Bug#557771: *** stack smashing detected ***: /usr/bin/perl terminated

Thomas Schwinge thomas at schwinge.name
Tue Dec 22 22:55:58 UTC 2009


Hello!

Sorry for being late with answering.

On Wed, Nov 25, 2009 at 01:30:56PM +0200, Niko Tyni wrote:
> On Wed, Nov 25, 2009 at 09:45:52AM +0100, Thomas Schwinge wrote:
> > Here is a more useful backtrace, thanks to installing the perl-debug
> > package:
> 
> Thanks. Is it reproducible with #!/usr/bin/debugperl ?

Yes.  Here is the backtrace, from ``break abort'':

#0  abort () at abort.c:55
        act = {__sigaction_handler = {sa_handler = 0x3f, sa_sigaction = 0x3f}, sa_mask = 23067412, sa_flags = 85024}
        sigs = <value optimized out>
#1  0x0112c71c in __libc_message (do_abort=2, fmt=0x1214956 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:138
        ap = 0x15ffb2c "\364\177\"\001\003"
        fd = 4
        on_2 = <value optimized out>
        list = <value optimized out>
        nlist = 5
        cp = <value optimized out>
#2  0x011dc7db in __fortify_fail (msg=0x121493e "stack smashing detected") at fortify_fail.c:32
No locals.
#3  0x011dc790 in __stack_chk_fail () at stack_chk_fail.c:29
No locals.
#4  0x08073e11 in Perl_newATTRSUB (my_perl=0x82b7fe8, floor=322, o=0x8aa56c8, proto=0x0, attrs=0x0, block=0x8aa7680) at op.c:5843
        aname = 0x0
        gv = 0x872d498
        ps = 0x0
        ps_len = 153893344
        cv = 0x91a6d98
        const_sv = <value optimized out>
        gv_fetch_flags = 2
        name = 0x82ff9dc "BEGIN"
        __PRETTY_FUNCTION__ = "Perl_newATTRSUB"
#5  0x08072e90 in Perl_utilize (my_perl=0x82b7fe8, aver=1, floor=322, version=0x0, idop=0x8aade80, arg=0x0) at op.c:3878
        pack = 0x8a9d198
        imop = <value optimized out>
        veop = 0x0
#6  0x080c0ed4 in Perl_yyparse (my_perl=0x82b7fe8) at perly.y:659
        yystate = 375
        yyn = 80
        yyresult = <value optimized out>
        yytoken = 14
        parser = 0x9296608
        ps = 0x91a58bc
        yyval = {ival = 1, pval = 0x1 <Address 0x1 out of bounds>, opval = 0x1, gvval = 0x1, p_tkval = 0x1 <Address 0x1 out of bounds>, 
          i_tkval = 1}
#7  0x0819ba68 in S_doeval (my_perl=0x82b7fe8, gimme=128, startop=0x0, outside=0x872d8a8, seq=4264) at pp_ctl.c:2981
        sp = <value optimized out>
        saveop = 0x8744538
        __PRETTY_FUNCTION__ = "S_doeval"
#8  0x0819cba4 in Perl_pp_entereval (my_perl=0x82b7fe8) at pp_ctl.c:3671
        sp = 0x8e6e048
        cx = 0x82dee08
        sv = <value optimized out>
        gimme = <value optimized out>
        was = 2712
        tbuf = "_<(eval 1175)\000\350\177+\b\340,\002"
        tmpbuf = <value optimized out>
        safestr = 0x8ebaec8 "_<(eval 1175)"
        len = 13
        ok = <value optimized out>
        runcv = 0x872d8a8
        seq = 4264
        saved_hh = 0x0
        __PRETTY_FUNCTION__ = "Perl_pp_entereval"
#9  0x080ed3a7 in Perl_runops_debug (my_perl=0x82b7fe8) at dump.c:1968
No locals.
#10 0x0807ea20 in S_run_body (my_perl=0x82b7fe8) at perl.c:2431
        __PRETTY_FUNCTION__ = "S_run_body"
#11 perl_run (my_perl=0x82b7fe8) at perl.c:2349
        oldscope = 1
        ret = <value optimized out>
        cur_env = {je_prev = 0x82b819c, je_buf = {{__jmpbuf = {19038196, 23068240, 142560, 23068168, 23068080, 134735376}, 
              __mask_was_saved = 0, __saved_mask = 0}}, je_ret = 0, je_mustcatch = 0 '\000'}
        __PRETTY_FUNCTION__ = "perl_run"
#12 0x08060a85 in main (argc=2, argv=0x15ffea8, env=0x15ffeb4) at perlmain.c:117
        exitstatus = <value optimized out>


> Could you put together a testcase so others can reproduce it?

I will try to reduce this to a suitable testcase.

> Is this specific to the hurd port?

A quick attempt to reproduce this on GNU/Linux with mostly similar
packages installed didn't reveal this Perl bug, but I'll try some more to
make this reproducible on Linux-based systems.  Of course, you (or
everyone else interested) could also get an account on this Hurd machine.


> I wasn't aware libc is
> compiled with fortifying options, is that the case elsewhere too?

Isn't it rather that Perl is being compiled with fortifying options (I
didn't check)?  glibc / GCC only provide the infrastructure and print out
the error message.


Regards,
 Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/perl-maintainers/attachments/20091222/d84b6a92/attachment.pgp>


More information about the Perl-maintainers mailing list