Bug#702519: marked as done (unblock/pre-approval: perl and libencode-perl (memory leak in Encode::decode))

Mon, 11 Mar 2013 06:15:28 -0700 

Your message dated Mon, 11 Mar 2013 13:13:07 +0000
with message-id <[email protected]>
and subject line Re: Bug#702519: unblock/pre-approval: perl and libencode-perl 
(memory leak in Encode::decode)
has caused the Debian Bug report #702519,
regarding unblock/pre-approval: perl and libencode-perl (memory leak in 
Encode::decode)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
702519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702519
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
X-Debbugs-Cc: [email protected], [email protected]

I'd like to fix #702416 / #702444 (memory leak in Encode::decode) in
perl + libencode-perl in wheezy. It's not a regression from squeeze,
but I intend to pursue a squeeze fix in a point release later.

The wheezy side would need a tpu upload of libencode-perl and a sid
upload of perl (obviously after 5.14.2-19 has migrated.)

I'm attaching the preliminary debdiffs. The perl package needs to Break
the unfixed versions of libencode-perl, because the separate packaged
version takes precedence in @INC when installed.

So perl/5.14.2-20 can't migrate before libencode-perl 2.44-1+deb7u1
but the latter could be uploaded straight away.

Would you be OK with this?

Thanks for your work,
-- 
Niko Tyni   [email protected]

diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog        2013-03-05 21:38:31.000000000 +0200
+++ perl-5.14.2/debian/changelog        2013-03-07 19:08:49.000000000 +0200
@@ -1,3 +1,12 @@
+perl (5.14.2-20) unstable; urgency=low
+
+  * Fix an Encode memory leak that occurred in the UTF-8 encoding.
+    (Closes: #702416)
+    + upgrade the Broken versions of the separate libencode-perl
+      package accordingly.
+
+ -- Niko Tyni <[email protected]>  Thu, 07 Mar 2013 19:08:47 +0200
+
 perl (5.14.2-19) unstable; urgency=high
 
   * [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control
--- perl-5.14.2/debian/control  2013-03-05 21:38:02.000000000 +0200
+++ perl-5.14.2/debian/control  2013-03-07 19:02:52.000000000 +0200
@@ -294,7 +294,7 @@
  libthreads-perl (<< 1.83),
  libthreads-shared-perl (<< 1.37),
  libtime-piece-perl (<< 1.20.01),
- libencode-perl (<< 2.42.01),
+ libencode-perl (<< 2.44-1+deb7u1),
  libdevel-dprof-perl (<< 20110228.00),
  mrtg (<< 2.16.3-3.1),
  libhtml-template-compiled-perl (<< 0.95-1),
diff -Nru perl-5.14.2/debian/patches/fixes/encode-memleak.diff 
perl-5.14.2/debian/patches/fixes/encode-memleak.diff
--- perl-5.14.2/debian/patches/fixes/encode-memleak.diff        1970-01-01 
02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/encode-memleak.diff        2013-03-07 
19:01:39.000000000 +0200
@@ -0,0 +1,64 @@
+From 89405c8ebc5bf8ae4ed6479de2bc0f311c1f6fe1 Mon Sep 17 00:00:00 2001
+From: chansen <[email protected]>
+Date: Sun, 3 Mar 2013 22:43:53 +0100
+Subject: Encode: Fixed a memory leak that occurred in the UTF-8 encoding.
+
+The decode and encode methods allocated a SV for the result, this SV
+is passed to the process_utf8() function which may croak() if the
+CHECK flag has FB_CROAK set.
+
+Origin: upstream, 
http://perl5.git.perl.org/perl.git/commit/5814803a8fa15d6b5fd483efdaf849a7166f9ac4
+Bug: https://github.com/dankogai/p5-encode/issues/8
+Bug-Debian: http://bugs.debian.org/702416
+Patch-Name: fixes/encode-memleak.diff
+---
+ cpan/Encode/Encode.xs |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/cpan/Encode/Encode.xs b/cpan/Encode/Encode.xs
+index 723170c..4fa4ac3 100644
+--- a/cpan/Encode/Encode.xs
++++ b/cpan/Encode/Encode.xs
+@@ -440,7 +440,6 @@ CODE:
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
+     check = SvROK(check_sv) ? ENCODE_PERLQQ|ENCODE_LEAVE_SRC : SvIV(check_sv);
+     /* 
+      * PerlIO check -- we assume the object is of PerlIO if renewed
+@@ -471,6 +470,7 @@ CODE:
+     }
+     }
+ 
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     s = process_utf8(aTHX_ dst, s, e, check_sv, 0, strict_utf8(aTHX_ obj), 
renewed);
+ 
+     /* Clear out translated part of source unless asked not to */
+@@ -482,7 +482,7 @@ CODE:
+     SvCUR_set(src, slen);
+     }
+     SvUTF8_on(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
+@@ -504,7 +504,7 @@ CODE:
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     if (SvUTF8(src)) {
+     /* Already encoded */
+     if (strict_utf8(aTHX_ obj)) {
+@@ -543,7 +543,7 @@ CODE:
+     }
+     SvPOK_only(dst);
+     SvUTF8_off(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series   2013-03-05 21:38:04.000000000 +0200
+++ perl-5.14.2/debian/patches/series   2013-03-07 19:01:39.000000000 +0200
@@ -77,3 +77,4 @@
 fixes/64bitint-signedness-wraparound.diff
 fixes/stdin-sigchld.diff
 fixes/hsplit-rehash.diff
+fixes/encode-memleak.diff
diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t
--- perl-5.14.2/debian/t/control.t      2013-03-05 21:38:02.000000000 +0200
+++ perl-5.14.2/debian/t/control.t      2013-03-07 19:08:24.000000000 +0200
@@ -49,6 +49,9 @@
        "libdigest-sha-perl" => {
                "5.61"  =>  "5.71",
        },
+       "libencode-perl" => {
+               "2.42_01" => "2.44-1+deb7u1",
+       },
 );
 
