#158539 perl: segfault while doing odd things with glob refs

Package:
perl
Source:
perl
Description:
Larry Wall's Practical Extraction and Report Language
Submitter:
Andrew Suffield
Date:
2020-11-14 23:27:07 UTC
Severity:
normal
Tags:
#158539#5
Date:
2002-08-27 20:38:59 UTC
From:
To:
I have no idea how wide-ranging or serious this is, nor do I really
understand what is going on here.

aps100@cyclone:~$ cat foo.pl
use IO::Tee;

open FOO, ">foo";
my $tee = IO::Tee->new(\*STDOUT, \*FOO);
*STDOUT = $tee;
print $tee "foo\n";
aps100@cyclone:~$ perl foo.pl
Segmentation fault (core dumped)
aps100@cyclone:~$

IO::Tee is available from CPAN. Everything is fine unless I try to set
*STDOUT = $tee, after which writes to STDOUT or $tee will segfault.

This is also broken on woody, so it's not new in 5.8.0.

I'm not familiar with how the perl interpreter works, but I'm fairly
sure that a stack trace which begins:

#0  0x080b4a6a in Perl_vivify_ref ()
#1  0x080b5332 in Perl_pp_method ()
#2  0x080ae381 in Perl_runops_standard ()
#3  0x08066018 in Perl_nothreadhook ()
#4  0x08062292 in Perl_call_sv ()
#5  0x08065a08 in Perl_call_method ()
#6  0x080af021 in Perl_pp_print ()
#7  0x080ae381 in Perl_runops_standard ()
#8  0x08066018 in Perl_nothreadhook ()
#9  0x08062292 in Perl_call_sv ()
#10 0x08065a08 in Perl_call_method ()

And then continues to repeat the same sequence from #6-#10 for
approximately 19000 (yes, thousand) stack frames, is a bad thing. I'm
guessing I managed to throw a self-glob-reference in there somehow.

#158539#26
Date:
2012-09-05 22:32:21 UTC
From:
To:
Back in 2009 this report got forwarded upstream, and this week got some
replies; you can see the discussions at

https://rt.perl.org/rt3//Ticket/Display.html?id=70001

Opinion is divided over exactly whether it's a valid bug or not, but
it seems unlikely that it will be fixed any time soon.

It's probably a bug in IO::Tee (if it indeed still exists in IO::Tee)
and also a lesser bug in perl.

Cheers,
Dominic.