From 82a2a484bcc939476fd9014b521e6c7a09491768 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Mon, 28 Nov 2016 13:42:21 +0100
Subject: Fix crash in Storable when deserializing malformed code reference
---
perl-5.25.7-Fix-Storable-segfaults.patch | 61 ++++++++++++++++++++++++++++++++
perl.spec | 12 ++++++-
2 files changed, 72 insertions(+), 1 deletion(-)
create mode 100644 perl-5.25.7-Fix-Storable-segfaults.patch
diff --git a/perl-5.25.7-Fix-Storable-segfaults.patch
b/perl-5.25.7-Fix-Storable-segfaults.patch
new file mode 100644
index 0000000..8934a13
--- /dev/null
+++ b/perl-5.25.7-Fix-Storable-segfaults.patch
@@ -0,0 +1,61 @@
+From fecd3be8dbdb747b9cbf4cbb9299ce40faabc8e6 Mon Sep 17 00:00:00 2001
+From: John Lightsey <light...@debian.org>
+Date: Mon, 14 Nov 2016 11:56:15 +0100
+Subject: [PATCH] Fix Storable segfaults.
+
+Fix a null pointed dereference segfault in storable when the
+retrieve_code logic was unable to read the string that contained
+the code.
+
+Also fix several locations where retrieve_other was called with a
+null context pointer. This also resulted in a null pointer
+dereference.
+---
+ dist/Storable/Storable.xs | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
+index 053951c..caa489c 100644
+--- a/dist/Storable/Storable.xs
++++ b/dist/Storable/Storable.xs
+@@ -5647,6 +5647,10 @@ static SV *retrieve_code(pTHX_ stcxt_t *cxt, const char
*cname)
+ CROAK(("Unexpected type %d in retrieve_code\n", type));
+ }
+
++ if (!text) {
++ CROAK(("Unable to retrieve code\n"));
++ }
++
+ /*
+ * prepend "sub " to the source
+ */
+@@ -5767,7 +5771,7 @@ static SV *old_retrieve_array(pTHX_ stcxt_t *cxt, const
char *cname)
+ continue; /* av_extend() already
filled us with undef */
+ }
+ if (c != SX_ITEM)
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will
croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak
out */
+ TRACEME(("(#%d) item", i));
+ sv = retrieve(aTHX_ cxt, 0);
/* Retrieve item */
+ if (!sv)
+@@ -5844,7 +5848,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const
char *cname)
+ if (!sv)
+ return (SV *) 0;
+ } else
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will
croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak
out */
+
+ /*
+ * Get key.
+@@ -5855,7 +5859,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const
char *cname)
+
+ GETMARK(c);
+ if (c != SX_KEY)
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will
croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak
out */
+ RLEN(size); /* Get
key size */
+ KBUFCHK((STRLEN)size); /* Grow
hash key read pool if needed */
+ if (size)
+--
+2.10.2
+
diff --git a/perl.spec b/perl.spec
index 973e9dd..d4c9ed3 100644
--- a/perl.spec
+++ b/perl.spec
@@ -29,7 +29,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be
broken otherwise
-Release: 364%{?dist}
+Release: 365%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -146,6 +146,10 @@ Patch46:
perl-5.25.6-perl-130001-h2xs-avoid-infinite-loop-for-enums.patch
# in upstream after 5.25.6
Patch47:
perl-5.22.2-perl-129130-make-chdir-allocate-the-stack-it-needs.patch
+# Fix crash in Storable when deserializing malformed code reference, RT#68348,
+# RT130098
+Patch48: perl-5.25.7-Fix-Storable-segfaults.patch
+
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200:
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -2437,6 +2441,7 @@ Perl extension for Version Objects
%patch45 -p1
%patch46 -p1
%patch47 -p1
+%patch48 -p1
%patch200 -p1
%patch201 -p1
@@ -2476,6 +2481,7 @@ perl -x patchlevel.h \
'Fedora Patch45: Fix firstchar bitmap under UTF-8 with prefix optimization
(RT#129950)' \
'Fedora Patch46: Avoid infinite loop in h2xs tool if enum and type have
the same name (RT130001)' \
'Fedora Patch47: Fix stack handling when calling chdir without an argument
(RT#129130)' \
+ 'Fedora Patch48: Fix crash in Storable when deserializing malformed code
reference (RT#68348, RT#130098)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on
Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@@ -4728,6 +4734,10 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
+* Mon Dec 19 2016 Petr Pisar <ppi...@redhat.com> - 4:5.22.2-365
+- Fix crash in Storable when deserializing malformed code reference
+ (RT#68348, RT#130098)
+
* Wed Nov 09 2016 Petr Pisar <ppi...@redhat.com> - 4:5.22.2-364
- Tie perl-Errno release to interpreter build because of kernel version check
(bug #1393421)
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=82a2a484bcc939476fd9014b521e6c7a09491768
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
