perl client crash after timeout while connecting

Mon Jul 2 23:17:57 UTC 2007

Hi Brad,

FYI, the problem is in the "orassign" (||=) implementation, it breaks 
if you take the left hand side expression "away" while evaluating the 
right hand side. In this case, the problem lies in sock_to_host doing 
a @buck2sock = (). The ||= will have some kind of pointer on 
$buck2sock[$bucket] before calling sock_to_host, which will delete 
it. And perl ends up copying some random crap into an SV, and it 
(usually) breaks a bit later. Perl 5.9.4 at least recognizes it's 
doing something bad, but still doesn't do the right thing.

Got lost in the perl source, so can't yet provide a fix :-( I can 
provide a good test case, though:

my @array;

sub fn
{
         @array = ();
}

$array[0]       =       1;

my $var =       $array[1] ||= fn();

Jacques.

At 00:00 03/07/2007, Brad Fitzpatrick wrote:
>Crazy.
>
>Patch applied.  I'll try to contact Perl people who can look into this bug
>in Perl.
>
>- Brad
>
>
>On Thu, 28 Jun 2007, Matthieu PATOU wrote:
>
> > Dear list
> > the current version (1.23 from SVN) of the memcached perl client 
> crash when it once fail to connect an host and the
> > success to connect to another host.
> >
> > On my workstation (Linux ubuntu 6.10), when the problem occurs i get :
> >
> > mat at hades:~/work/memcached-ref/api/perl$ perl mctest.pl
> > using parser: Cache::Memcached::GetParser
> > *** glibc detected *** perl: munmap_chunk(): invalid pointer: 
> 0x081fd690 ***
> > ======= Backtrace: =========
> > /lib/tls/i686/cmov/libc.so.6(__libc_free+0x18a)[0xb7e02b4a]
> > perl(Perl_sv_setsv_flags+0x5cb)[0x80d370f]
> > perl(Perl_pp_sassign+0x56)[0x80c37e4]
> > perl(Perl_runops_standard+0x13)[0x80bb273]
> > perl(perl_run+0x2e1)[0x80639b4]
> > perl(main+0x112)[0x8060012]
> > /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7db18cc]
> > perl[0x805fe81]
> > ======= Memory map: ========
> >
> >
> > The GetParserXS module is NOT installed
> > After some sessions of debugging it appears that it is Perl which 
> fools itself when executing :
> >    $sock = $buck2sock[$bucket] ||= 
> $self->sock_to_host($self->{buckets}[ $bucket ]
> >
> > When sock_to_host had returned undef (because it had been unable 
> to connect to the desired server), the next execution
> > of this line will crash when trying to set the return value of 
> sock_to_host into $buck2sock[$bucket]
> >
> > The test case is in the mctest.pl (I simulate the timeout on 
> connect by NOT having a memcache server listening on 11212).
> >
> > I fix the bug by simplifying the code and splitting into smaller 
> pieces (see the patch attached to this mail).
> >
> > Cheers
> > Matthieu
> >
> >
> >