| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Fixing minor encoding inconsistencies found by scan_mojibake utility
(https://metacpan.org/pod/distribution/Test-Mojibake/bin/scan_mojibake)
This patch is touching only comments/POD/__DATA__
|
| |
|
|
| |
These have different results on that platform.
|
| |
|
|
|
|
|
| |
but only if we are under miniperl and base has not been built yet.
I made a mistake in 19295df3 by omitting the ?. Thanks to Karl
Williamson for noticing it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OA_DANGEROUS indicates that temporary copies may need to be made in
list assignment, to handle things like:
($a, $b) = ($b, $a);
In other words, an op type is flagged with OA_DANGEROUS if its return
values could occur elsewhere on the stack.
tied returns the same scalar that the tied variables uses to hold a
reference to the object (so weaken(tied(...)) works). tie uses the
very scalar that TIESCALAR (or TIEWHATEVER) returns and attaches it to
the tied variable by magic. That returned scalar could be referenced
elsewhere. That means
($a, $b) = ($c, tied $d)
could have common vars on either side, if the tie constructor for $d
happened to return $a or $b. (Normally it would have to be an XSUB or
an lvalue sub for its return value not to have been copied.)
|
| |
|
|
|
| |
If things are broken enough that make_ext.pl cannot run, then mini-
test may run this script before base.pm is copied into lib/.
|
| |
|
|
|
|
|
|
|
|
|
| |
$tied[-1] = crash
This code in av.c, when trying to find $NEGATIVE_INDICES, was doing a
direct stash element lookup--instead of going through the normal GV
functions--and then expecting the returned value to be a GV.
‘sub NEGATIVE_INDICES’ creates a stash element that is a PV, not a GV,
so it’s easy to make things crash.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
defelem magic does not usually apply to tied arrays, but an array can
be tied after a defelem has been created and points to it. The code
for handling deferred elements was never updated for tied arrays when
those were added, so it still does AvFILL and AvARRAY.
AvFILL works on tied arrays, and calls FETCHSIZE. But AvARRAY
accesses the AV’s internal structure. So AvFILL might suggest that
the index is within the array, whereas it is actually past the end
of AvARRAY.
By tying the array after a deferred element with a high index has been
created and then extending the tied array (so AvFILL returns a big
number), we can make AvARRAY[big number] crash.
This script:
use Tie::Array;
sub {
tie @a, "Tie::StdArray";
$#a = 20000;
warn pre;
"$_[0]";
warn post
}->($a[10000]);
gives this output:
pre at -e line 5.
Segmentation fault: 11
For tied arrays, we need to use av_fetch, rather than AvARRAY.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is the only place where tied @_ does not work, and there appears
to be no reason why it shouldn’t, apart from the fact that it hasn’t
been implemented.
Commit 67955e0c was what made &xsub work to begin with. 93965878572
introduced tied arrays and added the comment to pp_entersub saying
that @_ is not tiable.
goto &xsub has worked since perl 5.000, but 93965878572 did not make
it work with tied arrays.
|
| |
|
|
|
|
| |
Read-only COWs are read-only and should not be treated as though they
were not. This logic is left over from when READONLY+FAKE meant
copy-on-write.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It no longer needs to worry about SvIsCOW. This logic is left over
from when READONLY+FAKE was used for COWs.
Since it is possible for COWs to be read-only now, this logic is actu-
ally faulty, as it doesn’t temporarily stop read-only COWs from being
read-only, as it does for other read-only values.
This actually causes discrepancies with scalar-tied locked hash keys,
which differ in readonliness when localised depending on whether the previous value used copy-on-write.
Whether such scalars should be read-only after localisation is open
to debate, but it should not differ based on the means of storing the
previous value.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It no longer needs to worry about SvIsCOW. This logic is left over
from when READONLY+FAKE was used for COWs.
Since it is possible for COWs to be read-only now, this logic is actu-
ally faulty, as it doesn’t temporarily stop read-only COWs from being
read-only, as it does for other read-only values.
This actually causes bugs with scalar-tied locked hash keys, which
croak on FETCH.
|
| |
|
|
| |
before aliasing them to elements of @_.
|
| |
|
|
|
| |
plus a regular (not to-do) test for an lvalue sub case that already
works properly.
|
| |
|
|
|
|
|
|
|
| |
When elements of @_ refer to nonexistent hash or array elements, then
the magic scalar in $_[0] delegates all set/get actions to the element
in represents, vivifying it if needed.
tie/tied/untie, however, were not delegating to the element, but were
tying the the magical ‘deferred element’ scalar itself.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assigning a vstring to a tied variable would result in a plain string
in $_[1] in STORE.
