tag 498769 patch fixed-upstream
severity 498769 important
forwarded 498769 http://rt.perl.org/rt3/Public/Bug/Display.html?id=54758
thanks
On Fri, Sep 12, 2008 at 10:57:17PM -0500, Phil Doroff wrote:
> Package: perl
> Version: 5.10.0-13
> Severity: normal
>
> Upon upgrade to Lenny from Etch, one of our applications started segfaulting.
> Upon further review, we've narrowed it down to the following snippet of
> example code:
>
> #!/usr/bin/perl -w
>
> use strict;
>
> my @x;
> $#x = 500;
> $x[1] = 1;
> @x = sort @x;
Thanks for the report. This is [rt.perl.org #54758], fixed upstream with
the attached patch.
Perl crashes have classically been considered 'important', and this is a
regression from 5.8, so raising the severity.
--
Niko Tyni [EMAIL PROTECTED]
>From 3cbb0b3bee709b9b2088bdeb9fcb3386b405e2b5 Mon Sep 17 00:00:00 2001
From: Dave Mitchell <[EMAIL PROTECTED]>
Date: Tue, 27 May 2008 00:12:52 +0000
Subject: [PATCH] [perl #54758] Perl 5.10 memory corruption
When @a = sort @a is pessimised if @a has magic,
growing the stack requires various pointers to be reset in case
the stack gets reallocated.
p4raw-id: //depot/[EMAIL PROTECTED]
---
pp_sort.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/pp_sort.c b/pp_sort.c
index 9fe0dad..edfdadf 100644
--- a/pp_sort.c
+++ b/pp_sort.c
@@ -1557,11 +1557,12 @@ PP(pp_sort)
max = AvFILL(av) + 1;
if (SvMAGICAL(av)) {
MEXTEND(SP, max);
- p2 = SP;
for (i=0; i < max; i++) {
SV **svp = av_fetch(av, i, FALSE);
*SP++ = (svp) ? *svp : NULL;
}
+ SP--;
+ p1 = p2 = SP - (max-1);
}
else {
if (SvREADONLY(av))
@@ -1717,7 +1718,7 @@ PP(pp_sort)
SvREADONLY_off(av);
else if (av && !sorting_av) {
/* simulate pp_aassign of tied AV */
- SV** const base = ORIGMARK+1;
+ SV** const base = MARK+1;
for (i=0; i < max; i++) {
base[i] = newSVsv(base[i]);
}
--
1.5.6.5
