Bug#900739: perl: crashing in toke.c, keyword plugin pointer is left pointing to an XS module that's been unloaded
Dean Hamstead
dean at fragfest.com.au
Mon Jun 4 02:54:39 BST 2018
Package: perl
Version: 5.24.1-3+deb9u3
Severity: important
The keyword plugin pointer is left pointing to an unloaded XS module -
resulting in a crash in toke.c.
To reproduce is quite simple using mod_perl2 (pre)loading DBD::Oracle
and Syntax::Keyword::Try (or other).
ie.
(install mod_perl2)
cpanm Syntax::Keyword::Try
(install Oracle SDK)
cpanm DBD::Oracle
create a /var/www/html/startup.pl with contents:
use DBD::Oracle; use Syntax::Keyword::Try; 1;
create a file /etc/apache2/conf-enabled/breakperl.conf with contents:
PerlRequire /var/www/html/startup.pl
(start apache)
Apache will crash nearly instantly
The core file can be examined and i have posted an example at
https://gist.github.com/djzort/980a6a7e1241f3c4d036a6d68641b22c
This bug is easily fixed by applying the patch in
https://rt.perl.org/Public/Bug/Display.html?id=131786
It applies cleanly as-is
This is already in newer versions of perl via commit
fa2e45943e2b6ce22cf70dba5b47afe73c8c7c80 in perl's git branch
Could this patch please be applied and a new release created
-- System Information:
Debian Release: 9.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (98, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages perl depends on:
ii dpkg 1.18.24
ii libperl5.24 5.24.1-3+deb9u3
ii perl-base 5.24.1-3+deb9u3
ii perl-modules-5.24 5.24.1-3+deb9u3
Versions of packages perl recommends:
ii netbase 5.4
ii rename 0.20-4
Versions of packages perl suggests:
pn libterm-readline-gnu-perl | libterm-readline-perl-perl <none>
ii make 4.1-9.1
ii perl-doc 5.24.1-3+deb9u3
-- no debconf information
Psst! It's possible that this email contains information that is on the super secret side of confidential. So if you received it accidentally, let the sender know straight away and delete it (and the email you sent them). Also, we should let you know that any emails that come and go through Winc™ might be scanned, stored or read by Winc™ at its discretion. If you've got a question, please give us a buzz on +61 2 9335 0555 (Australia) or +64 9 271 7600 (NZ). Oh, and Winc™ does its best to avoid errors on emails it sends, but we can't promise that it will be error free. So, please don't hold it against us.
More information about the Perl-maintainers
mailing list