Assigning a vstring to a magic deferred element would result in a
plain string in the aggregate’s actual element.
When magic is invoked, the magic flags are temporarily turned off on
the sv so that recursive calls to magic don’t happen. This makes it
easier to implement functions like Perl_magic_set to read the value of
the sv without triggering get-magic.
Since vstrings are only considered vstrings when they are SvRMAGICAL,
this meant that set-magic would turn vstrings temporarily into plain
strings. Subsequent copying (e.g., in STORE) would then fail to copy
the vstring magic.
This commit changes mg_set to leave the rmagical flag on, since it
does not affect the functionaiity of set-magic.
|
| |
|
|
|
| |
The code for checking to see whether $NEGATIVE_INDICES is defined in
the tie package was very fragile, and was repeated four times.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was broken in 5.14.0 for those cases where $NEGATIVE_INDICES is
not true:
sub TIEARRAY{bless[]};
sub FETCHSIZE { 50 }
sub EXISTS { print "does $_[1] exist?\n" }
tie @a, "";
exists $a[1];
exists $a[-1];
$NEGATIVE_INDICES=1;
exists $a[-1];
$ pbpaste|perl5.12.0
does 1 exist?
does 49 exist?
does -1 exist?
$ pbpaste|perl5.14.0
does 1 exist?
does -1 exist?
This was broken by 54a4274e3c.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In restore_magic(), which is called after any magic processing, all of
the public OK flags have been shifted into the private OK flags. Thus
the lack of an appropriate public OK flags was used to trigger both get
magic and required conversions. This scheme did not cover ROK, however,
so all properly written code had to make sure mg_get was called the right
number of times anyway. Meanwhile the private OK flags gained a second
purpose of marking converted but non-authoritative values (e.g. the IV
conversion of an NV), and the inadequate flag shift mechanic broke this
in some cases.
This patch removes the shift mechanic for magic flags, thus exposing (and
fixing) some improper usage of magic SVs in which mg_get() was not called
correctly. It also has the side effect of making magic get functions
specifically set their SVs to undef if that is desired, as the new behavior
of empty get functions is to leave the value unchanged. This is a feature,
as now get magic that does not modify its value, e.g. tainting, does not
have to be special cased.
The changes to cpan/ here are only temporary, for development only, to
keep blead working until upstream applies them (or something like them).
Thanks to Rik and Father C for review input.
|
| | |
|
| | |
|
| |
|
|
|
| |
Since the test triggered another bug in freeing read-only
regexps, this commit fixes that too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After autovivification, perl should not assume that the value it has
assigned to a magical scalar is the one that would have been returned.
The result of this assumption is that any tie class that copies things
assigned to it will cause autovivification to assign to a temporary
aggregate without warning, in cases like this:
$tied{nonexistent}{foo} = 7;
The hash implicitly assigned to $tied{nonexistent} ends up being freed
after the =7 assignment.
This commit changes autovivification to do FETCH immediately after
doing STORE.
This required changing some recently-added tests in gmagic.t.
Without this change, you end up with horrific workarounds (using B.pm
to get the reference count), like the one in JE::Object (which I’m
pasting here, in case it has changed by the time you read this):
sub STORE {
my($self, $key, $val) = @_;
my $global = $self->global;
if(ref $val eq 'HASH' && !blessed $val
&& !%$val && svref_2object($val)->REFCNT == 2) {
$val = tie %$val, __PACKAGE__, __PACKAGE__->new(
$global);
} elsif (ref $val eq 'ARRAY' && !blessed $val && !@$val &&
svref_2object($val)->REFCNT == 2) {
require JE::Object::Array;
$val = tie @$val, 'JE::Object::Array',
JE::Object::Array->new($global);
}
$self->prop($key => $global->upgrade($val))
}
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This little snippet:
sub TIESCALAR{bless[]}
sub STORE{}
tie $^H{foo}, '';
$^H{foo} = 1;
delete $^H{foo};
dies with ‘Can't locate object method "DELETE"...’.
This bug was introduced for %^H by commit b3ca2e834c, but it is actu-
ally an older bug that already affected %ENV before that.
Clear-magic on a scalar is only called when it is an element of a mag-
ical aggregate.
For hashes, this clear-magic is called whenever the hash itself
is RMAGICAL.
Tied scalars and elements of tied aggregates use the same magic vta-
ble, under the assumption that mg_clear will never be called on a tied
scalar. That assumption is wrong.
Commit b3ca2e834c is the one that made %^H magical, which is why it
caused this problem for %^H.
