diff options
author | Father Chrysostomos <sprout@cpan.org> | 2011-02-25 22:31:02 -0800 |
---|---|---|
committer | Father Chrysostomos <sprout@cpan.org> | 2011-02-26 06:35:16 -0800 |
commit | 8f878375c44ca8966a9b6ee166fd9d10f631a68b (patch) | |
tree | b6c279afb250d6449455bf52629a9c34bb376790 /pp_hot.c | |
parent | 08973043bcacf380545b7ccd9b9d87c39b56b75e (diff) | |
download | perl-8f878375c44ca8966a9b6ee166fd9d10f631a68b.tar.gz |
Stop aelemfast from crashing on GVs with null AVs
As reported at nntp://nntp.perl.org/1298599236.4753.72.camel@p100 (and
respaced for readability):
#!perl5.12.0
$r=q/
print __FILE__;
local *dbline = $main::{"_<".__FILE__};
print $dbline[0]
/;
eval $r;'
__END__
(eval 1)
Bus error
This only seems to happen in non-threaded perls.
It can be reduced to this:
*d = *a; print $d[0];
The $d[0] is optimised into an aelemfast op (instead of the usual aelem
with an rv2av kid). pp_aelemfast is at fault, as evidenced by the fact
that this does not crash (the ${\...} prevents the optimisation):
*d = *a; print $d[${\0}];
pp_aelemfast uses GvAV instead of GvAVn. Usually $d[0] will autovivify
@d, but the glob assignment leaves $d[0] pointing to a glob (*d) with
no array. Then pp_alemfast passes a null pointer around.
Diffstat (limited to 'pp_hot.c')
-rw-r--r-- | pp_hot.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -665,7 +665,7 @@ PP(pp_aelemfast) { dVAR; dSP; AV * const av = PL_op->op_flags & OPf_SPECIAL - ? MUTABLE_AV(PAD_SV(PL_op->op_targ)) : GvAV(cGVOP_gv); + ? MUTABLE_AV(PAD_SV(PL_op->op_targ)) : GvAVn(cGVOP_gv); const U32 lval = PL_op->op_flags & OPf_MOD; SV** const svp = av_fetch(av, PL_op->op_private, lval); SV *sv = (svp ? *svp : &PL_sv_undef); |