Site Navigation

Date:      Tue, 11 Jan 2005 21:01:51 GMT
From:      Jonas Nagel <fireball@zerouptime.ch>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/76120: [perl] coredump in perl 5.8.5 in malloc()-call from Perl_pp_split()
Message-ID:  <200501112101.j0BL1pZ8072388@www.freebsd.org>
Resent-Message-ID: <200501112110.j0BLACoW089715@freefall.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         76120
>Category:       ports
>Synopsis:       [perl] coredump in perl 5.8.5 in malloc()-call from Perl_pp_split()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 11 21:10:12 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Jonas Nagel
>Release:        FreeBSD-5.3-p2
>Organization:
-
>Environment:
reeBSD hirtnb04.hirtdom.local 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #3: 
Tue Dec 14 02:06:15 CET 2004   
root@hirtnb04.hirtdom.local:/usr/obj/usr/src/sys/HIRTNB04  i386
>Description:
Below is my PERL sub which causes the coredump (with debug outputs):

sub pkt_btoh {
	my @pkt = ();

warn("debug1!\n");
	my $tmp = unpack("H*",shift);
warn("debug2! $tmp\n");
	£'
warn("debug3!\n");
	my $rng = (scalar(@tmp)/2);

	for (my $i = 0; $i < $rng; $i++) {
		my $hex1 = shift(@tmp);
		my $hex2 = shift(@tmp);
		print $hex1 . $hex2 ."\n";
		$pkt[$i] = shift(@tmp) . shift(@tmp);
	}
	
#	$ret = join(":",@pkt);
	
	return @pkt;
}

And here's the evaluation of the issue:

root@hirtnb04:/home/fireball/perl/projekt/src# ./arpsentry-proto.pl acx0
Network is: 192.168.0.0, Mask is 255.255.255.0
debug1!
debug2! ffffffffffff0080c8ad7aec080600010800060400010080c8ad7aecc0a80067000000000000c0a8000a
Segmentation fault (core dumped)
root@hirtnb04:/home/fireball/perl/projekt/src# gdb perl perl.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `perl'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
Reading symbols from /lib/libm.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.2
Reading symbols from /lib/libcrypt.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.2
Reading symbols from /lib/libutil.so.4...(no debugging symbols found)...done.
Loaded symbols for /lib/libutil.so.4
Reading symbols from /lib/libc.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.5
Reading symbols from /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so
Reading symbols from /usr/lib/libpcap.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpcap.so.3
Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x2809b328 in Perl_malloc () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
(gdb) bt
#0  0x2809b328 in Perl_malloc () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#1  0x280f1d53 in Perl_sv_grow () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#2  0x280f6a02 in Perl_newSV () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#3  0x2810d623 in Perl_pp_split () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#4  0x280e811d in Perl_runops_standard () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#5  0x28097443 in S_call_body () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#6  0x28096f7a in Perl_call_sv () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#7  0x2828bbea in callback_wrapper () from /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so
#8  0x282a1d37 in pcap_lookupnet () from /usr/lib/libpcap.so.3
#9  0x282a2adb in pcap_loop () from /usr/lib/libpcap.so.3
#10 0x2828c6c1 in XS_Net__Pcap_loop () from /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Pcap/Pcap.so
#11 0x280ef570 in Perl_pp_entersub () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#12 0x280e811d in Perl_runops_standard () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#13 0x28096a8a in S_run_body () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#14 0x28096715 in perl_run () from /usr/local/lib/perl5/5.8.5/mach/CORE/libperl.so
#15 0x08048fc8 in main ()
(gdb)
>How-To-Repeat:
Well one should think the problem should be reproducable by
$ perl -e 'my @tmp = split(//,"ffffffffffff0080c8ad7aec080600010800060400010080c8ad7aecc0a80067000000000000c0a8000a");'

or at least by
$ perl -e 'my @tmp = split(//,(99999 x "f"));'

- but it isn't.

If anybody has an Idea why my func crashes - I'm happy to help if I can.
Maybe it has anything to do with the binary string I unpack to hex in 
the line before...some whitespace, which I can't see in the debug 
output?
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501112101.j0BL1pZ8072388>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact