[perl #121362] overload optimisation added a SEGV

My recent commit 3d147ac29d12abdb to "speed up (non)overloaded derefs" introduced a potential SEGV. In Perl_Gv_AMupdate(), the 'aux' variable is set to HvAUX(hv). My patch used the value of the variable later on in the function, but it turns out that by then, S_hsplit() may have been called, and thus HvARRAY (and HvAUX()) may have been reallocated. Issue first spotted by Andreas' awesome BBC service, and diagnosed by Nicholas Clark.
author: David Mitchell <davem@iabyn.com> 2014-03-04 19:03:02 +0000
committer: David Mitchell <davem@iabyn.com> 2014-03-04 19:09:30 +0000
commit: 45479970582e5de29004c3c1ae1e0a4274843567 (patch)
tree: 34e84abac49ccba0b756c2919dd06742ef3b187c /gv.c
parent: 04775fa2c5928f43179fdef4a100c540f11d2093 (diff)
download: perl-45479970582e5de29004c3c1ae1e0a4274843567.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/gv.c b/gv.c
index c1b1639d8a..ec052845b9 100644
--- a/gv.c
+++ b/gv.c
@@ -2612,8 +2612,10 @@ Perl_Gv_AMupdate(pTHX_ HV *stash, bool destructing)
         }
     }
     if (!deref_seen)
-        /* none of @{} etc overloaded; we can do $obj->[N] quicker */
-        aux->xhv_aux_flags |= HvAUXf_NO_DEREF;
+        /* none of @{} etc overloaded; we can do $obj->[N] quicker.
+         * NB - aux var invalid here, HvARRAY() could have been
+         * reallocated since it was assigned to */
+        HvAUX(stash)->xhv_aux_flags |= HvAUXf_NO_DEREF;
 
     if (filled) {
       AMT_AMAGIC_on(&amt);
author	David Mitchell <davem@iabyn.com>	2014-03-04 19:03:02 +0000
committer	David Mitchell <davem@iabyn.com>	2014-03-04 19:09:30 +0000
commit	45479970582e5de29004c3c1ae1e0a4274843567 (patch)
tree	34e84abac49ccba0b756c2919dd06742ef3b187c /gv.c
parent	04775fa2c5928f43179fdef4a100c540f11d2093 (diff)
download	perl-45479970582e5de29004c3c1ae1e0a4274843567.tar.gz