From 80911529e50abd66df09ca540cf18f17dd0208db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Wed, 8 Mar 2017 10:55:17 +0100
Subject: Fix a null-pointer dereference on malformed code
---
...-fix-ck_return-null-pointer-deref-on-malf.patch | 72 ++++++++++++++++++++++
perl.spec | 11 +++-
2 files changed, 82 insertions(+), 1 deletion(-)
create mode 100644
perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
diff --git
a/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
b/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
new file mode 100644
index 0000000..37d7af4
--- /dev/null
+++ b/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
@@ -0,0 +1,72 @@
+From be05b2f7a801ae1721641fd240e0d7d6fc018136 Mon Sep 17 00:00:00 2001
+From: Aaron Crane <a...@cpan.org>
+Date: Sun, 19 Feb 2017 12:26:54 +0000
+Subject: [PATCH] fix ck_return null-pointer deref on malformed code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.24.1:
+
+commit e5c165a0b7551ffb94661aa7f18aabadba257782
+Author: Aaron Crane <a...@cpan.org>
+Date: Sun Feb 19 12:26:54 2017 +0000
+
+ [perl #130815] fix ck_return null-pointer deref on malformed code
+
+commit 9de2a80ffc0eefb4d60e13766baf4bad129e0a92
+Author: David Mitchell <da...@iabyn.com>
+Date: Sun Feb 19 12:36:58 2017 +0000
+
+ bump test count in t/comp/parser.t
+
+ (the previous commit forgot to)
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ op.c | 2 +-
+ t/comp/parser.t | 8 +++++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/op.c b/op.c
+index 018d90c..9a61ea7 100644
+--- a/op.c
++++ b/op.c
+@@ -10695,7 +10695,7 @@ Perl_ck_return(pTHX_ OP *o)
+ PERL_ARGS_ASSERT_CK_RETURN;
+
+ kid = OpSIBLING(cLISTOPo->op_first);
+- if (CvLVALUE(PL_compcv)) {
++ if (PL_compcv && CvLVALUE(PL_compcv)) {
+ for (; kid; kid = OpSIBLING(kid))
+ op_lvalue(kid, OP_LEAVESUBLV);
+ }
+diff --git a/t/comp/parser.t b/t/comp/parser.t
+index 50f601c..5016509 100644
+--- a/t/comp/parser.t
++++ b/t/comp/parser.t
+@@ -8,7 +8,7 @@ BEGIN {
+ chdir 't' if -d 't';
+ }
+
+-print "1..173\n";
++print "1..174\n";
+
+ sub failed {
+ my ($got, $expected, $name) = @_;
+@@ -546,6 +546,12 @@ eval "grep+grep";
+ eval 'qq{@{0]}${}},{})';
+ is(1, 1, "RT #124207");
+
++# RT #130815: crash in ck_return for malformed code
++{
++ eval 'm(@{if(0){sub d{]]])}return';
++ like $@, qr/^syntax error at \(eval \d+\) line 1, near "\{\]"/,
++ 'RT #130815: null pointer deref';
++}
+
+ # Add new tests HERE (above this line)
+
+--
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index e2bf22c..78e4d1a 100644
--- a/perl.spec
+++ b/perl.spec
@@ -29,7 +29,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be
broken otherwise
-Release: 369%{?dist}
+Release: 370%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -203,6 +203,10 @@ Patch67:
perl-5.24.1-buffer-overrun-with-format-and-use-bytes.patch
Patch68: perl-5.22.3-perl-129281-test-for-buffer-overflow-issue.patch
Patch69:
perl-5.25.9-perl-129061-CURLYX-nodes-can-be-studied-more-than-on.patch
+# Fix a null-pointer dereference on malformed code, RT#130815,
+# in upstream after 5.25.9
+Patch70:
perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
+
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200:
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -2514,6 +2518,7 @@ Perl extension for Version Objects
%patch67 -p1
%patch68 -p1
%patch69 -p1
+%patch70 -p1
%patch200 -p1
%patch201 -p1
@@ -2568,6 +2573,7 @@ perl -x patchlevel.h \
'Fedora Patch64: Fix a crash when compiling a regexp with impossible
quantifiers (RT#130561)' \
'Fedora Patch67: Fix a buffer overrun with format and "use bytes"
(RT#130703)' \
'Fedora Patch68: Fix a buffer overflow when studying some regexps
repeatedly (RT#129281, RT#129061)' \
+ 'Fedora Patch70: Fix a null-pointer dereference on malformed code
(RT#130815)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on
Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@@ -4820,6 +4826,9 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
+* Wed Mar 08 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-370
+- Fix a null-pointer dereference on malformed code (RT#130815)
+
* Fri Feb 17 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-369
- Fix a crash when compiling a regexp with impossible quantifiers (RT#130561)
- Fix a buffer overrun with format and "use bytes" (RT#130703)
--
cgit v1.1
https://src.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=80911529e50abd66df09ca540cf18f17dd0208db
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
