Pseudo-fork dups arg array on argless calls

RT #121721. A subroutine call like &foo; pushes a SUB context with the savearray field unassigned, and with CxHASARGS() false. Most of the core knows not to use this field without CxHASARGS() being true: except for Perl_cx_dup(), which was still trying to dup it. This could lead to SEGVs on a fresh CX stack, or possibly duping some other sub's @_ on a reused stack entry. The fix is simple; don't dup this field unless CxHASARGS() is set. Note that a similar test is already in place for the argarray field.
author: David Mitchell <davem@iabyn.com> 2014-04-28 11:50:20 +0100
committer: David Mitchell <davem@iabyn.com> 2014-04-28 12:06:37 +0100
commit: 96258673547f51dc588c290d9c8ff3d9b2b93397 (patch)
tree: ce3e5c5a459be0330256e9d4a14c48597b28e611 /sv.c
parent: ff0f0afd310f2278d5aafe2eb57ebeb0fda278b2 (diff)
download: perl-96258673547f51dc588c290d9c8ff3d9b2b93397.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/sv.c b/sv.c
index 087606b81a..85f91f1d42 100644
--- a/sv.c
+++ b/sv.c
@@ -12778,8 +12778,10 @@ Perl_cx_dup(pTHX_ PERL_CONTEXT *cxs, I32 ix, I32 max, CLONE_PARAMS* param)
 					   ? av_dup_inc(ncx->blk_sub.argarray,
 							param)
 					   : NULL);
-		ncx->blk_sub.savearray	= av_dup_inc(ncx->blk_sub.savearray,
-						     param);
+		ncx->blk_sub.savearray	=  (CxHASARGS(ncx)
+                                            ? av_dup_inc(ncx->blk_sub.savearray,
+						     param)
+					   : NULL);
 		ncx->blk_sub.oldcomppad = (PAD*)ptr_table_fetch(PL_ptr_table,
 					   ncx->blk_sub.oldcomppad);
 		break;
author	David Mitchell <davem@iabyn.com>	2014-04-28 11:50:20 +0100
committer	David Mitchell <davem@iabyn.com>	2014-04-28 12:06:37 +0100
commit	96258673547f51dc588c290d9c8ff3d9b2b93397 (patch)
tree	ce3e5c5a459be0330256e9d4a14c48597b28e611 /sv.c
parent	ff0f0afd310f2278d5aafe2eb57ebeb0fda278b2 (diff)
download	perl-96258673547f51dc588c290d9c8ff3d9b2b93397.tar.gz