Avoid referencing uninitialized memory in PerlIOScalar_write #24063
Conversation
PerlIOScalar_write used to blindly use SvCUR() for SVs that is not SvPOK nor SvPOKp and bypasses the code that world normally clear out the leading bytes. This would result as garbage (uninitialized) bytes when the target scalar once held a non-empty string and then undef'ed. This will fix GH Perl#24008.
t/io/scalar.t
Outdated
| } | ||
|
|
||
| { # GH #24008 | ||
| open my $fh, '>', \my $str or BAIL_OUT $!; |
There was a problem hiding this comment.
I'm surprised to see that this suggests using BAIL_OUT. According to perldoc Test::More, BAIL_OUT
Indicates to the harness that things are going so badly all testing
should terminate. This includes the running of any additional test
scripts.
This is typically used when testing cannot continue such as a
critical module failing to compile or a necessary external utility
not being available such as a database connection failing.
The test will exit with 255.
Why wouldn't a simple die suffice here?
There was a problem hiding this comment.
@t-a-k I think we are waiting for changing to die, and then this p.r. can be merged
There was a problem hiding this comment.
Sorry for delayed response. I will make a commit shortly.
I think that BAIL_OUT is provided because die would change the behavior due to some internal state, such as $SIG{__DIE__}, $! and enclosing eval, so it might not be able to make the test fail reliably.
perlio.c
Outdated
| if (SvOK(sv)) | ||
| SvPV_force_nomg_nolen(sv); | ||
| else | ||
| /* SvPV_force_nomg_nolen would initialize PV even if !SvOK(sv), | ||
| but in such case it will emit "Use of uninitialized value" | ||
| warning, which is not expected here. */ | ||
| SvPVCLEAR(sv); |
There was a problem hiding this comment.
The indentation is strange, the else should be at the same level as the if to match our common usage, see the if/else starting line 1274 for example.
I think the conditional sv_force_normal() above your change is now redundant, since all paths now either force_normal (SvPV_force*()) or set an explicit value.
There was a problem hiding this comment.
The indentation is strange,
This seems to be due to GitHub's diff rendering. The if (SvOK(sv)) line is indented with a single tab character (this came from the original source before this change), while other added lines are indented without tab characters (according to .editorconfig).
.editorconfig also specifies tab_width = 8 and the else line is indented with 8 spaces, so these lines should appear to be aligned.
There was a problem hiding this comment.
It would seem that is my fault. Before ec57fb9 this part of the code was in a separate module that hadn't been updated to the "new" core style standard, and I didn't notice I should have fixed the indentation in that process.
I would suggest we follow up with a commit that fixes all the tabs to spaces.
Once a scalar variable is undef'ed, its SvCUR might remain the previous value. So avoid calling SvCUR() blindly and only call it only when the SV is defined. This partially revert my previous commit 3ea1aa9 and intended to be squashed before merge.
This commit is intended to be squashed before merge. Thanks to the comment from @jkeenan.
|
I've pushed a commit to change If these are OK, I will squash them to a single commit. |
| if ((PerlIOBase(f)->flags) & PERLIO_F_APPEND) { | ||
| dst = SvGROW(sv, SvCUR(sv) + count + 1); | ||
| dst = SvGROW(sv, cur + count + 1); | ||
| offset = SvCUR(sv); |
There was a problem hiding this comment.
Could this now be offset = cur; ?
6 participants
PerlIOScalar_writeused to blindly useSvCUR()for SVs that is not SvPOK nor SvPOKp and bypasses the code that world normally clear out the leading bytes. This would result as garbage (uninitialized) bytes when the target scalar once held a non-empty string and thenundef'ed.This will fix #24008.