Package: perl Version: 5.38.2-4 Severity: important Forwarded: https://github.com/Perl/perl5/issues/22195 Control: found -1 5.38.2-3.2
As reported upstream by Konstantin Akimov, perl in Debian trixie/sid and in Ubuntu 24.04 can crash when freeing locales. #!/bin/sh L=en_US.UTF-8 # or seems like any other locale will do export LC_ALL= export LC_ADDRESS=$L export LC_IDENTIFICATION=$L export LC_MEASUREMENT=$L export LC_MONETARY=$L export LC_NAME=$L export LC_NUMERIC=$L export LC_PAPER=$L export LC_TELEPHONE=$L export LC_TIME=$L perl -e 'require threads; require Thread::Queue' The resulting SIGSEGV is not quite deterministic for me, but valgrind shows an invalid read every time [1]. This does not happen with unpatched upstream 5.38.2. It is caused by our patch 'unbreak-locale-initialization.diff' to locale.c https://sources.debian.org/src/perl/5.38.2-4/debian/patches/fixes/unbreak-locale-initialization.diff/ which I added to fix #1060679 and which just reverts upstream commit https://github.com/Perl/perl5/commit/7af2d2037375d58e700f9e1b217efb2c4db66133 Looking at that now, I suppose I could have taken a hint back then from Karl's commit message, which said the next commit would turn these parts into memory leaks otherwise. Oh well. I don't have a patch, but I'll try to look into it. Obviously we don't want to reintroduce the regression we were fixing (#1060679). That regression was fixed upstream after 5.38 with https://github.com/Perl/perl5/commit/bf38d1cf744fcc49b715b9d633761aa67436c002 which doesn't apply as-is because it depends on other changes. Upstream has listed this as needing a 5.38 backport, but nobody has tackled that yet AFAICS. [1] here's valgrind output of 5.38.2-4 for reference, though I expect that undoing the reversal and backporting the relevant fixes in the 5.39 series is a better approach than trying to fix the crash in the current version. ==794839== Memcheck, a memory error detector ==794839== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==794839== Using Valgrind-3.20.0 and LibVEX; rerun with -h for copyright info ==794839== Command: debugperl -e require\ threads;\ require\ Thread::Queue ==794839== ==794839== Invalid read of size 8 ==794839== at 0x496CB95: __freelocale (freelocale.c:43) ==794839== by 0x496CB95: freelocale (freelocale.c:31) ==794839== by 0x1831F3: perl_destruct (perl.c:1144) ==794839== by 0x14E571: main (perlmain.c:139) ==794839== Address 0x4b84870 is 0 bytes inside a block of size 328 free'd ==794839== at 0x48431EF: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==794839== by 0x496C894: newlocale (newlocale.c:258) ==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301) ==794839== by 0x39ED83: S_toggle_locale_i (locale.c:6576) ==794839== by 0x39F18E: S_my_langinfo_i (locale.c:4200) ==794839== by 0x3A0AF5: S_new_numeric (locale.c:1950) ==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518) ==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637) ==794839== by 0x4F8A8E3: Perl_sharedsv_init (shared.xs:1295) ==794839== by 0x4F8A8E3: boot_threads__shared (shared.xs:1783) ==794839== by 0x2BD5D6: Perl_pp_entersub (pp_hot.c:5555) ==794839== by 0x26C4A1: Perl_runops_debug (dump.c:2864) ==794839== by 0x17CA8A: Perl_call_sv (perl.c:3150) ==794839== Block was alloc'd at ==794839== at 0x4840808: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==794839== by 0x496C52A: newlocale (newlocale.c:199) ==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301) ==794839== by 0x3A0936: Perl_set_numeric_standard (locale.c:2031) ==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518) ==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637) ==794839== by 0x14E492: main (perlmain.c:102) ==794839== ==794839== Invalid free() / delete / delete[] / realloc() ==794839== at 0x48431EF: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==794839== by 0x1831F3: perl_destruct (perl.c:1144) ==794839== by 0x14E571: main (perlmain.c:139) ==794839== Address 0x4b84870 is 0 bytes inside a block of size 328 free'd ==794839== at 0x48431EF: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==794839== by 0x496C894: newlocale (newlocale.c:258) ==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301) ==794839== by 0x39ED83: S_toggle_locale_i (locale.c:6576) ==794839== by 0x39F18E: S_my_langinfo_i (locale.c:4200) ==794839== by 0x3A0AF5: S_new_numeric (locale.c:1950) ==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518) ==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637) ==794839== by 0x4F8A8E3: Perl_sharedsv_init (shared.xs:1295) ==794839== by 0x4F8A8E3: boot_threads__shared (shared.xs:1783) ==794839== by 0x2BD5D6: Perl_pp_entersub (pp_hot.c:5555) ==794839== by 0x26C4A1: Perl_runops_debug (dump.c:2864) ==794839== by 0x17CA8A: Perl_call_sv (perl.c:3150) ==794839== Block was alloc'd at ==794839== at 0x4840808: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==794839== by 0x496C52A: newlocale (newlocale.c:199) ==794839== by 0x39DD9B: S_emulate_setlocale_i (locale.c:1301) ==794839== by 0x3A0936: Perl_set_numeric_standard (locale.c:2031) ==794839== by 0x39D76D: S_new_LC_ALL (locale.c:2518) ==794839== by 0x3A5F20: Perl_init_i18nl10n (locale.c:5637) ==794839== by 0x14E492: main (perlmain.c:102) ==794839== ==794839== ==794839== HEAP SUMMARY: ==794839== in use at exit: 116,898 bytes in 78 blocks ==794839== total heap usage: 13,878 allocs, 13,801 frees, 3,178,315 bytes allocated ==794839== ==794839== LEAK SUMMARY: ==794839== definitely lost: 0 bytes in 0 blocks ==794839== indirectly lost: 0 bytes in 0 blocks ==794839== possibly lost: 0 bytes in 0 blocks ==794839== still reachable: 116,898 bytes in 78 blocks ==794839== suppressed: 0 bytes in 0 blocks ==794839== Rerun with --leak-check=full to see details of leaked memory ==794839== ==794839== For lists of detected and suppressed errors, rerun with: -s ==794839== ERROR SUMMARY: 13 errors from 2 contexts (suppressed: 0 from 0) -- Niko Tyni nt...@debian.org
