From dd252f70bc04bad30a469df2266ec32eb81abbd6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Wed, 8 Mar 2017 12:17:41 +0100
Subject: Fix a memory leak leak in Perl_reg_named_buff_fetch()
---
...-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch | 81 ++++++++++++++++++++++
perl.spec | 7 ++
2 files changed, 88 insertions(+)
create mode 100644
perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
diff --git
a/perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
b/perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
new file mode 100644
index 0000000..b156417
--- /dev/null
+++ b/perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
@@ -0,0 +1,81 @@
+From 9c27a78d1d66d355c5d7d1502d057667bb66deb3 Mon Sep 17 00:00:00 2001
+From: Tony Cook <t...@develop-help.com>
+Date: Tue, 21 Feb 2017 16:38:36 +1100
+Subject: [PATCH] (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.22.3:
+
+commit 853eb961c1a3b014b5a9510740abc15ccd4383b6
+Author: Tony Cook <t...@develop-help.com>
+Date: Tue Feb 21 16:38:36 2017 +1100
+
+ (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch
+
+ Originally noted as a scoping issue by Andy Lester.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ regcomp.c | 5 +----
+ t/op/svleak.t | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/regcomp.c b/regcomp.c
+index bf4011e..777b5cc 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -7478,21 +7478,18 @@ SV*
+ Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv,
+ const U32 flags)
+ {
+- AV *retarray = NULL;
+ SV *ret;
+ struct regexp *const rx = ReANY(r);
+
+ PERL_ARGS_ASSERT_REG_NAMED_BUFF_FETCH;
+
+- if (flags & RXapif_ALL)
+- retarray=newAV();
+-
+ if (rx && RXp_PAREN_NAMES(rx)) {
+ HE *he_str = hv_fetch_ent( RXp_PAREN_NAMES(rx), namesv, 0, 0 );
+ if (he_str) {
+ IV i;
+ SV* sv_dat=HeVAL(he_str);
+ I32 *nums=(I32*)SvPVX(sv_dat);
++ AV * const retarray = (flags & RXapif_ALL) ? newAV() : NULL;
+ for ( i=0; i<SvIVX(sv_dat); i++ ) {
+ if ((I32)(rx->nparens) >= nums[i]
+ && rx->offs[nums[i]].start != -1
+diff --git a/t/op/svleak.t b/t/op/svleak.t
+index 076f2bf..2842aa7 100644
+--- a/t/op/svleak.t
++++ b/t/op/svleak.t
+@@ -15,7 +15,7 @@ BEGIN {
+
+ use Config;
+
+-plan tests => 129;
++plan tests => 130;
+
+ # run some code N times. If the number of SVs at the end of loop N is
+ # greater than (N-1)*delta at the end of loop 1, we've got a leak
+@@ -493,3 +493,13 @@ $x = $mdr::a[0]{foo}{$mdr::k}{$mdr::i};
+ $x = $mdr::h[0]{foo}{$mdr::k}{$mdr::i};
+ $x = $mdr::r->[0]{foo}{$mdr::k}{$mdr::i};
+ EOF
++
++{
++ # Perl_reg_named_buff_fetch() leaks an AV when called with an RE
++ # with no named captures
++ sub named {
++ "x" =~ /x/;
++ re::regname("foo", 1);
++ }
++ ::leak(2, 0, \&named, "Perl_reg_named_buff_fetch() on no-name RE");
++}
+--
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index 1a17a98..248eda7 100644
--- a/perl.spec
+++ b/perl.spec
@@ -211,6 +211,10 @@ Patch70:
perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf
# in upstream after 5.25.9
Patch71:
perl-5.22.3-perl-129340-copy-the-source-when-inside-the-dest-in-.patch
+# Fix a memory leak leak in Perl_reg_named_buff_fetch(), RT#130822,
+# in upstream after 5.25.10
+Patch72:
perl-5.22.3-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
+
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200:
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -2524,6 +2528,7 @@ Perl extension for Version Objects
%patch69 -p1
%patch70 -p1
%patch71 -p1
+%patch72 -p1
%patch200 -p1
%patch201 -p1
@@ -2580,6 +2585,7 @@ perl -x patchlevel.h \
'Fedora Patch68: Fix a buffer overflow when studying some regexps
repeatedly (RT#129281, RT#129061)' \
'Fedora Patch70: Fix a null-pointer dereference on malformed code
(RT#130815)' \
'Fedora Patch71: Fix an use-after-free in substr() that modifies a magic
variable (RT#129340)' \
+ 'Fedora Patch72: Fix a memory leak leak in Perl_reg_named_buff_fetch()
(RT#130822)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on
Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@@ -4835,6 +4841,7 @@ popd
* Wed Mar 08 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-370
- Fix a null-pointer dereference on malformed code (RT#130815)
- Fix an use-after-free in substr() that modifies a magic variable (RT#129340)
+- Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822)
* Fri Feb 17 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-369
- Fix a crash when compiling a regexp with impossible quantifiers (RT#130561)
--
cgit v1.1
https://src.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=dd252f70bc04bad30a469df2266ec32eb81abbd6
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
