Bug#889734: libjson-xs-perl: JSON::XS is broken in multithreaded programs

Łukasz Stelmach l.stelmach at samsung.com
Tue Feb 6 14:34:49 UTC 2018 

Package: libjson-xs-perl
Version: 3.030-1
Severity: important

Dear Maintainer,

The following program exposes a bug in JSON::XS module which makes the
program die.

--8<---------------cut here---------------start------------->8---
#!/usr/bin/perl

use JSON;
use threads;

my $thnum = int($ARGV[0]);

$href{"foo"} = "bar";

for (1..$thnum) {
        threads->create(sub { print "quick thread\n" });
}
foreach (threads->list()) { $_->join(); }

print to_json(\%href);
--8<---------------cut here---------------end--------------->8---

For any number of threads other than 0 (e.g. "perl prog.pl 1") the
program dies printing[1]

    hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at /usr/share/perl5/JSON.pm line 156.

The logic that triggers it is in json_nonref()[2]. The condition that
causes the function to return 1 is[3]

    SvSTASH (scalar) == bool_stash

because bool_stash is 0! bool_stash is assigned a value twice. Once in
BOOT[4] and for the second time in CLONE[5], which appears to be a problem.

Note, that to_json() dies even in the main thread.

[1] https://anonscm.debian.org/git/pkg-perl/packages/libjson-xs-perl.git/tree/XS.xs#n961
[2] https://anonscm.debian.org/git/pkg-perl/packages/libjson-xs-perl.git/tree/XS.xs#n356
[3] https://anonscm.debian.org/git/pkg-perl/packages/libjson-xs-perl.git/tree/XS.xs#n365
[4] https://anonscm.debian.org/git/pkg-perl/packages/libjson-xs-perl.git/tree/XS.xs#n1999
[5] https://anonscm.debian.org/git/pkg-perl/packages/libjson-xs-perl.git/tree/XS.xs#n2014

-- System Information:
Debian Release: 9.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: armel, arm64

Kernel: Linux 4.9.0-0.bpo.5-amd64 (SMP w/8 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libjson-xs-perl depends on:
ii  libc6                       2.24-11+deb9u1
ii  libcommon-sense-perl        3.74-2
ii  libtypes-serialiser-perl    1.0-1
ii  perl                        5.24.1-3+deb9u2
ii  perl-base [perlapi-5.24.1]  5.24.1-3+deb9u2

libjson-xs-perl recommends no packages.

libjson-xs-perl suggests no packages.

-- no debconf information

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20180206/ed7950d7/attachment.sig>

More information about the pkg-perl-maintainers mailing list