Ubuntu
perl package

stack space full (SEGFAULT) when accessing %hash with undefined $var (use warnings)

Bug #2032667 reported by Walter
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
perl (Ubuntu)
New
Undecided
Unassigned

Bug Description

Accessing a hash entry with an undefined variable as key causes infinite recursion and running out of stack space. This only happens when '-w' ("use warnings;") is enabled.

Steps to reproduce:

  $ perl -e 'my %hash = (); int($hash{$undefined_var})'
  (no crash)

  $ perl -we 'my %hash = (); int($hash{$undefined_var})'
  Useless use of int in void context at -e line 1.
  Name "main::undefined_var" used only once: possible typo at -e line 1.
  Use of uninitialized value $undefined_var in hash element at -e line 1.
  Segmentation fault

Version: perl-base (5.34.0-3ubuntu1.2) on Jammy

Backtrace (after installing perl-debug):

  Program received signal SIGSEGV, Segmentation fault.
  0x0000555555652d1d in Perl_hv_common (my_perl=0x5555558fa2a0, hv=0x5555559292b8, keysv=0x555555929318, key=0x0, klen=0, flags=0, action=0, val=0x0, hash=0) at /build/perl-Jo9ODt/perl-5.34.0/build-static/hv.c:350
  350 in /build/perl-Jo9ODt/perl-5.34.0/build-static/hv.c
  (gdb) bt 10
  #0 0x0000555555652d1d in Perl_hv_common (
      my_perl=0x5555558fa2a0, hv=0x5555559292b8,
      keysv=0x555555929318, key=0x0, klen=0, flags=0,
      action=0, val=0x0, hash=0)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/hv.c:350
  #1 0x0000555555684afc in S_find_uninit_var (
      my_perl=0x5555558fa2a0, obase=<optimized out>,
      uninit_sv=<optimized out>, match=<optimized out>,
      desc_p=<optimized out>)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/sv.c:16785
  #2 0x0000555555684ce4 in Perl_report_uninit (
      my_perl=0x5555558fa2a0, uninit_sv=0x555555929318)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/sv.c:17051
  #3 0x000055555566771d in Perl_sv_2pv_flags (
      my_perl=0x5555558fa2a0, sv=0x555555929318,
      lp=0x7fffff7ff1c8, flags=<optimized out>)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/sv.c:3243
  #4 0x0000555555652fd5 in Perl_hv_common (
      my_perl=0x5555558fa2a0, hv=0x5555559292b8,
      keysv=0x555555929318, key=0x0, klen=<optimized out>,
      flags=<optimized out>, action=0, val=0x0,
      hash=<optimized out>)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/hv.c:396
  #5 0x0000555555684afc in S_find_uninit_var (
      my_perl=0x5555558fa2a0, obase=<optimized out>,
      uninit_sv=<optimized out>, match=<optimized out>,
      desc_p=<optimized out>)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/sv.c:16785
  #6 0x0000555555684ce4 in Perl_report_uninit (
      my_perl=0x5555558fa2a0, uninit_sv=0x555555929318)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/sv.c:17051
  #7 0x000055555566771d in Perl_sv_2pv_flags (
      my_perl=0x5555558fa2a0, sv=0x555555929318,
      lp=0x7fffff7ff3b8, flags=<optimized out>)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/sv.c:3243
  #8 0x0000555555652fd5 in Perl_hv_common (
      my_perl=0x5555558fa2a0, hv=0x5555559292b8,
      keysv=0x555555929318, key=0x0, klen=<optimized out>,
      flags=<optimized out>, action=0, val=0x0,
      hash=<optimized out>)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/hv.c:396
  #9 0x0000555555684afc in S_find_uninit_var (
      my_perl=0x5555558fa2a0, obase=<optimized out>,
      uninit_sv=<optimized out>, match=<optimized out>,
      desc_p=<optimized out>)
      at /build/perl-Jo9ODt/perl-5.34.0/build-static/sv.c:16785
  (More stack frames follow...)

Long backtrace:

  #0 0x0000555555652d1d in Perl_hv_common (my_perl=..., hv=..
  #1 0x0000555555684afc in S_find_uninit_var (my_perl=..., ob
  #2 0x0000555555684ce4 in Perl_report_uninit (my_perl=..., u
  #3 0x000055555566771d in Perl_sv_2pv_flags (my_perl=..., sv
  #4 0x0000555555652fd5 in Perl_hv_common (my_perl=..., hv=..
  #5 0x0000555555684afc in S_find_uninit_var (my_perl=..., ob
  #6 0x0000555555684ce4 in Perl_report_uninit (my_perl=..., u
  #7 0x000055555566771d in Perl_sv_2pv_flags (my_perl=..., sv
  #8 0x0000555555652fd5 in Perl_hv_common (my_perl=..., hv=..
  #9 0x0000555555684afc in S_find_uninit_var (my_perl=..., ob
  ...
  #67607 0x000055555566771d in Perl_sv_2pv_flags (my_perl=...,
  #67608 0x0000555555652fd5 in Perl_hv_common (my_perl=..., hv
  #67609 0x0000555555684afc in S_find_uninit_var (my_perl=...,
  #67610 0x0000555555684ce4 in Perl_report_uninit (my_perl=...
  #67611 0x000055555566524a in Perl_sv_2iv_flags (my_perl=...,
  #67612 0x000055555568e21d in Perl_pp_int (my_perl=...)
  #67613 0x000055555564fac6 in Perl_runops_standard (my_perl=.
  #67614 0x00005555555c955c in S_run_body (oldscope=..., my_pe
  #67615 perl_run (my_perl=...)
  #67616 0x000055555559e977 in main (argc=..., argv=..., env=.

Cheers!

Walter Doekes
OSSO B.V.

Revision history for this message
Niko Tyni (ntyni) wrote : Re: [Bug 2032667] [NEW] stack space full (SEGFAULT) when accessing %hash with undefined $var (use warnings)

On Tue, Aug 22, 2023 at 02:28:18PM -0000, Walter wrote:

> Accessing a hash entry with an undefined variable as key causes infinite
> recursion and running out of stack space. This only happens when '-w'
> ("use warnings;") is enabled.

This is https://github.com/Perl/perl5/issues/19147 , broken around 5.33.1
and fixed around 5.35.5 with

  https://github.com/Perl/perl5/commit/23cca2d1f4544cb47f1124d98c308ce1f31f09a6

Hope this helps somebody fix this in Ubuntu. Debian is not affected as we
never shipped 5.34 in a stable release.
--
Niko Tyni <email address hidden>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.