From 2f5d87ed75d0c528c0c6eee4467415e04aa8ca01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Wed, 8 Mar 2017 10:55:17 +0100
Subject: Fix a null-pointer dereference on malformed code
---
...-fix-ck_return-null-pointer-deref-on-malf.patch | 72 ++++++++++++++++++++++
perl.spec | 11 +++-
2 files changed, 82 insertions(+), 1 deletion(-)
create mode 100644
perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
diff --git
a/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
b/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
new file mode 100644
index 0000000..37d7af4
--- /dev/null
+++ b/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
@@ -0,0 +1,72 @@
+From be05b2f7a801ae1721641fd240e0d7d6fc018136 Mon Sep 17 00:00:00 2001
+From: Aaron Crane <a...@cpan.org>
+Date: Sun, 19 Feb 2017 12:26:54 +0000
+Subject: [PATCH] fix ck_return null-pointer deref on malformed code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.24.1:
+
+commit e5c165a0b7551ffb94661aa7f18aabadba257782
+Author: Aaron Crane <a...@cpan.org>
+Date: Sun Feb 19 12:26:54 2017 +0000
+
+ [perl #130815] fix ck_return null-pointer deref on malformed code
+
+commit 9de2a80ffc0eefb4d60e13766baf4bad129e0a92
+Author: David Mitchell <da...@iabyn.com>
+Date: Sun Feb 19 12:36:58 2017 +0000
+
+ bump test count in t/comp/parser.t
+
+ (the previous commit forgot to)
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ op.c | 2 +-
+ t/comp/parser.t | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/op.c b/op.c
+index 018d90c..9a61ea7 100644
+--- a/op.c
++++ b/op.c
+@@ -10695,7 +10695,7 @@ Perl_ck_return(pTHX_ OP *o)
+ PERL_ARGS_ASSERT_CK_RETURN;
+
+ kid = OpSIBLING(cLISTOPo->op_first);
+- if (CvLVALUE(PL_compcv)) {
++ if (PL_compcv && CvLVALUE(PL_compcv)) {
+ for (; kid; kid = OpSIBLING(kid))
+ op_lvalue(kid, OP_LEAVESUBLV);
+ }
+diff --git a/t/comp/parser.t b/t/comp/parser.t
+index 50f601c..5016509 100644
+--- a/t/comp/parser.t
++++ b/t/comp/parser.t
+@@ -8,7 +8,7 @@ BEGIN {
+ chdir 't' if -d 't';
+ }
+
+-print "1..173\n";
++print "1..174\n";
+
+ sub failed {
+ my ($got, $expected, $name) = @_;
+@@ -546,6 +546,12 @@ eval "grep+grep";
+ eval 'qq{@{0]}${}},{})';
+ is(1, 1, "RT #124207");
+
++# RT #130815: crash in ck_return for malformed code
++{
++ eval 'm(@{if(0){sub d{]]])}return';
++ like $@, qr/^syntax error at \(eval \d+\) line 1, near "\{\]"/,
++ 'RT #130815: null pointer deref';
++}
+
+ # Add new tests HERE (above this line)
+
+--
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index 0dbc227..81e6c00 100644
--- a/perl.spec
+++ b/perl.spec
@@ -28,7 +28,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be
broken otherwise
-Release: 389%{?dist}
+Release: 390%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -301,6 +301,10 @@ Patch85:
perl-5.24.1-fix-pad-scope-issue-in-re_evals.patch
# in upstream after 5.25.9
Patch86:
perl-5.25.9-avoid-a-leak-in-list-assign-from-to-magic-values.patch
+# Fix a null-pointer dereference on malformed code, RT#130815,
+# in upstream after 5.25.9
+Patch87:
perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
+
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200:
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -3013,6 +3017,7 @@ popd
%patch84 -p1
%patch85 -p1
%patch86 -p1
+%patch87 -p1
%patch200 -p1
%patch201 -p1
@@ -3084,6 +3089,7 @@ perl -x patchlevel.h \
'Fedora Patch83: Fix a buffer overflow when studying some regexps
repeatedly (RT#129281, RT#129061)' \
'Fedora Patch85: Fix a heap buffer overflow when evaluating regexps with
embedded code blocks from more than one source, RT#129881' \
'Fedora Patch86: Fix a memory leak in list assignment from or to magic
values, (RT#130766)' \
+ 'Fedora Patch87: Fix a null-pointer dereference on malformed code
(RT#130815)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on
Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@@ -5360,6 +5366,9 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
+* Wed Mar 08 2017 Petr Pisar <ppi...@redhat.com> - 4:5.24.1-390
+- Fix a null-pointer dereference on malformed code (RT#130815)
+
* Fri Feb 17 2017 Petr Pisar <ppi...@redhat.com> - 4:5.24.1-389
- Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326)
- Fix a heap buffer overflow when evaluating regexps with embedded code blocks
--
cgit v1.1
https://src.fedoraproject.org/cgit/perl.git/commit/?h=f26&id=2f5d87ed75d0c528c0c6eee4467415e04aa8ca01
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
