Bug#816280: Binary incompatibility between debugperl and perl
Dominic Hargreaves
dom at earth.li
Mon Feb 29 12:17:39 UTC 2016
Control: forwarded -1 https://rt.perl.org/Public/Bug/Display.html?id=127212
Control: tags -1 + fixed-upstream confirmed
On Mon, Feb 29, 2016 at 12:53:33PM +0100, Nick Wellnhofer wrote:
> Package: perl-debug
> Version: 5.20.2-2
>
> The layout of interpreter variables is different in the debug and normal
> version of the perl binary. This means that XS extensions might read from or
> write to the wrong area of the interpreter variable struct, causing crashes
> and other strange behavior.
>
> Here's an example, originally reported by me at
> https://rt.cpan.org/Public/Bug/Display.html?id=111211
>
> $ PERL_DESTRUCT_LEVEL=2 debugperl -MList::Util=shuffle -e shuffle
> Segmentation fault
>
> This segfaults because `shuffle` calls `seedDrand01` which writes to the
> `random_state` interpreter variable. If you have a look at `intrpvar.h` in
> the Perl source, you'll see that `random_state` is at the very end with some
> variables before that are only enabled in debug builds. This causes
> `random_state` to be at a different offset in the debug build. The XS module
> `List::Util` uses the non-debug offset, so any writes to `random_state`
> cause memory corruption.
>
> I'd propose that all interpreter variables that are only used in the debug
> build should be moved to very end in `intrpvar.h`.
This was discovered as part of the investigation into
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810326> (which is
not quite the same bug) and was fixed upstream. This fix should be in
5.24 which should be in stretch. However, the fix by its nature breaks
binary compatibility, so it will unfortunately not be possible to apply
it to a stable release.
Cheers,
Dominic.
More information about the Perl-maintainers
mailing list