From dd252f70bc04bad30a469df2266ec32eb81abbd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Wed, 8 Mar 2017 12:17:41 +0100 Subject: Fix a memory leak leak in Perl_reg_named_buff_fetch()
--- ...-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch | 81 ++++++++++++++++++++++ perl.spec | 7 ++ 2 files changed, 88 insertions(+) create mode 100644 perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch diff --git a/perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch b/perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch new file mode 100644 index 0000000..b156417 --- /dev/null +++ b/perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch @@ -0,0 +1,81 @@ +From 9c27a78d1d66d355c5d7d1502d057667bb66deb3 Mon Sep 17 00:00:00 2001 +From: Tony Cook <t...@develop-help.com> +Date: Tue, 21 Feb 2017 16:38:36 +1100 +Subject: [PATCH] (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.22.3: + +commit 853eb961c1a3b014b5a9510740abc15ccd4383b6 +Author: Tony Cook <t...@develop-help.com> +Date: Tue Feb 21 16:38:36 2017 +1100 + + (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch + + Originally noted as a scoping issue by Andy Lester. + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + regcomp.c | 5 +---- + t/op/svleak.t | 12 +++++++++++- + 2 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/regcomp.c b/regcomp.c +index bf4011e..777b5cc 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -7478,21 +7478,18 @@ SV* + Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv, + const U32 flags) + { +- AV *retarray = NULL; + SV *ret; + struct regexp *const rx = ReANY(r); + + PERL_ARGS_ASSERT_REG_NAMED_BUFF_FETCH; + +- if (flags & RXapif_ALL) +- retarray=newAV(); +- + if (rx && RXp_PAREN_NAMES(rx)) { + HE *he_str = hv_fetch_ent( RXp_PAREN_NAMES(rx), namesv, 0, 0 ); + if (he_str) { + IV i; + SV* sv_dat=HeVAL(he_str); + I32 *nums=(I32*)SvPVX(sv_dat); ++ AV * const retarray = (flags & RXapif_ALL) ? newAV() : NULL; + for ( i=0; i<SvIVX(sv_dat); i++ ) { + if ((I32)(rx->nparens) >= nums[i] + && rx->offs[nums[i]].start != -1 +diff --git a/t/op/svleak.t b/t/op/svleak.t +index 076f2bf..2842aa7 100644 +--- a/t/op/svleak.t ++++ b/t/op/svleak.t +@@ -15,7 +15,7 @@ BEGIN { + + use Config; + +-plan tests => 129; ++plan tests => 130; + + # run some code N times. If the number of SVs at the end of loop N is + # greater than (N-1)*delta at the end of loop 1, we've got a leak +@@ -493,3 +493,13 @@ $x = $mdr::a[0]{foo}{$mdr::k}{$mdr::i}; + $x = $mdr::h[0]{foo}{$mdr::k}{$mdr::i}; + $x = $mdr::r->[0]{foo}{$mdr::k}{$mdr::i}; + EOF ++ ++{ ++ # Perl_reg_named_buff_fetch() leaks an AV when called with an RE ++ # with no named captures ++ sub named { ++ "x" =~ /x/; ++ re::regname("foo", 1); ++ } ++ ::leak(2, 0, \&named, "Perl_reg_named_buff_fetch() on no-name RE"); ++} +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index 1a17a98..248eda7 100644 --- a/perl.spec +++ b/perl.spec @@ -211,6 +211,10 @@ Patch70: perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf # in upstream after 5.25.9 Patch71: perl-5.22.3-perl-129340-copy-the-source-when-inside-the-dest-in-.patch +# Fix a memory leak leak in Perl_reg_named_buff_fetch(), RT#130822, +# in upstream after 5.25.10 +Patch72: perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2524,6 +2528,7 @@ Perl extension for Version Objects %patch69 -p1 %patch70 -p1 %patch71 -p1 +%patch72 -p1 %patch200 -p1 %patch201 -p1 @@ -2580,6 +2585,7 @@ perl -x patchlevel.h \ 'Fedora Patch68: Fix a buffer overflow when studying some regexps repeatedly (RT#129281, RT#129061)' \ 'Fedora Patch70: Fix a null-pointer dereference on malformed code (RT#130815)' \ 'Fedora Patch71: Fix an use-after-free in substr() that modifies a magic variable (RT#129340)' \ + 'Fedora Patch72: Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4835,6 +4841,7 @@ popd * Wed Mar 08 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-370 - Fix a null-pointer dereference on malformed code (RT#130815) - Fix an use-after-free in substr() that modifies a magic variable (RT#129340) +- Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822) * Fri Feb 17 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-369 - Fix a crash when compiling a regexp with impossible quantifiers (RT#130561) -- cgit v1.1 https://src.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=dd252f70bc04bad30a469df2266ec32eb81abbd6 _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org