The obvious solution, giving tied scalars their own vtable, is not as
simple as it sounds, because then tied scalars are no longer RMAGICAL,
and at least some of the tie code assumes that they are.
So the easiest fix is to skip the DELETE call in Perl_magic_clearpack
if the type of magic is PERL_MAGIC_tiedscalar.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that it is possible to trigger the av_reify warning:
./perl -Ilib -lwe '
sub TIEARRAY{bless[]}
sub {
tie @_, "";
\@_;
}->(1);
'
av_reify called on tied array at -e line 7.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This logic in sv_magic is wrong:
if (SvREADONLY(sv)) {
if (
/* its okay to attach magic to shared strings; the subsequent
* upgrade to PVMG will unshare the string */
!(SvFAKE(sv) && SvTYPE(sv) < SVt_PVMG)
&& IN_PERL_RUNTIME
&& !PERL_MAGIC_TYPE_READONLY_ACCEPTABLE(how)
)
{
Perl_croak_no_modify(aTHX);
}
}
There is nothing wrong with attaching magic to a shared string that
will stay shared. Also, shared strings are not always < SVt_PVMG.
Sometimes a PVMG or PVLV can end up with a shared string. In those
cases, the logic above treats them as read-only, which they ain’t.
The easiest example is a downgraded typeglob:
$x = *foo; # now a PVGV
undef $x ; # downgraded to PVMG
$x = __PACKAGE__; # now a shared string (COW)
tie $x, "main"; # bang! $x is considered read-only
sub main::TIESCALAR{bless[]}
|
| |
|
|
|
| |
Now tied() returns the actual scalar used to hold the tie object,
so one can write weaken(tied $foo).
|
| |
|
|
|
| |
The magic-copying is skipped for GVs. This logic goes back to perl
5.000 (patch a0d0e21e). I think it has always been wrong.
|
| | |
|
| |
|
|
|
|
|
| |
If, during scope exit, a pad var is being cleared for reuse, it needs
to be hidden from magic methods that might reference it through weak
references. Otherwise they can end up modifying the var that will be
seen next time that scope is entered, by blessing it, etc.
|
| |
|
|
|
|
|
|
| |
This is a follow-up to ff55a0191f1, but this bug has probably existed
as long as ties.
\&$tied_scalar was ignoring get-magic on $tied if it happened to
hold a glob.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the tied variable holds a reference, but changes to something else
when FETCH is called, perl crashes, as of commit 9d0f7ed75
(5.10.1/5.12.0):
sub ::72 { 73 };
sub TIESCALAR {bless[]}
sub STORE{}
sub FETCH { 72 }
tie my $x, "main";
$x = \$y;
\&$x;
That’s because commit 7a5fd60d4 caused double magic for one branch of
an if/else chain in sv_2cv (by using gv_fetchsv), so commit 9d0f7ed75
removed the SvGETMAGIC preceding the if/else, putting it inside each
branch. That meant that the type would be checked before get-magic
was called. So the type could change unexpectedly.
Due to another bug, this did not affect globs returned from tied array
elements, which got stringified, and hence worked in sv_2cv. But that
bug was fixed in 5.14.0 by commit 13be902ce, which allowed typeglobs
to be returned unflattened through elements of tied aggregates, caus-
ing this to stop working (‘Not a CODE reference’ instead of 73):
sub ::72 { 73 };
sub TIEARRAY {bless[]}
sub STORE{}
sub FETCH { 72 }
tie my @x, "main";
my $elem = \$x[0];
$$elem = *bar;
print &{\&$$elem}, "\n";
This commit fixes both issues by putting the SvGETMAGIC call
back where it belongs, above the if/else chain, and by using
SvPV_nomg_const and gv_fetchpvn_flags instead of gv_fetchsv, to avoid
an extra magic call.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tied handle method calls, unlike other types of tie, don't push a new
stack. This means that a goto within a method to an outer scope
"succeeds", and pops back the context stack past the method call. When
control (at the C level) eventually passes back to the return from
call_method(), we've lost all our relevant stack contents (like all the
ENTERs), and corruption ensures.
The fix is to add PUSHSTACKi/POPSTACK.
