Fix bad read in pad.c:cv_undef

When freeing a sub, we can’t assume an entry named "&" contains a CV. It may instead be a weak reference to a format or named sub, or undef if such a reference went stale, in which case we don’t want to mess with CvOUTSIDE pointers. This bug probably goes back to v5.17.1-213-ge09ac07, when weak refer- ences started being stored in "&" pad entries. It didn’t start trig- gering AddressSanitizer failures until it was extended to named subs, in v5.21.6-386-ga70f21d.
author: Father Chrysostomos <sprout@cpan.org> 2014-12-16 14:25:22 -0800
committer: Father Chrysostomos <sprout@cpan.org> 2014-12-17 12:28:33 -0800
commit: b03210bf6c5e855df4c222210f58bd60f6d331b8 (patch)
tree: 09a5fdc23bef384061d3817a9465f0c545b3e6c6 /pad.c
parent: fe60b4f6e4367b11d22c0327627cc6955086aee0 (diff)
download: perl-b03210bf6c5e855df4c222210f58bd60f6d331b8.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/pad.c b/pad.c
index 06e5c8cc62..55d4f4df9e 100644
--- a/pad.c
+++ b/pad.c
@@ -417,7 +417,9 @@ Perl_cv_undef_flags(pTHX_ CV *cv, U32 flags)
 			}
 
 			/* in use, not just a prototype */
-			if (inner_rc && (CvOUTSIDE(innercv) == cv)) {
+			if (inner_rc && SvTYPE(innercv) == SVt_PVCV
+			 && (CvOUTSIDE(innercv) == cv))
+			{
 			    assert(CvWEAKOUTSIDE(innercv));
 			    /* don't relink to grandfather if he's being freed */
 			    if (outercv && SvREFCNT(outercv)) {
author	Father Chrysostomos <sprout@cpan.org>	2014-12-16 14:25:22 -0800
committer	Father Chrysostomos <sprout@cpan.org>	2014-12-17 12:28:33 -0800
commit	b03210bf6c5e855df4c222210f58bd60f6d331b8 (patch)
tree	09a5fdc23bef384061d3817a9465f0c545b3e6c6 /pad.c
parent	fe60b4f6e4367b11d22c0327627cc6955086aee0 (diff)
download	perl-b03210bf6c5e855df4c222210f58bd60f6d331b8.tar.gz