Steve Fink (via RT) wrote:
I won't go through all the details of what I looked at (though I'll post them in my blog eventually), but what's happening is that this line (from perlhash.pmc's clone() implementation) is corrupting the flags field:
((Hash*)PMC_struct_val(dest))->container = dest;
Ah, yep. PMC_struct_val(dest) doesn't hold the hash yet, it is created in hash_clone() only after this line.
The problem is that the dest PMC contains a Hash structure in its struct_val field
No. That's the pointer of the free_list, pointing to the previous PMC in that size class.
Putting above line after the hash_clone() fixes that bug.
Thanks for reporting, leo
