Skip Menu |

This queue is for tickets about the XML-LibXML CPAN distribution.

Report information
The Basics
Id: 94184
Status: open
Priority: 0/
Queue: XML-LibXML

People
Owner: Nobody in particular
Requestors: jeff [...] jefftrout.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: XML::LibXML objects unserialized by retrieve (from Storable) causes segfaults and other memory problems
Date: Tue, 25 Mar 2014 11:50:23 -0400
To: bug-XML-LibXML [...] rt.cpan.org
From: Jeff <jeff [...] jefftrout.com>
I’d sent a previous bug about an interaction with libxml2 (https://rt.cpan.org/Ticket/Display.html?id=94149) and after fixing that up I ran into another problem which may be more a bug for the Storable guys than you guys. So turns out some xml::libxml objects were getting serialized as part of my app (I’d previously removed other xml::libxml objects, I think because serialize would throw an error, an os upgrade seems to have upgraded perl and allowed it to serialize them (the orig code was written a while ago)). when the retrieve’d xml::libxml object is destroyed we run into memory errors, usually for me, being a segfault due to accessing invalid memory. If you think this is more a storable bug I’ll file with them. here’s a small script to induce it: #/usr/bin/perl # use strict; use XML::LibXML; use Storable qw(store retrieve); use Data::Dumper; if($ARGV[0] eq "1") { my $test = new XML::LibXML::Text("tacos"); store($test, "store.data"); print "Now rerun brokeserialize.pl 2\n"; exit; } else { my $test = retrieve("store.data"); print Dumper($test); # this will either work fine (luck) or segfault due to an invalid free. exit; } when run: jeff@debian:~$ perl brokeserialize.pl 1 Now rerun brokeserialize.pl 2 jeff@debian:~$ valgrind perl brokeserialize.pl 2 ==25892== Memcheck, a memory error detector ==25892== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==25892== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==25892== Command: perl brokeserialize.pl 2 ==25892== $VAR1 = bless( do{\(my $o = 9999632)}, 'XML::LibXML::Text' ); ==25892== Invalid read of size 4 ==25892== at 0x6C7988F: PmmREFCNT_dec (perl-libxml-mm.c:440) ==25892== by 0x6C5DB3E: XS_XML__LibXML__Node_DESTROY (LibXML.xs:4147) ==25892== by 0x4EE764B: Perl_pp_entersub (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E7AAD0: Perl_call_sv (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4EEDB18: Perl_sv_clear (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4EEE1D1: Perl_sv_free2 (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4F15C2E: Perl_leave_scope (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E79CA4: ??? (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E79B50: Perl_my_exit (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4F21DE3: Perl_pp_exit (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4EDEC25: Perl_runops_standard (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E80754: perl_run (in /usr/lib/libperl.so.5.14.2) ==25892== Address 0x989520 is not stack'd, malloc'd or (recently) free'd ==25892== ==25892== ==25892== Process terminating with default action of signal 11 (SIGSEGV) ==25892== Access not within mapped region at address 0x989520 ==25892== at 0x6C7988F: PmmREFCNT_dec (perl-libxml-mm.c:440) ==25892== by 0x6C5DB3E: XS_XML__LibXML__Node_DESTROY (LibXML.xs:4147) ==25892== by 0x4EE764B: Perl_pp_entersub (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E7AAD0: Perl_call_sv (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4EEDB18: Perl_sv_clear (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4EEE1D1: Perl_sv_free2 (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4F15C2E: Perl_leave_scope (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E79CA4: ??? (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E79B50: Perl_my_exit (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4F21DE3: Perl_pp_exit (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4EDEC25: Perl_runops_standard (in /usr/lib/libperl.so.5.14.2) ==25892== by 0x4E80754: perl_run (in /usr/lib/libperl.so.5.14.2) ==25892== If you believe this happened as a result of a stack ==25892== overflow in your program's main thread (unlikely but ==25892== possible), you can try to increase the size of the ==25892== main thread stack using the --main-stacksize= flag. ==25892== The main thread stack size used in this run was 8388608. ==25892== ==25892== HEAP SUMMARY: ==25892== in use at exit: 3,694,883 bytes in 50,883 blocks ==25892== total heap usage: 87,309 allocs, 36,426 frees, 6,134,040 bytes allocated ==25892== ==25892== LEAK SUMMARY: ==25892== definitely lost: 2,386 bytes in 53 blocks ==25892== indirectly lost: 2,218 bytes in 27 blocks ==25892== possibly lost: 0 bytes in 0 blocks ==25892== still reachable: 3,690,279 bytes in 50,803 blocks ==25892== suppressed: 0 bytes in 0 blocks ==25892== Rerun with --leak-check=full to see details of leaked memory ==25892== ==25892== For counts of detected and suppressed errors, rerun with: -v ==25892== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4) Segmentation fault -- Jeff Trout <jeff@jefftrout.com>
XML::LibXML objects contain raw C pointers and use their own memory management, so it's impossible for Storable to do the right thing. But Storable offers the STORABLE_freeze and STORABLE_thaw hooks that XML::LibXML could implement for its node types and possibly other objects. For the moment, I think it would be best to have a STORABLE_freeze hook that dies with an appropriate error message.
Hi Nick, On Wed Mar 26 11:52:26 2014, NWELLNHOF wrote: Show quoted text
> XML::LibXML objects contain raw C pointers and use their own memory > management, so it's impossible for Storable to do the right thing. But > Storable offers the STORABLE_freeze and STORABLE_thaw hooks that > XML::LibXML could implement for its node types and possibly other > objects. > > For the moment, I think it would be best to have a STORABLE_freeze > hook that dies with an appropriate error message.
yes, I figured that was the case. That put aside, there are other ways to serialise aside from Storable - like YAML, JSON, etc. - should we deal with potential serialisation of XML-LibXML objects of all of those? Regards, -- Shlomi Fish