List Info

Thread: Re: qr// memory corruption
Re: qr// memory corruption
user name
 2007-02-26 09:45:23 
On 2/24/07, Nicholas Clark <nickccl4.org> wrote:
> On Wed, Feb 21, 2007 at 06:53:49AM -0800, juerd  nano.
kronkel. lan. bcdordt. nl wrote:
>
> Your mailer split this line:
>
> >     (?<CombiningChar> [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | x | [x-x] |
x | [x-x] | x |
[x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] | x |
[x-x] | x | [x-x] |
[x-x] | [x-x] | x |
x | x | [x-x] |
[x-x] | [x-x] | x |
[x-x] | x | x | x |
x | [x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | x | [x-x] |
[x-x] | [x-x] |
[x-x] | x | [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] | [x{0BB
 E}-
> >  x] | [x-x] |
[x-x] | x | [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | [x-x] |
[x-x] | x | x |
[x-x] | [x-x] | x |
[x-x] | [x-x] |
[x-x] | [x-x] | x |
x | x | x | x |
[x-x] | [x-x] |
[x-x] | x | [x-x] |
[x-x] | x | [x-x] |
x | [x-x] | x | x  )
>
>
> I've attached the restored script in case anyone else
wants to play with it.
>
> The first error reported by valgrind is
>
> ==15722== Memcheck, a memory error detector for
x86-linux.
> ==15722== Copyright (C) 2002-2004, and GNU GPL'd, by
Julian Seward et al.
> ==15722== Using valgrind-2.2.0, a program supervision
framework for x86-linux.
> ==15722== Copyright (C) 2000-2004, and GNU GPL'd, by
Julian Seward et al.
> ==15722== For more details, rerun with: -v
> ==15722==
> ==15722== Invalid read of size 1
> ==15722==    at 0x809BBAC: S_reganode (regcomp.c:7956)
> ==15722==    by 0x8092DBA: S_reg (regcomp.c:5703)
> ==15722==    by 0x8096726: S_regatom (regcomp.c:6439)
> ==15722==    by 0x8093E16: S_regpiece (regcomp.c:5881)
> ==15722==    by 0x80939B0: S_regbranch
(regcomp.c:5826)
> ==15722==    by 0x80920A5: S_reg (regcomp.c:5492)
> ==15722==    by 0x8096726: S_regatom (regcomp.c:6439)
> ==15722==    by 0x8093E16: S_regpiece (regcomp.c:5881)
> ==15722==    by 0x80939B0: S_regbranch
(regcomp.c:5826)
> ==15722==    by 0x8092A33: S_reg (regcomp.c:5646)
> ==15722==    by 0x808CA5B: Perl_re_compile
(regcomp.c:4226)
> ==15722==    by 0x808BE23: Perl_pregcomp
(regcomp.c:4024)
> ==15722==    by 0x806627F: Perl_pmruntime (op.c:3280)
> ==15722==    by 0x8218173: Perl_yyparse (perly.y:1219)
> ==15722==    by 0x80D5190: S_parse_body (perl.c:2258)
> ==15722==    by 0x80D3A93: perl_parse (perl.c:1630)
> ==15722==    by 0x805EAD8: main (perlmain.c:111)
> ==15722==  Address 0x1BCC80A1 is 5 bytes after a block
of size 21788 alloc'd
> ==15722==    at 0x1B902E28: malloc
(vg_replace_malloc.c:131)
> ==15722==    by 0x80AC89E: Perl_safesysmalloc
(util.c:92)
> ==15722==    by 0x808C470: Perl_re_compile
(regcomp.c:4127)
> ==15722==    by 0x808BE23: Perl_pregcomp
(regcomp.c:4024)
> ==15722==    by 0x806627F: Perl_pmruntime (op.c:3280)
> ==15722==    by 0x8218173: Perl_yyparse (perly.y:1219)
> ==15722==    by 0x80D5190: S_parse_body (perl.c:2258)
> ==15722==    by 0x80D3A93: perl_parse (perl.c:1630)
> ==15722==    by 0x805EAD8: main (perlmain.c:111)
>
> regcomp.c has
>
>   7955  #ifdef DEBUGGING
>   7956      if (OP(RExC_emit) == 255)
>   7957          Perl_croak(aTHX_ "panic: reganode
overwriting end of allocated program space");
>   7958  #endif
>   7959  NODE_ALIGN_FILL(ret);
> and
>
>   4123      /* Allocate space and zero-initialize.
Note, the two step process
>   4124         of zeroing when in debug mode, thus
anything assigned has to
>   4125         happen after that */
>   4126      Newxz(r, 1, regexp);
