From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Jan 11 21:10:13 2005 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 186C616A4CE for ; Tue, 11 Jan 2005 21:10:13 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78FD443D54 for ; Tue, 11 Jan 2005 21:10:12 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0BLACX4089722 for ; Tue, 11 Jan 2005 21:10:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0BLACoW089715; Tue, 11 Jan 2005 21:10:12 GMT (envelope-from gnats) Resent-Date: Tue, 11 Jan 2005 21:10:12 GMT Resent-Message-Id: <200501112110.j0BLACoW089715@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jonas Nagel Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2E4116A4CE for ; Tue, 11 Jan 2005 21:01:51 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id B16B043D41 for ; Tue, 11 Jan 2005 21:01:51 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j0BL1p3I072389 for ; Tue, 11 Jan 2005 21:01:51 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j0BL1pZ8072388; Tue, 11 Jan 2005 21:01:51 GMT (envelope-from nobody) Message-Id: <200501112101.j0BL1pZ8072388@www.freebsd.org> Date: Tue, 11 Jan 2005 21:01:51 GMT From: Jonas Nagel To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: ports/76120: [perl] coredump in perl 5.8.5 in malloc()-call from Perl_pp_split() X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2005 21:10:13 -0000 >Number: 76120 >Category: ports >Synopsis: [perl] coredump in perl 5.8.5 in malloc()-call from Perl_pp_split() >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 11 21:10:12 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Jonas Nagel >Release: FreeBSD-5.3-p2 >Organization: - >Environment: reeBSD hirtnb04.hirtdom.local 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #3: Tue Dec 14 02:06:15 CET 2004 root@hirtnb04.hirtdom.local:/usr/obj/usr/src/sys/HIRTNB04 i386 >Description: Below is my PERL sub which causes the coredump (with debug outputs): sub pkt_btoh { my @pkt = (); warn("debug1!\n"); my $tmp = unpack("H*",shift); warn("debug2! $tmp\n"); £' warn("debug3!\n"); my $rng = (scalar(@tmp)/2); for (my $i = 0; $i < $rng; $i++) { my $hex1 = shift(@tmp); my $hex2 = shift(@tmp); print $hex1 . $hex2 ."\n"; $pkt[$i] = shift(@tmp) . shift(@tmp); } # $ret = join(":",@pkt); return @pkt; } And here's the evaluation of the issue: root@hirtnb04:/home/fireball/perl/projekt/src# ./arpsentry-proto.pl acx0 Network is: 192.168.0.0, Mask is 255.255.255.0 debug1! debug2! ffffffffffff0080c8ad7aec080600010800060400010080c8ad7aecc0a80067000000000000c0a8000a Segmentation fault (core dumped) root@hirtnb04:/home/fireball/perl/projekt/src# gdb perl perl.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)... Core was generated by `perl'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so Reading symbols from /lib/libm.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libm.so.2 Reading symbols from /lib/libcrypt.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.2 Reading symbols from /lib/libutil.so.4...(no debugging symbols found)...done. Loaded symbols for /lib/libutil.so.4 Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.5 Reading symbols from /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so Reading symbols from /usr/lib/libpcap.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libpcap.so.3 Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x2809b328 in Perl_malloc () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so (gdb) bt #0 0x2809b328 in Perl_malloc () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #1 0x280f1d53 in Perl_sv_grow () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #2 0x280f6a02 in Perl_newSV () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #3 0x2810d623 in Perl_pp_split () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #4 0x280e811d in Perl_runops_standard () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #5 0x28097443 in S_call_body () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #6 0x28096f7a in Perl_call_sv () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #7 0x2828bbea in callback_wrapper () from /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so #8 0x282a1d37 in pcap_lookupnet () from /usr/lib/libpcap.so.3 #9 0x282a2adb in pcap_loop () from /usr/lib/libpcap.so.3 #10 0x2828c6c1 in XS_Net__Pcap_loop () from /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so #11 0x280ef570 in Perl_pp_entersub () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #12 0x280e811d in Perl_runops_standard () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #13 0x28096a8a in S_run_body () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #14 0x28096715 in perl_run () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so #15 0x08048fc8 in main () (gdb) >How-To-Repeat: Well one should think the problem should be reproducable by $ perl -e 'my @tmp = split(//,"ffffffffffff0080c8ad7aec080600010800060400010080c8ad7aecc0a80067000000000000c0a8000a");' or at least by $ perl -e 'my @tmp = split(//,(99999 x "f"));' - but it isn't. If anybody has an Idea why my func crashes - I'm happy to help if I can. Maybe it has anything to do with the binary string I unpack to hex in the line before...some whitespace, which I can't see in the debug output? >Fix: >Release-Note: >Audit-Trail: >Unformatted: