[perl #93320] localising @DB::args leads to coredump
This script, from the RT ticket, crashes:
#!/usr/bin/perl
sub cl{
package DB;
@DB::args = ();
return caller(shift);
}
sub f{
local @DB::args;
my @z = cl($_) for (1..3);
}
f(1,2,3); f(1,2,3);
__END__
PL_dbargs is not refcounted, and it’s not set until pp_caller first
tries to write to it. If that happens when @DB::args is localised,
then the array will be freed on scope exit, leaving PL_dbargs pointing
to a freed SV.
This crash can be reproduced more simply this way:
sub {
package DB;
()=caller(0);
undef *DB::args;
()=caller(0);
}->();
So, basically, pp_caller has to re-fetch PL_dbargs from the %DB::
stash each time it sets it. It cannot rely on the cached value.
(So now I’m wondering whether we even need PL_dbargs.)
projects / platform / upstream / perl.git / commit