>   4127      Newxc(ri, sizeof(regexp_internal) +
(unsigned)RExC_size * sizeof(regnode),
>   4128           char, regexp_internal);
>
>
> The next error reported is
>
> ==15785== Invalid write of size 1
> ==15785==    at 0x809BBC2: S_reganode (regcomp.c:7959)
> ==15785==    by 0x8092DBA: S_reg (regcomp.c:5703)
>
> (so that NODE_ALIGN_FILL() macro)
>
> then
>
> ==15785== Invalid write of size 4
> ==15785==    at 0x809BBD1: S_reganode (regcomp.c:7961)
> ==15785==    by 0x8092DBA: S_reg (regcomp.c:5703)
>
> then
>
> ==15785== Invalid write of size 1
> ==15785==    at 0x809BBDA: S_reganode (regcomp.c:7961)
>
> ==15785== Invalid write of size 2
> ==15785==    at 0x809BBE0: S_reganode (regcomp.c:7961)
>
>
> we also have
>
> ==15785== Invalid write of size 4
> ==15785==    at 0x809BD68: S_reganode (regcomp.c:7973)
>
> and
>
> ==15785== Invalid write of size 4
> ==15785==    at 0x8092F33: S_reg (regcomp.c:5712)
>
> both
>
> ==15785==  Address 0x1BC6658C is 8 bytes after a block
of size 43532 alloc'd
> ==15785==    at 0x1B902E28: malloc
(vg_replace_malloc.c:131)
> ==15785==    by 0x80ACB32: Perl_safesyscalloc
(util.c:277)
> ==15785==    by 0x808C8F7: Perl_re_compile
(regcomp.c:4200)
> ==15785==    by 0x808BE23: Perl_pregcomp
(regcomp.c:4024)
>
> and some that appear to be unrelated to either block
>
> ==15785== Invalid write of size 4
> ==15785==    at 0x809BBD1: S_reganode (regcomp.c:7961)
> ==15785==    by 0x80920D9: S_reg (regcomp.c:5496)
> ==15785==    by 0x8096726: S_regatom (regcomp.c:6439)
> ==15785==    by 0x8093E16: S_regpiece (regcomp.c:5881)
> ==15785==    by 0x80939B0: S_regbranch
(regcomp.c:5826)
> ==15785==    by 0x8092A33: S_reg (regcomp.c:5646)
> ==15785==    by 0x808CA5B: Perl_re_compile
(regcomp.c:4226)
> ==15785==    by 0x808BE23: Perl_pregcomp
(regcomp.c:4024)
> ==15785==    by 0x806627F: Perl_pmruntime (op.c:3280)
> ==15785==    by 0x8218173: Perl_yyparse (perly.y:1219)
> ==15785==    by 0x80D5190: S_parse_body (perl.c:2258)
> ==15785==    by 0x80D3A93: perl_parse (perl.c:1630)
> ==15785==    by 0x805EAD8: main (perlmain.c:111)
> ==15785==  Address 0x1BCC80AC is not stack'd, malloc'd
or (recently) free'd
>
> ==15785== Invalid write of size 4
> ==15785==    at 0x809BD68: S_reganode (regcomp.c:7973)
> ==15785==    by 0x80920D9: S_reg (regcomp.c:5496)
> ==15785==    by 0x8096726: S_regatom (regcomp.c:6439)
> ==15785==    by 0x8093E16: S_regpiece (regcomp.c:5881)
> ==15785==    by 0x80939B0: S_regbranch
(regcomp.c:5826)
> ==15785==    by 0x8092A33: S_reg (regcomp.c:5646)
> ==15785==    by 0x808CA5B: Perl_re_compile
(regcomp.c:4226)
> ==15785==    by 0x808BE23: Perl_pregcomp
(regcomp.c:4024)
> ==15785==    by 0x806627F: Perl_pmruntime (op.c:3280)
> ==15785==    by 0x8218173: Perl_yyparse (perly.y:1219)
> ==15785==    by 0x80D5190: S_parse_body (perl.c:2258)
> ==15785==    by 0x80D3A93: perl_parse (perl.c:1630)
> ==15785==    by 0x805EAD8: main (perlmain.c:111)
> ==15785==  Address 0x1BC6659C is not stack'd, malloc'd
or (recently) free'd
>
> I hope these are of use.

Definitely.

Attached patch hopefully resolves them. Could you apply and
retry the
valgrind stuff?

Cheers,
Yves

-- 
perl -Mre=debug -e "/just|another|perl|hacker/"
  
Re: qr// memory corruption
user name
 2007-02-26 11:12:33 
On 26/02/07, demerphq <demerphqgmail.com> wrote:
> Attached patch hopefully resolves them. Could you apply
and retry the
> valgrind stuff?

valgrind reports no errors here. Thanks, applied as change
#30413 to bleadperl.
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )