From 1e2068cd3e9e09571865a2064c9ce5d80f6e710c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Thu, 3 Nov 2016 09:45:10 +0100 Subject: Fix crash in splice
--- perl-5.22.2-perl-129164-Crash-with-splice.patch | 79 +++++++++++++++++++++++++ perl.spec | 6 ++ 2 files changed, 85 insertions(+) create mode 100644 perl-5.22.2-perl-129164-Crash-with-splice.patch diff --git a/perl-5.22.2-perl-129164-Crash-with-splice.patch b/perl-5.22.2-perl-129164-Crash-with-splice.patch new file mode 100644 index 0000000..1d729be --- /dev/null +++ b/perl-5.22.2-perl-129164-Crash-with-splice.patch @@ -0,0 +1,79 @@ +From 5114cc26ed8a68debf3e4ed357f205ddaf99ef15 Mon Sep 17 00:00:00 2001 +From: Father Chrysostomos <spr...@cpan.org> +Date: Sun, 11 Sep 2016 21:29:56 -0700 +Subject: [PATCH] Crash with splice +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.22.2: + +commit 92b69f6501b4d7351e09c8b1ddd386aa7e1c9cd1 +Author: Father Chrysostomos <spr...@cpan.org> +Date: Sun Sep 11 21:29:56 2016 -0700 + + [perl #129164] Crash with splice + + This fixes #129166 and #129167 as well. + + splice needs to take into account that arrays can hold NULLs and + return &PL_sv_undef in those cases where it would have returned a + NULL element. + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + pp.c | 4 ++++ + t/op/array.t | 17 +++++++++++++++++ + 2 files changed, 21 insertions(+) + +diff --git a/pp.c b/pp.c +index 3173c5a..996b346 100644 +--- a/pp.c ++++ b/pp.c +@@ -5325,6 +5325,8 @@ PP(pp_splice) + for (i = length - 1, dst = &AvARRAY(ary)[offset]; i > 0; i--) + SvREFCNT_dec(*dst++); /* free them now */ + } ++ if (!*MARK) ++ *MARK = &PL_sv_undef; + } + AvFILLp(ary) += diff; + +@@ -5421,6 +5423,8 @@ PP(pp_splice) + while (length-- > 0) + SvREFCNT_dec(tmparyval[length]); + } ++ if (!*MARK) ++ *MARK = &PL_sv_undef; + } + else + *MARK = &PL_sv_undef; +diff --git a/t/op/array.t b/t/op/array.t +index 7239d48..bbdf86c 100644 +--- a/t/op/array.t ++++ b/t/op/array.t +@@ -549,4 +549,21 @@ is "@ary", 'b a', + for(scalar $#foo) { $_ = 3 } + is $#foo, 3, 'assigning to arylen aliased in foreach(scalar $#arylen)'; + ++# [perl #129164], [perl #129166], [perl #129167] ++# splice() with null array entries ++# These used to crash. ++$#a = -1; $#a++; ++() = 0-splice @a; # subtract ++$#a = -1; $#a++; ++() = -splice @a; # negate ++$#a = -1; $#a++; ++() = 0+splice @a; # add ++# And with array expansion, too ++$#a = -1; $#a++; ++() = 0-splice @a, 0, 1, 1, 1; ++$#a = -1; $#a++; ++() = -splice @a, 0, 1, 1, 1; ++$#a = -1; $#a++; ++() = 0+splice @a, 0, 1, 1, 1; ++ + "We're included by lib/Tie/Array/std.t so we need to return something true"; +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index 2ba3320..c7bd3bd 100644 --- a/perl.spec +++ b/perl.spec @@ -116,6 +116,9 @@ Patch34: perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch Patch35: perl-5.24.0-Regression-test-for-RT-129196.patch Patch36: perl-5.25.4-toke.c-fix-mswin32-builds.patch +# Fix crash in splice, RT#129164, RT#129166, RT#129167, in upstream after 5.25.4 +Patch37: perl-5.22.2-perl-129164-Crash-with-splice.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2165,6 +2168,7 @@ Perl extension for Version Objects %patch34 -p1 %patch35 -p1 %patch36 -p1 +%patch37 -p1 %patch200 -p1 %patch201 -p1 @@ -2193,6 +2197,7 @@ perl -x patchlevel.h \ 'Fedora Patch34: Fix crash in "evalbytes S" (RT#129196)' \ 'Fedora Patch35: Fix crash in "evalbytes S" (RT#129196)' \ 'Fedora Patch36: Fix crash in "evalbytes S" (RT#129196)' \ + 'Fedora Patch37: Fix crash in splice (RT#129164, RT#129166, RT#129167)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4210,6 +4215,7 @@ popd - Fix a crash in lexical scope warnings (RT#128597) - Do not mangle errno from failed socket calls (RT#128316) - Fix crash in "evalbytes S" (RT#129196) +- Fix crash in splice (RT#129164, RT#129166, RT#129167) * Wed Aug 03 2016 Jitka Plesnikova <jples...@redhat.com> - 4:5.22.2-354 - Avoid loading optional modules from default . (CVE-2016-1238) -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f23&id=1e2068cd3e9e09571865a2064c9ce5d80f6e710c _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org