 # list special cases where a Breaks entry doesn't need to imply

diff --git a/debian/changelog b/debian/changelog
index 35a103a..28e4ea4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libencode-perl (2.44-1+deb7u1) UNRELEASED; urgency=low
+
+  * Add patch memory_leak.patch, backported from the 2.49 release.
+    (Closes: #702444)
+
+ -- gregor herrmann <[email protected]>  Wed, 06 Mar 2013 22:03:32 +0100
+
 libencode-perl (2.44-1) unstable; urgency=high
 
   * Team upload.
diff --git a/debian/patches/memory_leak.patch b/debian/patches/memory_leak.patch
new file mode 100644
index 0000000..28e975a
--- /dev/null
+++ b/debian/patches/memory_leak.patch
@@ -0,0 +1,56 @@
+Description: fix memory leak:
+ The decode and encode methods allocated a SV for the result, this SV is
+ passed to the process_utf8() function which may croak() if the CHECK flag
+ has FB_CROAK set.
+Origin: upstream, 2.49 release
+Bug: https://github.com/dankogai/p5-encode/issues/8
+Bug-Debian: http://bugs.debian.org/702444
+Author: Christian Hansen
+Reviewed-by: gregor herrmann <[email protected]>
+Last-Update: 2013-03-06
+
+--- a/Encode.xs
++++ b/Encode.xs
+@@ -440,7 +440,6 @@
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
+     check = SvROK(check_sv) ? ENCODE_PERLQQ|ENCODE_LEAVE_SRC : SvIV(check_sv);
+     /* 
+      * PerlIO check -- we assume the object is of PerlIO if renewed
+@@ -471,6 +470,7 @@
+     }
+     }
+ 
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     s = process_utf8(aTHX_ dst, s, e, check_sv, 0, strict_utf8(aTHX_ obj), renewed);
+ 
+     /* Clear out translated part of source unless asked not to */
+@@ -482,7 +482,7 @@
+     SvCUR_set(src, slen);
+     }
+     SvUTF8_on(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
+@@ -504,7 +504,7 @@
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     if (SvUTF8(src)) {
+     /* Already encoded */
+     if (strict_utf8(aTHX_ obj)) {
+@@ -543,7 +543,7 @@
+     }
+     SvPOK_only(dst);
+     SvUTF8_off(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 5299247..0d7aa92 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 spelling.patch
+memory_leak.patch

--- End Message ---
--- Begin Message --- 
On 10.03.2013 19:00, Adam D. Barratt wrote:

On Sun, 2013-03-10 at 18:40 +0200, Niko Tyni wrote:

On Sat, Mar 09, 2013 at 08:49:59PM +0000, Adam D. Barratt wrote:
> On Thu, 2013-03-07 at 19:37 +0200, Niko Tyni wrote:
> > The wheezy side would need a tpu upload of libencode-perl and a sid 
> > upload of perl (obviously after 5.14.2-19 has migrated.)
>
> It looks like libencode-perl was still in sync between sid and wheezy > until Tuesday. :-( The diffs look okay and -19 migrated last night, so 
> please go ahead.

Thanks, both uploaded earlier today.


Yep, spotted the tpu earlier and approved that; thanks. Once that's
migrated I'll look at the perl unblock.


perl unblocked and aged.

Regards,

Adam

--- End Message ---

Reply via email to