[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]
Re: [perl #54934] Attempt to free unreferenced scalar fiddling with the symbol table
On Fri, May 30, 2008 at 02:55:22PM +0200, Rafael Garcia-Suarez wrote:
> 2008/5/27 via RT Niko Tyni <perlbug-followup@perl.org>:
> > As seen in <http://cpantesters.perl.org/show/PerlIO-via-dynamic.html>,
> > the test suite of the PerlIO::via::dynamic CPAN module generates
> > 'Attempt to free unreferenced scalar' warnings with recent perl versions,
> > including 5.10.0 but not 5.8.8.
> Good catch. I've traced the double-freed scalar; the patch below fixes
> the error. However I'm not sure at all it creates no leak.
>
> --- ext/PerlIO/via/via.xs.orig 2008-01-25 10:00:53.000000000 +0100
> +++ ext/PerlIO/via/via.xs 2008-05-30 14:43:11.000000000 +0200
> @@ -89,7 +89,7 @@ PerlIOVia_method(pTHX_ PerlIO * f, const
> if (!s->fh) {
> GV *gv = newGVgen(HvNAME_get(s->stash));
> GvIOp(gv) = newIO();
> - s->fh = newRV_noinc((SV *) gv);
> + s->fh = newRV((SV *) gv);
> s->io = GvIOp(gv);
> }
> IoIFP(s->io) = PerlIONext(f);
> End of Patch.
>
> So what leaks is a gv generated to hold the "FOO" reference. (Its name
> is "_GEN_0".)
Hi,
I don't see this applied yet, hope it isn't falling through the cracks.
While PerlIO-via-dynamic-0.13 now has a workaround for 5.10.0, Bastian
Blank raised concerns about possible security implications of the double
frees in <http://bugs.debian.org/479698> (Cc'd).
Again, many thanks for looking at this.
--
Niko Tyni ntyni@debian.org
- Follow-Ups from:
-
"Rafael Garcia-Suarez" <rgarciasuarez@gmail.com>
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]