| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The convention is that when the interpreter dies with an internal error, the
message starts "panic: ". Historically, many panic messages had been terse
fixed strings, which means that the out-of-range values that triggered the
panic are lost. Now we try to report these values, as such panics may not be
repeatable, and the original error message may be the only diagnostic we get
when we try to find the cause.
We can't report diagnostics when the panic message is generated by something
other than croak(), as we don't have *printf-style format strings. Don't
attempt to report values in panics related to *printf buffer overflows, as
attempting to format the values to strings may repeat or compound the
original error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this horrendous piece of code, the attempt to clone GvHV(PL_hintgv)
in save_hints dies because the NEXTKEY method cannot be found. But
that happens while GvHV(PL_hintgv) still points to the old value. So
the old hash gets freed in the new scope (when it unwinds due to the
error in trying to find NEXTKEY) and then gets freed in the outer
scope, too, resulting in the dreaded ‘Attempt to free unrefer-
enced scalar’.
package namespace::clean::_TieHintHash;
sub TIEHASH { bless[] }
sub STORE { $_[0][0]{$_[1]} = $_[2] }
sub FETCH { $_[0][0]{$_[1]} }
sub FIRSTKEY { my $a = scalar keys %{$_[0][0]}; each %{$_[0][0]} }
# Intentionally commented out:
# sub NEXTKEY { each %{$_[0][0]} }
package main;
BEGIN {
$^H{foo} = "bar"; # activate localisation magic
tie( %^H, 'namespace::clean::_TieHintHash' ); # sabotage %^H
$^H{foo} = "bar"; # create an element in the tied hash
}
{ ; } # clone the tied hint hash
The solution is to set GvHV(PL_hintgv) to NULL when copying it.
|
| |
|
|
|
|
|
|
| |
leave_scope() saves and restores PL_tainted upon entry and exit. This
means that any attempt to save this variable on the stack will fail, as
its unstacked value will overwrite the popped one.
To counteract this, we update our saved version with the popped value.
|
| |
|
|
|
| |
The magic-copying is skipped for GVs. This logic goes back to perl
5.000 (patch a0d0e21e). I think it has always been wrong.
|
| |
|
|
|
|
|
| |
If, during scope exit, a pad var is being cleared for reuse, it needs
to be hidden from magic methods that might reference it through weak
references. Otherwise they can end up modifying the var that will be
seen next time that scope is entered, by blessing it, etc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a lexical variable goes out of scope, as in
{
my %lexical_variable;
...
}
# no longer in scope here
it is supposed to disappear as far as Perl code can tell. That the
same SV is reused the next time that scope is entered is an implement-
ation detail.
The move of hashes’ back-references from magic into the HvAUX struc-
ture in 5.10 caused this implementation detail to leak through.
Normally, weak references to pad variables going out of scope are
killed off:
{
my $scalar;
weaken ($global_scalar = \$scalar);
}
# here $global_scalar is undef
When hashes’ back-references were moved, leave_scope was not updated
to account. (For non-hash variables, it’s the mg_free call that takes
care of it.) So in this case:
{
my %hash;
weaken ($global_scalar = \%hash);
}
$global_scalar would still reference a hash, but one marked PADSTALE.
Modifications to that hash through the reference would be visible the
next time the scope was entered.
|
| |
|
|
|
|
|
|
|
|
|
| |
SVs_PADSTALE is only meaningful with SVs_PADMY, while
SVs_PADTMP is only meaningful with !SVs_PADMY,
so let them share the same flag bit.
Note that this doesn't yet free a bit in SvFLAGS, as the two
bits are also used for SVpad_STATE, SVpad_TYPED.
(This is is follow-on to 62bb6514085e5eddc42b4fdaf3713ccdb7f1da85.)
|
| |
|
|
|
|
| |
$[ remains as a variable. It no longer has compile-time magic.
At runtime, it always reads as zero, accepts a write of zero, but dies
on writing any other value.
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise the GV can be freed before the scope-popping code can put
the old entry back in it:
$ perl -le 'local @{"x"}; delete $::{x}'
Bus error
$ perl -le 'local %{"x"}; delete $::{x}'
Bus error
|
| | |
|
| |
|
|
|
|
|
|
| |
and make GvCV() and GvGP() rvalue-only.
This it to allow a future commit to eliminate some backref magic between
GV and CVs, which will require complete control over assignment to the
gp_cv slot.
|
| | |
|
| |
|
|
|
|
|
| |
This reverts b9e00b79 except for the tests.
This extra checking and saving of the FAKE flag is no longer necessary
as of the previous commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has the side-effect of fixing these one-liners:
$ perl5.13.5 -le' my $glob = \*foo::ISA; delete $::{"foo::"}; *$glob = *a'
Bus error
$ perl5.13.5 -le' my $glob = \*foo::ISA; delete $::{"foo::"}; *$glob = []'
Bus error
$ perl5.13.6 -le'sub baz; my $glob = \*foo::bar; delete $::{"foo::"}; *$glob = *baz;'
Bus error
$ perl5.13.6 -le'sub foo::bar; my $glob = \*foo::bar; delete $::{"foo::"}; *$glob = *baz;'
Bus error
In the first two cases the crash was inadvertently fixed (isn’t it
nice when that happens?) in 5.13.6 (by 6f86b615fa7), but there was
still a fatal error:
Can't call mro_isa_changed_in() on anonymous symbol table at -e line 1.
Because sv_clear calls ->DESTROY, if an object’s stash has been
detached from the symbol table, mro_get_linear_isa can be called on a
hash with no HvENAME. So HvNAME is used as a fallback for those cases.
|
| |
|
|
|
| |
Add the facility for the save stack to free (decrement the refcount of)
a COPHH*.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Expose cop hint hashes as a type COPHH, with a cophh_* API which is a
macro layer over the refcounted_he_* API. The documentation for cophh_*
describes purely API-visible behaviour, whereas the refcounted_he_*
documentation describes the functions mainly in terms of the
implementation. Revise the cop_hints_* API, using the flags parameter
consistently and reimplementing in terms of cophh_*. Use the cophh_*
and cop_hints_* functions consistently where appropriate.
[Modified by the committer to update two calls to
Perl_refcounted_he_fetch recently added to newPMOP.]
|
| |
|
|
|
| |
0cbee0a449cc4e11 removed the call to mg_get(), and hence any possibility of
calling code with the side effect of changing PL_tainted.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix for [perl #21469]:
since the GP may be pulled from under us and freed, coredumps and strange
things can happen.
Fix this by storing a pointer to the GV in the loop block, rather than a
pointer to the GvSV slot. The ITHREADS variant already stores GV rather
than than &GvSV; extend this to non-threaded builds too.
Also, for both threaded and non-threaded, it used to push &GvSV on the
save stack. Fix this by introducing a new save type, SAVEt_GVSV.
This behaves similarly to SAVEt_SV, but without magic get/set.
This means that
for $package_var (...)
is now close in behaviour to
local $package_var = ...
(except for the magic bit).
|
| |
|
|
|
|
| |
This field is only used in non-threaded builds, and the comments imply
that this is because in non-threaded builds this value may be
modified. But nothing in core modifies it.
|
| | |
|
| |
|
|
|
| |
This reverts commit 395b8e2d02eadc9b0639534410c39c530bc8a33d.
The fencepost error is coming from inside the programmer!
|
| |
|
|
| |
(patch req by Nicholas)
|
| |
|
|
| |
This uses a new type, SAVEt_INT_SMALL.
|
| |
|
|
| |
This uses a new type, SAVEt_I32_SMALL.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This saves 1 slot on the save stack for each lexical encountered at run time.
|
| |
|
|
| |
This makes the other 26 (or 58) bits available for save data.
|
| |
|
|
|
|
|
|
|
|
|
| |
If a symbol table entry is undefined when a glob is assigned into it, it
gets a FAKE flag which makes it possible to be downgraded when non-glob
is subsequently assigned into it. It doesn't really matter, until we
decide to localize it -- it wouldn't be possible to restore its GP upon
context return if it changed type, therefore we must not do that.
This patch turns off FAKE flag when localizing a GV and restores it when
the context is left. A test case is included.
|
| |
|
|
|
|
|
|
|
| |
For the typical code this gives a 5% speedup, and removes the cost of "safe
signals". Tight looping code will show less gains, but should never be slower.
Subtle bugs might remain - there might be constructions that enter the runloop
(where signals used to be dispatched) but don't contain any PERL_ASYNC_CHECK()
calls themselves.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
bool b = (bool)some_int
doesn't necessarily do what you think. In some builds, bool is defined as
char, and that cast's behaviour is thus undefined. So this line in mg.c:
const bool was_temp = (bool)SvTEMP(sv);
was actually setting was_temp to false even when the SVs_TEMP flag was set.
Fix this by replacing all the (bool) casts with a new cBOOL() cast macro
that (hopefully) does the right thing.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[The original bug report concerned local($_) remained tied, but while
looking at it, Nicholas found some related code that popped up premature
free errors. This commit fixes the freeing issue rather than the issue of
the original bug report ]
Background:
local $a[0]
does, approximately:
svp = av_fetch(av);
SAVE(av,*svp);
sv = newSV();
*svp = sv;
This used to leak when av was tied, as the new sv only got embedded in
*svp, which for tied arrays is a temporary placeholder rather than
somewhere within AvARRAY. This leak was fixed in 2002 by adding the
following:
if (SvTIED_mg(sv, PERL_MAGIC_tiedelem))
sv_2mortal(sv);
which worked, except for the following:
sub f { local $_[0] }
f($_) for ($tied[0]);
Here, @_ is a real array not a tied one, yet its first element is a
PERL_MAGIC_tiedelem which trigged the test above. So the sv got
mortalised *and* stored in the array, so got freed twice. The fix is
to test the *array/hash* for tied-ness rather than the element.
|
| |
|
|
|
| |
In particular, distinguish between scope and context stack push/pops,
show depth of JUMPENV stack, and show STACKINFO push/pops
|
| |
|
|
| |
scope.c:96:8: warning: extra tokens at end of #endif directive
|
| |
|
|
| |
ENTER/LEAVE when debugging is enabled
|
| | |
|
| |
|
|
| |
save_hdelete() is just like save_delete() except that it takes an SV instead of char buffer.
|
| |
|
|
| |
When set, save_scalar_at() doesn't replace the given SV by a fresh new one. local magic is not called in this case.
|
| |
|
|
| |
It's the symmetric of save_helem_flags(). save_aelem() is now a macro wrapping around save_aelem_flags().
|
| | |
|
| |
|
|
|
| |
Andreas' smoker.
p4raw-id: //depot/perl@34987
|
| |
|
|
|
|
| |
can be freed immediately after it is used, as it is unrelated to
anything else. This folds SvREFCNT_dec()s on two code paths into one.
p4raw-id: //depot/perl@34973
|
| |
|
|
|
| |
Perl_save_hints().
p4raw-id: //depot/perl@34970
|
| |
|
| |
p4raw-id: //depot/perl@34968
|
