Bug#900739: perl: crashing in toke.c, keyword plugin pointer is left pointing to an XS module that's been unloaded

Dean Hamstead dean at fragfest.com.au
Mon Jun 4 02:54:39 BST 2018


Package: perl
Version: 5.24.1-3+deb9u3
Severity: important

The keyword plugin pointer is left pointing to an unloaded XS module -
resulting in a crash in toke.c.

To reproduce is quite simple using mod_perl2 (pre)loading DBD::Oracle
and Syntax::Keyword::Try (or other).

ie.

(install mod_perl2)
cpanm Syntax::Keyword::Try
(install Oracle SDK)
cpanm DBD::Oracle
create a /var/www/html/startup.pl with contents:
use DBD::Oracle; use Syntax::Keyword::Try; 1;
create a file /etc/apache2/conf-enabled/breakperl.conf with contents:
PerlRequire /var/www/html/startup.pl
(start apache)

Apache will crash nearly instantly

The core file can be examined and i have posted an example at
https://gist.github.com/djzort/980a6a7e1241f3c4d036a6d68641b22c

This bug is easily fixed by applying the patch in
https://rt.perl.org/Public/Bug/Display.html?id=131786

It applies cleanly as-is

This is already in newer versions of perl via commit
fa2e45943e2b6ce22cf70dba5b47afe73c8c7c80 in perl's git branch

Could this patch please be applied and a new release created


-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (98, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages perl depends on:
ii  dpkg               1.18.24
ii  libperl5.24        5.24.1-3+deb9u3
ii  perl-base          5.24.1-3+deb9u3
ii  perl-modules-5.24  5.24.1-3+deb9u3

Versions of packages perl recommends:
ii  netbase  5.4
ii  rename   0.20-4

Versions of packages perl suggests:
pn  libterm-readline-gnu-perl | libterm-readline-perl-perl  <none>
ii  make                                                    4.1-9.1
ii  perl-doc                                                5.24.1-3+deb9u3

-- no debconf information


Psst! It's possible that this email contains information that is on the super secret side of confidential. So if you received it accidentally, let the sender know straight away and delete it (and the email you sent them). Also, we should let you know that any emails that come and go through Winc™ might be scanned, stored or read by Winc™ at its discretion. If you've got a question, please give us a buzz on +61 2 9335 0555 (Australia) or +64 9 271 7600 (NZ). Oh, and Winc™ does its best to avoid errors on emails it sends, but we can't promise that it will be error free. So, please don't hold it against us.




More information about the Perl-maintainers mailing list