Bug#891196: perl: memory leak in S_concat_pat()

Niko Tyni Fri, 23 Feb 2018 02:33:53 -0800

Package: perl
Version: 5.26.1-4
Severity: important
Tags: patch fixed-upstream
Forwarded: https://rt.perl.org/Public/Bug/Display.html?id=132892


As reported by 郭樂聰 in the upstream bug, this leaks memory:

% perl -e 'my %h=(qr/a/ => 1); while (1) { /$_/ for keys %h}'

This regressed in 5.25.5 with

 
https://perl5.git.perl.org/perl.git/commit/b10cb25a6c86fd96fff8f2dfa6d8df3e6b51a451

and was fixed recently in blead by

 
https://perl5.git.perl.org/perl.git/commit/910a6a8be166fb3780dcd2520e3526e537383ef2

which I'm attaching as well.
-- 
Niko Tyni   nt...@debian.org

>From 910a6a8be166fb3780dcd2520e3526e537383ef2 Mon Sep 17 00:00:00 2001
From: Yves Orton <demer...@gmail.com>
Date: Fri, 23 Feb 2018 04:13:49 +0100
Subject: [PATCH] perl #132892: avoid leak by mortalizing temporary copy of
 pattern

---
 regcomp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/regcomp.c b/regcomp.c
index 34ac9169f2..446f0bf839 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -6515,8 +6515,8 @@ S_concat_pat(pTHX_ RExC_state_t * const pRExC_state,
                     pat = msv;
                 } else {
                     /* a string with no trailing null, we need to copy it
-                     * so it we have a trailing null */
-                    pat = newSVsv(msv);
+                     * so it has a trailing null */
+                    pat = sv_2mortal(newSVsv(msv));
                 }
             }
 
-- 
2.16.1

Bug#891196: perl: memory leak in S_concat_pat()

Reply via email to