Bug#1071129: perl: crash in freelocale()
Niko Tyni
ntyni at debian.org
Tue May 14 20:04:22 BST 2024
Package: perl
Version: 5.38.2-4
Severity: important
Forwarded: https://github.com/Perl/perl5/issues/22195
Control: found -1 5.38.2-3.2
As reported upstream by Konstantin Akimov, perl in Debian trixie/sid
and in Ubuntu 24.04 can crash when freeing locales.
#!/bin/sh
L=en_US.UTF-8 # or seems like any other locale will do
export LC_ALL=
export LC_ADDRESS=$L
export LC_IDENTIFICATION=$L
export LC_MEASUREMENT=$L
export LC_MONETARY=$L
export LC_NAME=$L
export LC_NUMERIC=$L
export LC_PAPER=$L
export LC_TELEPHONE=$L
export LC_TIME=$L
perl -e 'require threads; require Thread::Queue'
The resulting SIGSEGV is not quite deterministic for me, but valgrind
shows an invalid read every time [1].
This does not happen with unpatched upstream 5.38.2. It is caused by
our patch 'unbreak-locale-initialization.diff' to locale.c
https://sources.debian.org/src/perl/5.38.2-4/debian/patches/fixes/unbreak-locale-initialization.diff/
which I added to fix #1060679 and which just reverts upstream commit
https://github.com/Perl/perl5/commit/7af2d2037375d58e700f9e1b217efb2c4db66133
Looking at that now, I suppose I could have taken a hint back then from
Karl's commit message, which said the next commit would turn these parts
into memory leaks otherwise. Oh well.
I don't have a patch, but I'll try to look into it. Obviously we don't
want to reintroduce the regression we were fixing (#1060679). That
regression was fixed upstream after 5.38 with
https://github.com/Perl/perl5/commit/bf38d1cf744fcc49b715b9d633761aa67436c002
which doesn't apply as-is because it depends on other changes. Upstream
has listed this as needing a 5.38 backport, but nobody has tackled that
yet AFAICS.
[1] here's valgrind output of 5.38.2-4 for reference, though I expect that
undoing the reversal and backporting the relevant fixes in the 5.39
series is a better approach than trying to fix the crash in the
current version.
==794839== Memcheck, a memory error detector
==794839== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==794839== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info
==794839== Command: debugperl -e require\ threads;\ require\ Thread::Queue
==794839==
==794839== Invalid read of size 8
==794839== at 0x496CB95: __freelocale (freelocale.c:43)
==794839== by 0x496CB95: freelocale (freelocale.c:31)
==794839== by 0x1831F3: perl_destruct (perl.c:1144)
==794839== by 0x14E571: main (perlmain.c:139)
==794839== Address 0x4b84870 is 0 bytes inside a block of size 328 free'd
==794839== at 0x48431EF: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==794839== by 0x496C894: newlocale (newlocale.c:258)
==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301)
==794839== by 0x39ED83: S_toggle_locale_i (locale.c:6576)
==794839== by 0x39F18E: S_my_langinfo_i (locale.c:4200)
==794839== by 0x3A0AF5: S_new_numeric (locale.c:1950)
==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518)
==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637)
==794839== by 0x4F8A8E3: Perl_sharedsv_init (shared.xs:1295)
==794839== by 0x4F8A8E3: boot_threads__shared (shared.xs:1783)
==794839== by 0x2BD5D6: Perl_pp_entersub (pp_hot.c:5555)
==794839== by 0x26C4A1: Perl_runops_debug (dump.c:2864)
==794839== by 0x17CA8A: Perl_call_sv (perl.c:3150)
==794839== Block was alloc'd at
==794839== at 0x4840808: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==794839== by 0x496C52A: newlocale (newlocale.c:199)
==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301)
==794839== by 0x3A0936: Perl_set_numeric_standard (locale.c:2031)
==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518)
==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637)
==794839== by 0x14E492: main (perlmain.c:102)
==794839==
==794839== Invalid free() / delete / delete[] / realloc()
==794839== at 0x48431EF: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==794839== by 0x1831F3: perl_destruct (perl.c:1144)
==794839== by 0x14E571: main (perlmain.c:139)
==794839== Address 0x4b84870 is 0 bytes inside a block of size 328 free'd
==794839== at 0x48431EF: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==794839== by 0x496C894: newlocale (newlocale.c:258)
==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301)
==794839== by 0x39ED83: S_toggle_locale_i (locale.c:6576)
==794839== by 0x39F18E: S_my_langinfo_i (locale.c:4200)
==794839== by 0x3A0AF5: S_new_numeric (locale.c:1950)
==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518)
==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637)
==794839== by 0x4F8A8E3: Perl_sharedsv_init (shared.xs:1295)
==794839== by 0x4F8A8E3: boot_threads__shared (shared.xs:1783)
==794839== by 0x2BD5D6: Perl_pp_entersub (pp_hot.c:5555)
==794839== by 0x26C4A1: Perl_runops_debug (dump.c:2864)
==794839== by 0x17CA8A: Perl_call_sv (perl.c:3150)
==794839== Block was alloc'd at
==794839== at 0x4840808: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==794839== by 0x496C52A: newlocale (newlocale.c:199)
==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301)
==794839== by 0x3A0936: Perl_set_numeric_standard (locale.c:2031)
==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518)
==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637)
==794839== by 0x14E492: main (perlmain.c:102)
==794839==
==794839==
==794839== HEAP SUMMARY:
==794839== in use at exit: 116,898 bytes in 78 blocks
==794839== total heap usage: 13,878 allocs, 13,801 frees, 3,178,315 bytes allocated
==794839==
==794839== LEAK SUMMARY:
==794839== definitely lost: 0 bytes in 0 blocks
==794839== indirectly lost: 0 bytes in 0 blocks
==794839== possibly lost: 0 bytes in 0 blocks
==794839== still reachable: 116,898 bytes in 78 blocks
==794839== suppressed: 0 bytes in 0 blocks
==794839== Rerun with --leak-check=full to see details of leaked memory
==794839==
==794839== For lists of detected and suppressed errors, rerun with: -s
==794839== ERROR SUMMARY: 13 errors from 2 contexts (suppressed: 0 from 0)
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list