ppisar pushed to perl (f23). "Fix crash in splice"

notifications Fri, 04 Nov 2016 07:36:03 -0700

From 1e2068cd3e9e09571865a2064c9ce5d80f6e710c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Thu, 3 Nov 2016 09:45:10 +0100
Subject: Fix crash in splice


---
 perl-5.22.2-perl-129164-Crash-with-splice.patch | 79 +++++++++++++++++++++++++
 perl.spec                                       |  6 ++
 2 files changed, 85 insertions(+)
 create mode 100644 perl-5.22.2-perl-129164-Crash-with-splice.patch

diff --git a/perl-5.22.2-perl-129164-Crash-with-splice.patch 
b/perl-5.22.2-perl-129164-Crash-with-splice.patch
new file mode 100644
index 0000000..1d729be
--- /dev/null
+++ b/perl-5.22.2-perl-129164-Crash-with-splice.patch
@@ -0,0 +1,79 @@
+From 5114cc26ed8a68debf3e4ed357f205ddaf99ef15 Mon Sep 17 00:00:00 2001
+From: Father Chrysostomos <spr...@cpan.org>
+Date: Sun, 11 Sep 2016 21:29:56 -0700
+Subject: [PATCH] Crash with splice
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.22.2:
+
+commit 92b69f6501b4d7351e09c8b1ddd386aa7e1c9cd1
+Author: Father Chrysostomos <spr...@cpan.org>
+Date:   Sun Sep 11 21:29:56 2016 -0700
+
+    [perl #129164] Crash with splice
+
+    This fixes #129166 and #129167 as well.
+
+    splice needs to take into account that arrays can hold NULLs and
+    return &PL_sv_undef in those cases where it would have returned a
+    NULL element.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ pp.c         |  4 ++++
+ t/op/array.t | 17 +++++++++++++++++
+ 2 files changed, 21 insertions(+)
+
+diff --git a/pp.c b/pp.c
+index 3173c5a..996b346 100644
+--- a/pp.c
++++ b/pp.c
+@@ -5325,6 +5325,8 @@ PP(pp_splice)
+               for (i = length - 1, dst = &AvARRAY(ary)[offset]; i > 0; i--)
+                   SvREFCNT_dec(*dst++);       /* free them now */
+           }
++          if (!*MARK)
++              *MARK = &PL_sv_undef;
+       }
+       AvFILLp(ary) += diff;
+ 
+@@ -5421,6 +5423,8 @@ PP(pp_splice)
+               while (length-- > 0)
+                   SvREFCNT_dec(tmparyval[length]);
+           }
++          if (!*MARK)
++              *MARK = &PL_sv_undef;
+       }
+       else
+           *MARK = &PL_sv_undef;
+diff --git a/t/op/array.t b/t/op/array.t
+index 7239d48..bbdf86c 100644
+--- a/t/op/array.t
++++ b/t/op/array.t
+@@ -549,4 +549,21 @@ is "@ary", 'b a',
+ for(scalar $#foo) { $_ = 3 }
+ is $#foo, 3, 'assigning to arylen aliased in foreach(scalar $#arylen)';
+ 
++# [perl #129164], [perl #129166], [perl #129167]
++# splice() with null array entries
++# These used to crash.
++$#a = -1; $#a++;
++() = 0-splice @a; # subtract
++$#a = -1; $#a++;
++() =  -splice @a; # negate
++$#a = -1; $#a++;
++() = 0+splice @a; # add
++# And with array expansion, too
++$#a = -1; $#a++;
++() = 0-splice @a, 0, 1, 1, 1;
++$#a = -1; $#a++;
++() =  -splice @a, 0, 1, 1, 1;
++$#a = -1; $#a++;
++() = 0+splice @a, 0, 1, 1, 1;
++
+ "We're included by lib/Tie/Array/std.t so we need to return something true";
+-- 
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index 2ba3320..c7bd3bd 100644
--- a/perl.spec
+++ b/perl.spec
@@ -116,6 +116,9 @@ Patch34:        
perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch
 Patch35:        perl-5.24.0-Regression-test-for-RT-129196.patch
 Patch36:        perl-5.25.4-toke.c-fix-mswin32-builds.patch
 
+# Fix crash in splice, RT#129164, RT#129166, RT#129167, in upstream after 
5.25.4
+Patch37:        perl-5.22.2-perl-129164-Crash-with-splice.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2165,6 +2168,7 @@ Perl extension for Version Objects
 %patch34 -p1
 %patch35 -p1
 %patch36 -p1
+%patch37 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2193,6 +2197,7 @@ perl -x patchlevel.h \
     'Fedora Patch34: Fix crash in "evalbytes S" (RT#129196)' \
     'Fedora Patch35: Fix crash in "evalbytes S" (RT#129196)' \
     'Fedora Patch36: Fix crash in "evalbytes S" (RT#129196)' \
+    'Fedora Patch37: Fix crash in splice (RT#129164, RT#129166, RT#129167)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on 
Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -4210,6 +4215,7 @@ popd
 - Fix a crash in lexical scope warnings (RT#128597)
 - Do not mangle errno from failed socket calls (RT#128316)
 - Fix crash in "evalbytes S" (RT#129196)
+- Fix crash in splice (RT#129164, RT#129166, RT#129167)
 
 * Wed Aug 03 2016 Jitka Plesnikova <jples...@redhat.com> - 4:5.22.2-354
 - Avoid loading optional modules from default . (CVE-2016-1238)
-- 
cgit v0.12


        
http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f23&id=1e2068cd3e9e09571865a2064c9ce5d80f6e710c
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

ppisar pushed to perl (f23). "Fix crash in splice"

Reply via email to