fix: replace broken pointer arithmetic in DEFGV macro#112
Draft
Koan-Bot wants to merge 1 commit into
Draft
Conversation
The RETURN_CALL_REAL_OP_IF_CALL_WITH_DEFGV macro contained `arg = arg + AvMAX(arg)` — SV* pointer arithmetic that does not correctly access array elements. This was introduced in fc9195e (2018) as a workaround for an AV appearing on the Perl argument stack. The pointer arithmetic is undefined behavior: it advances by AvMAX * sizeof(SV) bytes, landing in unrelated memory. The subsequent SvTYPE(arg) read would access garbage. Replace with an immediate CALL_REAL_OP() fallback when the stack top is an AV. Since we cannot meaningfully extract a GV from an AV to compare against PL_defgv, delegating to the real Perl OP is the only safe action. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Replace undefined-behavior pointer arithmetic in the
RETURN_CALL_REAL_OP_IF_CALL_WITH_DEFGVXS macro with a safe immediate fallback.Why
The macro contained
arg = arg + AvMAX(arg)— SV-struct-level pointer arithmetic that doesn't correctly access array elements. Introduced in fc9195e (Dec 2018) as a workaround for an AV appearing on the Perl argument stack, the expression advances the pointer byAvMAX * sizeof(SV)bytes into unrelated memory. Any subsequentSvTYPE(arg)read is UB.The AvMAX >= 0 guard (added in 3005451) prevents the negative-offset case but doesn't fix the fundamental problem: pointer arithmetic on
SV*cannot yield an array element.How
When
*PL_stack_spis an AV, fall back immediately toCALL_REAL_OP(). Since we cannot meaningfully extract a GV from an AV to compare againstPL_defgv, delegating to the real Perl OP is the only safe action. This is consistent with the existingSVt_NULLfallback path.Testing
Full test suite passes (62 test files). The AV-on-stack edge case is an internal Perl optree artifact that cannot be reliably triggered from pure Perl — existing stacked-op tests (
t/stack-corruption.t,t/mock-all-from-stat_basic.t) cover the DEFGV detection path.🤖 Generated with Claude Code
Quality Report
Changes: 1 file changed, 4 insertions(+), 1 deletion(-)
Code scan: clean
Tests: passed (0 Tests)
Branch hygiene: clean
Generated by Kōan post-mission quality pipeline