Ticket #59 (closed bug: fixed)
OrderedHash exposes hash corruption
Reported by: | cotto | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | core | Version: | trunk |
Severity: | medium | Keywords: | hash |
Cc: | Language: | ||
Patch status: | Platform: | all |
Description
Storing items in a hash with certain keys can cause garbage to be added near the end of hash->bs. This doesn't cause any issues for normal Hashes because the garbage is overwritten as the Hash is populated, but it breaks OrderedHash's clone() VTABLE function.
The bug can be exposed and reproduced by applying the attached patch (which adds a sanity_check METHOD to Hashes), and running the following PIR.
.sub main $P2 = new 'Hash' $P2.'sanity_check'() say "adding c to hash..." $P2["c"] = 0 $P2.'sanity_check'() .end
This outputs:
hash->bs+0: key and value are null <snip> hash->bs+15: key and value are null adding c to hash... hash->bs+0: 'c' => '0' hash->bs+1: key and value are null <snip> hash->bs+13: 't' => (null) hash->bs+14: key and value are null hash->bs+15: key and value are null
Note that using 'b' as a key causes no corruption and 'a' causes a segfault that screws up the stack.
As far as I've been able to trace it, a symptom of the problem is that at the end of parrot_hash_put, &(hash->bs[13])->key == &hash->bi[4]. I don't know what that implies (or if it's even the expected behavior), but it may be useful as a starting point for someone else to look at.