id summary reporter owner description type status priority milestone component version severity resolution keywords cc lang patch platform 59 OrderedHash exposes hash corruption cotto "Storing items in a hash with certain keys can cause garbage to be added near the end of hash->bs. This doesn't cause any issues for normal Hashes because the garbage is overwritten as the Hash is populated, but it breaks OrderedHash's clone() VTABLE function. The bug can be exposed and reproduced by applying the attached patch (which adds a sanity_check METHOD to Hashes), and running the following PIR. {{{ .sub main $P2 = new 'Hash' $P2.'sanity_check'() say ""adding c to hash..."" $P2[""c""] = 0 $P2.'sanity_check'() .end }}} This outputs: {{{ hash->bs+0: key and value are null hash->bs+15: key and value are null adding c to hash... hash->bs+0: 'c' => '0' hash->bs+1: key and value are null hash->bs+13: 't' => (null) hash->bs+14: key and value are null hash->bs+15: key and value are null }}} Note that using 'b' as a key causes no corruption and 'a' causes a segfault that screws up the stack. As far as I've been able to trace it, a symptom of the problem is that at the end of parrot_hash_put, &(hash->bs[13])->key == &hash->bi[4]. I don't know what that implies (or if it's even the expected behavior), but it may be useful as a starting point for someone else to look at." bug closed normal core trunk medium fixed hash all