ppisar pushed to perl (f24). "Fix a buffer overflow in split in scalar context"

Fri, 20 Jan 2017 04:39:37 -0800 

From c23879e98f75400b36b88b0d28c71319e7baebc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <[email protected]>
Date: Fri, 20 Jan 2017 09:33:57 +0100
Subject: Fix a buffer overflow in split in scalar context

---
 ...2-split-scalar-context-stack-overflow-fix.patch | 62 ++++++++++++++++++++++
 perl.spec                                          | 11 +++-
 2 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 
perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch

diff --git 
a/perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch 
b/perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch
new file mode 100644
index 0000000..e250a0a
--- /dev/null
+++ b/perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch
@@ -0,0 +1,62 @@
+From 2bcb4a5888b1c26ee11bc447cc02b42290c707af Mon Sep 17 00:00:00 2001
+From: Tony Cook <[email protected]>
+Date: Mon, 5 Dec 2016 11:48:14 +1100
+Subject: [PATCH] (perl #130262) split scalar context stack overflow fix
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.14.1:
+
+commit 02c161ef974f8f1efbb5632f741c1164adb6ca75
+Author: Tony Cook <[email protected]>
+Date:   Mon Dec 5 11:48:14 2016 +1100
+
+    (perl #130262) split scalar context stack overflow fix
+
+    pp_split didn't ensure there was space for its return value
+    in scalar context.
+
+Signed-off-by: Petr Písař <[email protected]>
+---
+ pp.c         | 2 +-
+ t/op/split.t | 6 +++++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/pp.c b/pp.c
+index 70345ce..334b353 100644
+--- a/pp.c
++++ b/pp.c
+@@ -6259,7 +6259,7 @@ PP(pp_split)
+     }
+ 
+     GETTARGET;
+-    PUSHi(iters);
++    XPUSHi(iters);
+     RETURN;
+ }
+ 
+diff --git a/t/op/split.t b/t/op/split.t
+index b7846a1..3e08841 100644
+--- a/t/op/split.t
++++ b/t/op/split.t
+@@ -7,7 +7,7 @@ BEGIN {
+     set_up_inc('../lib');
+ }
+ 
+-plan tests => 133;
++plan tests => 134;
+ 
+ $FS = ':';
+ 
+@@ -534,3 +534,7 @@ is "@a", '1 2 3', 'assignment to split-to-array (stacked)';
+     ok eval { $a[0] = 'a'; 1; }, "array split filling AvARRAY: assign 0";
+     is "@a", "a b", "array split filling AvARRAY: result";
+ }
++
++fresh_perl_is(<<'CODE', '', {}, "scalar split stack overflow");
++map{int"";split//.0>60for"0000000000000000"}split// 
for"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
++CODE
+-- 
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index 3e679c9..eb898d0 100644
--- a/perl.spec
+++ b/perl.spec
@@ -29,7 +29,7 @@
 Name:           perl
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be 
broken otherwise
-Release:        366%{?dist}
+Release:        367%{?dist}
 Epoch:          %{perl_epoch}
 Summary:        Practical Extraction and Report Language
 Group:          Development/Languages
@@ -155,6 +155,10 @@ Patch52:        
perl-5.22.2-perl-129788-IO-Poll-fix-memory-leak.patch
 # Fix regular expression matching, RT#130307, in upstream after 5.25.7
 Patch53:        perl-5.22.2-perl-130307-Correctly-unwind-on-cache-hit.patch
 
+# Fix a buffer overflow in split in scalar context, RT#130262,
+# in upstream after 5.25.8
+Patch54:        
perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2450,6 +2454,7 @@ Perl extension for Version Objects
 %patch51 -p1
 %patch52 -p1
 %patch53 -p1
+%patch54 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2492,6 +2497,7 @@ perl -x patchlevel.h \
     'Fedora Patch51: Fix a crash in optimized evaluation of "or ((0) x 0))" 
(RT#130247)' \
     'Fedora Patch52: Fix a memory leak in IO::Poll (RT#129788)' \
     'Fedora Patch53: Fix regular expression matching (RT#130307)' \
+    'Fedora Patch54: Fix a buffer overflow in split in scalar context 
(RT#130262)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on 
Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -4744,6 +4750,9 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Fri Jan 20 2017 Petr Pisar <[email protected]> - 4:5.22.3-367
+- Fix a buffer overflow in split in scalar context (RT#130262)
+
 * Mon Jan 16 2017 Jitka Plesnikova <[email protected]> - 4:5.22.3-366
 - 5.22.3 bump (see <http://search.cpan.org/dist/perl-5.22.3/pod/perldelta.pod>
   for release notes)
-- 
cgit v0.12


        
http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=c23879e98f75400b36b88b0d28c71319e7baebc2
_______________________________________________
perl-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to