t/1-basic.t segfaults randomly if PCRE2 is compiled with --enable-jit-sealloc
ppisar opened this issue · comments
I have PCRE2 10.30-RC1 built with --enable-jit-sealloc option. This option enabled an alternative JIT memory allocator based on mmaped temporary files. Running t/1-basic.t against such PCRE2 usually results to a segfault:
#0 0xb7f336fb in sljit_free_exec (ptr=0xb775fca0)
at src/sljit/sljitProtExecAllocator.c:367
#1 0xb7f33b0d in sljit_free_code (code=0xb775fca0) at src/sljit/sljitLir.c:486
#2 0xb7f5973c in _pcre2_jit_free_8 (executable_jit=0x80030540, memctl=0x80293b90)
at src/pcre2_jit_misc.c:92
#3 0xb7f199f8 in pcre2_code_free_8 (code=0x80293b90) at src/pcre2_compile.c:1183
#4 0xb7771609 in PCRE2_free (my_perl=0x80004160, rx=0x80024e64) at PCRE2.xs:520
#5 0xb7d84e95 in Perl_pregfree2 () from /lib/libperl.so.5.26
#6 0xb7de4640 in Perl_sv_clear () from /lib/libperl.so.5.26
#7 0xb7de4d40 in Perl_sv_free2 () from /lib/libperl.so.5.26
#8 0xb7d149e4 in Perl_op_clear () from /lib/libperl.so.5.26
#9 0xb7d14b20 in Perl_op_free () from /lib/libperl.so.5.26
#10 0xb7d3adb8 in perl_destruct () from /lib/libperl.so.5.26
#11 0x800009ce in main ()
This is bacuse sljit_free_exec() does this assignment:
if (SLJIT_UNLIKELY(!free_block->header.size)) {
free_block->size += header->size;
header = AS_BLOCK_HEADER(free_block, free_block->size);
→ header->prev_size = free_block->size;
}
and the memory pointed by header is read-only at the moment.
A minimal reproducer is:
use Test::More tests => 1;
use re::engine::PCRE2;
"Hello, world" !~ /(?<=Moose|Mo), (world)/;
"Hello, world" =~ /(?<=Hello|Hi), (world)/;
fork;
ok(1);
Removing any line (fork(), use Test::More; etc.) mitigates the crash. It's probably some kind of a race condition when the two processes deallocates the memory regions backed by the same file. But I don't understand how that could be possible.
I will forward it to PCRE2 authors as this is probably a PCRE2 bug. If you could reduce the reproducer to a pure PCRE2 C code, it would be great.
Thanks, I'll try.
Cannot repro on my darwin laptop, need to wait until getting back from my holidays in greece.
But found a somewhat related bug on sealloc bug on darwin https://bugs.exim.org/show_bug.cgi?id=2155
Will be in 0.15