Package: libencode-perl Version: Encode <=3.12 leaks on decode, 3.13 released Severity: normal Tags: upstream patch
Dear Maintainer, Encode 3.13 was just released with a memory leak fix for: https://rt.cpan.org/Ticket/Display.html?id=139622 Since Encode is also bunded with various libperl5.xx packages, I'm not sure how to go about getting those fixed.
>From 23978817a2c1ed13861167154e8eb3d829104b6b Mon Sep 17 00:00:00 2001 From: Dan Kogai <dankogai+git...@gmail.com> Date: Wed, 6 Oct 2021 08:37:27 +0900 Subject: [PATCH] resolve RT#139622 --- Changes | 5 +++++ Encode.xs | 1 + 2 files changed, 6 insertions(+) diff --git a/Changes b/Changes index 39e0bc1..1613abc 100644 --- a/Changes +++ b/Changes @@ -3,6 +3,11 @@ # $Id: Changes,v 3.12 2021/08/09 14:17:04 dankogai Exp dankogai $ # $Revision: 3.12 $ $Date: 2021/08/09 14:17:04 $ +! Encode.xs + Apply the patch of RT#139622 to fix a memory leak on FB_CROAK + https://rt.cpan.org/Ticket/Display.html?id=139622 + +3.12 2021/08/09 14:17:04 ! Encode.pm Address CVE-2021-36770 <9639159a-d070-4762-9cbd-f1622f104...@beta.fastmail.com> diff --git a/Encode.xs b/Encode.xs index 4baf296..8cc8d15 100644 --- a/Encode.xs +++ b/Encode.xs @@ -275,6 +275,7 @@ encode_method(pTHX_ const encode_t * enc, const encpage_t * dir, SV * src, U8 * /* decoding */ else { if (check & ENCODE_DIE_ON_ERR){ + SvREFCNT_dec(dst); Perl_croak(aTHX_ ERR_DECODE_NOMAP, enc->name[0], (UV)s[slen]); return &PL_sv_undef; /* never reaches but be safe */