This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Don’t let reblessing point SvSTASH to a half-freed stash
authorFather Chrysostomos <sprout@cpan.org>
Mon, 9 Sep 2013 06:05:40 +0000 (23:05 -0700)
committerFather Chrysostomos <sprout@cpan.org>
Mon, 9 Sep 2013 07:52:07 +0000 (00:52 -0700)
commit64e070a9f2155f9a1855e3268a31fa1d166251c8
treee462edfcacc7fafcb061d2fa0e1137f66b39e39a
parent11710a4c8b6477c347be59acd7ffebd37efa62eb
Don’t let reblessing point SvSTASH to a half-freed stash

We should set SvSTASH before calling SvREFCNT_dec on its old value,
otherwise we could free the old stash and trigger a DESTROY that sees
the object blessed into the half-freed stash.

Currently, a second call to bless inside DESTROY can trigger ‘Attempt
to free unreferenced scalar’, because it calls SvREFCNT_dec a second
time on the stash that already has a reference count of 0.
sv.c
t/op/bless.t