#236 pdl() constructor crashes perl for mixed ref/piddle args

critical
closed-fixed
core (120)
9
2011-03-27
2010-06-05
Chris Marshall
No

$c[0][0]=pdl(0,4,2,1);
$c[1][0]=pdl(0,0,1,1);
$c[2][0]=pdl(0,0,0,1);
$c[0][1]=pdl(0,0,3,1);
$c[1][1]=pdl(0,0,2,1);
$c[2][1]=pdl(5,1,1,1);
$d = pdl(@c);

Causes a crash in PDL-2.4.6_008. A preliminary look shows
that the crash happens in the pdl_avref routine. This problem
was reported by Jim Magnuson on the perldl mailing list.

Thanks, Jim!

Discussion

<< < 1 2 (Page 2 of 2)
  • Chris Marshall
    Chris Marshall
    2010-12-08

    perl -d session of F Boers' bug

     
    Attachments
  • Derek Lamb
    Derek Lamb
    2010-12-09

    FWIW, I cannot reproduce Frank's problem on the same machine that generated the earlier errors. However, I do have some additional (potentially helpful) output. I #defined DEBUG_SETAV_TYPE and DEBUG_KLUDGE_COPY in Basic/Core/pdlcore.c.PL, and rebuilt. The output of a small variation on my previous test (where now the array to piddleify is (1,2,3,4) is:

    @world_coords is 0 0 0 0
    It has 4 elements
    piddle-ifying @wc
    av_ndcheck: depth=0, length is 0; derived dim list is [ ]
    pdl_setav_Double: level=0, i=0, pdata=161714584, pdims=(4), ndims=1 Calling pdl_kludge_copy - pdata is 161714584, pdims is (4), ndims is 1, level is 0, stride is 1, pdl->data is 161289808
    entering pdl_kludge_copy: level=1, ndims=1, plevel=0; pdl->ndims=0
    pdldim_expr=-1, pdldim=0, pdlsiz=1, pdims[0]=4
    filled in row: 1 0 0 0
    pdl_setav_Double: level=0, i=1, pdata=161714592, pdims=(4), ndims=1 Calling pdl_kludge_copy - pdata is 161714592, pdims is (4), ndims is 1, level is 0, stride is 1, pdl->data is 161680640
    entering pdl_kludge_copy: level=1, ndims=1, plevel=0; pdl->ndims=0
    pdldim_expr=-1, pdldim=0, pdlsiz=1, pdims[0]=4
    filled in row: 2 0 0 0
    pdl_setav_Double: level=0, i=2, pdata=161714600, pdims=(4), ndims=1 Calling pdl_kludge_copy - pdata is 161714600, pdims is (4), ndims is 1, level is 0, stride is 1, pdl->data is 161656528
    entering pdl_kludge_copy: level=1, ndims=1, plevel=0; pdl->ndims=0
    pdldim_expr=-1, pdldim=0, pdlsiz=1, pdims[0]=4
    filled in row: 3 0 0 0
    pdl_setav_Double: level=0, i=3, pdata=161714608, pdims=(4), ndims=1 Calling pdl_kludge_copy - pdata is 161714608, pdims is (4), ndims is 1, level is 0, stride is 1, pdl->data is 161646424
    entering pdl_kludge_copy: level=1, ndims=1, plevel=0; pdl->ndims=0
    pdldim_expr=-1, pdldim=0, pdlsiz=1, pdims[0]=4
    filled in row: 4 0 0 0
    loop is complete. len is 3, cursz-1 is 3, stride is 1
    *** glibc detected *** perl: free(): invalid next size (fast): 0x09a39198 ***
    (and then the backtrace and memory map dump happen the same as before)

    Perhaps more helpful is this simple one-liner:
    $ perl -Mblib -MPDL -we 'pdl(3,5,2,4,1,[]);'
    av_ndcheck: depth=0, length is 1; derived dim list is [ -1 ]
    av_ndcheck: depth=1, length is 1; derived dim list is [ 6 ]
    pdl_setav_Double: level=0, i=0, pdata=0, pdims=(0,6), ndims=2 defined scalar element 3
    Segmentation fault

    If I put a value in that ref at the end, it seems to be OK:
    $ perl -Mblib -MPDL -we 'pdl(3,5,2,4,1,[9]);'
    av_ndcheck: depth=0, length is 1; derived dim list is [ -1 ]
    av_ndcheck: depth=1, length is 1; derived dim list is [ 6 ]
    pdl_setav_Double: level=0, i=0, pdata=169060320, pdims=(1,6), ndims=2 defined scalar element 3
    Padding: level=0; ndims-1=1. pdata is 169060320, stride is 1, target is 2
    pdl_setav_Double: level=0, i=1, pdata=169060328, pdims=(1,6), ndims=2 defined scalar element 5
    Padding: level=0; ndims-1=1. pdata is 169060328, stride is 1, target is 2
    pdl_setav_Double: level=0, i=2, pdata=169060336, pdims=(1,6), ndims=2 defined scalar element 2
    Padding: level=0; ndims-1=1. pdata is 169060336, stride is 1, target is 2
    pdl_setav_Double: level=0, i=3, pdata=169060344, pdims=(1,6), ndims=2 defined scalar element 4
    Padding: level=0; ndims-1=1. pdata is 169060344, stride is 1, target is 2
    pdl_setav_Double: level=0, i=4, pdata=169060352, pdims=(1,6), ndims=2 defined scalar element 1
    Padding: level=0; ndims-1=1. pdata is 169060352, stride is 1, target is 2
    pdl_setav_Double: level=0, i=5, pdata=169060360, pdims=(1,6), ndims=2 found an array ref -- recursing
    pdl_setav_Double: level=1, i=0, pdata=169060360, pdims=(1,6), ndims=2 defined scalar element 9
    loop is complete. len is 0, cursz-1 is 0, stride is 1
    loop is complete. len is 5, cursz-1 is 5, stride is 1

     
  • Chris Marshall
    Chris Marshall
    2010-12-09

    Derek- The simple one-liner you reported gives a Segmentation fault
    (core dumped) on cygwin/XP as well. I hope that is small enough
    to help Craig out with the debugging...

     
  • Chris Marshall
    Chris Marshall
    2011-03-13

    I verified that the included examples no longer fail
    and that the cygwin issues are fixed as well. I'm
    marking this ticket Fixed with status Pending. The
    ticket will close in 2 weeks unless further action is
    taken.

    If you had problems related to this ticket, please
    check against the upcoming CHM/PDL-2.4.7_012.tar.gz
    developers release to be announced on perldl
    shortly.

    Thanks.

     
  • Chris Marshall
    Chris Marshall
    2011-03-13

    • status: open --> pending-fixed
     
  • This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
    • status: pending-fixed --> closed-fixed
     
<< < 1 2 (Page 2 of 2)