Thought I'd check if this was still in 5.10, and it is. I can see where it is, but fixing it looks quite complex, and this is only a normal-priority bug.
PerlIOUnix_read has a loop which makes a blocking read, and calls PERL_ASYNC_CHECK() if the read is interrupted by a signal. Once PERL_ASYNC_CHECK() has returned, the pointers "f" and "buf" in PerlIOUnix_read are pointing to freed space, which looks fairly simple to detect and handle. Similar bugs also need fixing elsewhere in perlio.c. However, working out what needs to be done in PerlIOBuf_fill will take a bit of study. I'm not volunteering. Here's the problem callstack (calls from bottom to top). Line numbers are from perl_5.10.0-13. free (vg_replace_malloc.c:323) Perl_safesysfree (util.c:260) PerlIOBuf_close (perlio.c:4038) PerlIO__close (perlio.c:1417) Perl_PerlIO_close (perlio.c:1430) Perl_io_close (doio.c:976) Perl_do_close (doio.c:939) Perl_pp_close (pp_sys.c:591) Perl_runops_standard (run.c:38) Perl_call_sv (perl.c:2653) Perl_sighandler (mg.c:2885) Perl_despatch_signals (mg.c:1388) <== interrupt handling for PERL_ASYNC_CHECK PerlIOUnix_read (perlio.c:2689) <== easy to fix use of invalidated pointers Perl_PerlIO_read (perlio.c:1625) PerlIOBuf_fill (perlio.c:3843) <== crash occurs at line 3849 Perl_PerlIO_fill (perlio.c:1717) PerlIOBase_read (perlio.c:2135) PerlIOBuf_read (perlio.c:3864) Perl_PerlIO_read (perlio.c:1625) PerlIO_getc (perlio.c:5015) Perl_sv_gets (sv.c:6501) Perl_do_readline (pp_hot.c:1638) Perl_pp_readline (pp_hot.c:335) Perl_runops_standard (run.c:38) S_run_body (perl.c:2391) perl_run (perl.c:2309) main (perlmain.c:113) Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