The side effect of this is that attempts to goto out of a tied handle
method call now give "Can't find label" errors, like non-handle methods
already do.
|
| |
|
|
| |
This reverts commit 84b9ac853508aaff52254b6cf2b95a2a6783ff00.
|
| |
|
|
| |
This reverts commit 7850f4d6b732ab5f426cd3bcd9757c70a46cfda1.
|
| |
|
|
| |
This reverts commit b029825916bf29623e00b45fa4226fab0d52d217.
|
| |
|
|
|
| |
This reverts commit 7c7df8124bbdd7a0091f8ed82589548c8182f624,
except for the perldiag entry, which we still need for splain’s sake.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following program dumps core:
=============================================
#!/usr/bin/perl
use Scalar::Util qw(weaken);
sub TIEHASH {
return bless [];
}
sub DESTROY {
my ($tied) = @_;
my $b = $tied->[0];
}
my $a = {};
tie %$a, "main";
weaken((tied %$a)->[0] = $a);
# Done setting up the evil data structure
$a = undef;
=============================================
The problem here, as Ton Hospel correctly observed in the ticket, is
that the DESTROY method called when tie magic is freed sees the weak
reference still in existence pointing to an SV with a refcount of 0.
This worked in 5.8.x, because the back-references were killed
before the tie magic was freed. It was a matter of what order the
magic is stored, as demonstrated by this script, which crashes in
5.8.x as well:
=============================================
#!/usr/bin/perl
use Scalar::Util qw(weaken);
sub TIEHASH {
return $_[1];
}
sub DESTROY {
my ($tied) = @_;
my $b = $tied->[0];
}
my $a = {};
my $o = bless [];
weaken($o->[0] = $a);
tie %$a, "main", $o;
# Done setting up the evil data structure
$a = undef;
=============================================
In 5.10.0, with commit 86f5593, HVs stopped storing their back-refer-
ences in magic most of the time, and sv_clear started killing those
HV back-references after freeing magic; hence the change in order.
This commit solves the problem simply by freeing back-references
before magic. To take non-hash SVs (and undeffed hashes) into account,
it also frees backref magic before any other kind.
(This commit message started off as my own notes. But then it turned
into a history lesson. :-)
|
| |
|
|
|
|
|
| |
The addition of "OPTION random" to all fork.t's tests might be overkill, given
that run_multiple_progs() can specify "random" per test, but as the previous
code in fork.t always sorted before comparison, we are no *worse* off than we
were.
|
| |
|
|
|
|
|
| |
# New Ticket Created by (Peter J. Acklam)
# Please include the string: [perl #81916]
# in the subject line of all future correspondence about this issue.
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=81916 >
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a fix for RT #81230 (and more). Currently, mg_get() works around
the case where the called magic (e.g. FETCH) frees the magic SV. It does
this by unconditionally pushing the SV on the tmps stack before invoking
the method.
There are two issues with this. Firstly, it may artificially extend the
life of the SV. This was the root of the problem with #81230. There, the
DB_File code, under -T, created a tainted tied object. Accessing the
object (within FETCH as it happens), caused mg_get() to be invoked on the
object (due to the taint magic), and thus extend the life of the object.
This then caused c<untie %h if $h{k}> to give the warning
untie attempted while 1 inner references still exist.
This only became noticeable after efaf36747029c85b4d8825318cb4d485a0bb350e,
which stopped wrapping magic method calls in SAVETMPS/FREETMPS.
The second issue issue that this protection only applies to mg_get();
functions like mg_set() can still segfault if the SV is deleted.
This commit fixes both problems as follows:
First, the protection mechanism is moved out of mg_get() and into
save_magic() / restore_magic(), so that it protects more things.
Secondly, the protection is now:
* in save_magic(), SvREFCNT_inc() the SV, thus protecting it from being
freed during FETCH (or whatever)
* in restore_magic(), SvREFCNT_dec() the SV, undoing the protection
without extending the life of the SV, *except* if the refcount is
1 (ie FETCH tried to free it), then push it on the mortals stack
to extend it life a bit so our callers wont choke on it.
|
| | |
|
| |
|
|
| |
This reverts commit 8752206e276cffe588c0932b5a9f2331640e8447.
|
| |
|
|
| |
This reverts commit 9aa8b00892d81bb5e94565d3cb9841dd57b7b9cf.
|
| |
|
|
| |
This reverts commit 830748013f81bcc28d145baf4024efd1b6537704.
|
| |
|
|
|
| |
This allows untie($scalar) to untie the scalar if the last assigned or
returned happened to be a typeglob.
|
| |
|
|
|
| |
Make tie() distinguish between $scalar and *$scalar when $scalar holds
a glob copy, by checking the FAKE flag.
|
| |
|
|
|
|
|
|
| |
Make pp_tied use the SvFAKE flag to distinguish between tied scalars
and tied handles. This is now possible as of change 2acc3314.
This fixes the problem of tied($scalar) ignoring the tie if the last
thing returned or assigned happened to be a glob.
|
| | |
|
