE7A: XS_List__MoreUtils_all (MoreUtils.xs:271) ==8090== by 0x581F71: Perl_pp_entersub (pp_hot.c:2767) ==8090== by 0x51D46F: Perl_runops_debug (dump.c:2130) ==8090== by 0x452193: S_run_body (perl.c:2412) ==8090== by 0x45151B: perl_run (perl.c:2330) ==8090== by 0x41E413: main (perlmain.c:120) ==8090== ok 1 - apply Role::Foo to My::Class->meta() -- Reini Urban
  Mon Jun 18 22:21:04 2012 ANDK [...] cpan.org - Correspondence added
RT-Send-CC: doy [...] cpan.org
@Reini: cpan-questions@bestpractical.com told me that CC on create is currently not supported, so your CC did not reach p5p or DOY. They plan to fix that in the next major version. I add a CC to Jesse for now because I'm not sure it is a p5p issue while I'm quite sure that Jesse will know whether it is;) Greetings,
  Mon Jun 18 22:21:06 2012 The RT System itself - Status changed from 'new' to 'open'
  Mon Jun 18 22:55:21 2012 DOY [...] cpan.org - Correspondence added
CC: RURBAN [...] cpan.org, perl5-porters [...] perl-org.cpan.rt.develooper.com
Subject: Re: [rt.cpan.org #77874] heap-use-after-free in List::MoreUtils::all in Moose testsuite
Date: Mon, 18 Jun 2012 21:55:12 -0500
To: Andreas Koenig via RT <bug-List-MoreUtils [...] rt.cpan.org>
From: Jesse Luehrs <DOY [...] cpan.org>
On Mon, Jun 18, 2012 at 10:21:06PM -0400, Andreas Koenig via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=77874 > > > @Reini: cpan-questions@bestpractical.com told me that CC on create is > currently not supported, so your CC did not reach p5p or DOY. They plan > to fix that in the next major version. > > I add a CC to Jesse for now because I'm not sure it is a p5p issue while > I'm quite sure that Jesse will know whether it is;)
I saw the cpantesters failure that was reported to Moose for this issue, but haven't had time to look into it in any detail yet (and probably won't until this weekend at the earliest). If somebody else wants to check it out first, that would be helpful (it's not even clear from the report which use of any in Moose this is referring to). -doy
  Tue Jun 19 00:47:40 2012 rurban [...] x-ray.at - Correspondence added
CC: Andreas Koenig via RT <bug-List-MoreUtils [...] rt.cpan.org>, perl5-porters [...] perl.org
Subject: Re: [rt.cpan.org #77874] heap-use-after-free in List::MoreUtils::all in Moose testsuite
Date: Mon, 18 Jun 2012 23:47:30 -0500
To: Jesse Luehrs <DOY [...] cpan.org>
From: Reini Urban <rurban [...] x-ray.at>
On Mon, Jun 18, 2012 at 9:55 PM, Jesse Luehrs <DOY@cpan.org> wrote: Show quoted text
> On Mon, Jun 18, 2012 at 10:21:06PM -0400, Andreas Koenig via RT wrote:
>> <URL: https://rt.cpan.org/Ticket/Display.html?id=77874 > >> >> @Reini: cpan-questions@bestpractical.com told me that CC on create is >> currently not supported, so your CC did not reach p5p or DOY. They plan >> to fix that in the next major version. >> >> I add a CC to Jesse for now because I'm not sure it is a p5p issue while >> I'm quite sure that Jesse will know whether it is;)
> > I saw the cpantesters failure that was reported to Moose for this issue, > but haven't had time to look into it in any detail yet (and probably > won't until this weekend at the earliest). If somebody else wants to > check it out first, that would be helpful (it's not even clear from the > report which use of any in Moose this is referring to).
I'm also not familiar with Moose internals unfortunately. It's quite tricky for me to debug into this. It happens before any test output, so I assume it's in some MetaRole importer. valgrind catches it, so it should be easy to repro though. -- Reini Urban http://cpanel.net/   http://www.perl-compiler.org/
  Tue Nov 13 13:41:39 2012 ether [...] cpan.org - Correspondence added
RT-Send-CC: doy [...] cpan.org, rurban [...] x-ray.at
https://rt.perl.org/rt3//Public/Bug/Display.html?id=115602 suggests that there is a fix in blead.
  Tue Nov 13 13:41:54 2012 ether [...] cpan.org - Cc ETHER added
  Tue Nov 13 15:37:22 2012 RURBAN [...] cpan.org - Correspondence added
RT-Send-CC: perl5-porters [...] perl-org
On Tue Nov 13 13:41:39 2012, ETHER wrote: Show quoted text
> > > https://rt.perl.org/rt3//Public/Bug/Display.html?id=115602 suggests
that Show quoted text
> there is a fix in blead.
Fixed in RURBAN/List-MoreUtils-0.33_005.tar.gz Also at git://github.com/rurban/List-MoreUtils.git -- Reini Urban
  Tue Nov 13 15:37:27 2012 RURBAN [...] cpan.org - Status changed from 'open' to 'patched'
  Wed Nov 14 12:50:19 2012 root [...] localhost - Cc p5p added
  Wed Nov 14 12:50:20 2012 root [...] localhost - Cc perl5-porters@perl-org deleted
  Thu Mar 20 03:12:20 2014 REHSACK [...] cpan.org - Correspondence added
Is there a simple test which I can add to the test-suite to prove whether this one is really gone or has been re-introduced during 4-way merge?
  Sat Feb 14 09:11:28 2015 REHSACK [...] cpan.org - Correspondence added
The problem seems to be gone or the cause has been removed. Feel free to re-open when the problem can reproduced.
  Sat Feb 14 09:11:30 2015 REHSACK [...] cpan.org - Status changed from 'patched' to 'resolved'