From 80911529e50abd66df09ca540cf18f17dd0208db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Wed, 8 Mar 2017 10:55:17 +0100 Subject: Fix a null-pointer dereference on malformed code
--- ...-fix-ck_return-null-pointer-deref-on-malf.patch | 72 ++++++++++++++++++++++ perl.spec | 11 +++- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch diff --git a/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch b/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch new file mode 100644 index 0000000..37d7af4 --- /dev/null +++ b/perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch @@ -0,0 +1,72 @@ +From be05b2f7a801ae1721641fd240e0d7d6fc018136 Mon Sep 17 00:00:00 2001 +From: Aaron Crane <a...@cpan.org> +Date: Sun, 19 Feb 2017 12:26:54 +0000 +Subject: [PATCH] fix ck_return null-pointer deref on malformed code +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.24.1: + +commit e5c165a0b7551ffb94661aa7f18aabadba257782 +Author: Aaron Crane <a...@cpan.org> +Date: Sun Feb 19 12:26:54 2017 +0000 + + [perl #130815] fix ck_return null-pointer deref on malformed code + +commit 9de2a80ffc0eefb4d60e13766baf4bad129e0a92 +Author: David Mitchell <da...@iabyn.com> +Date: Sun Feb 19 12:36:58 2017 +0000 + + bump test count in t/comp/parser.t + + (the previous commit forgot to) + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + op.c | 2 +- + t/comp/parser.t | 8 +++++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/op.c b/op.c +index 018d90c..9a61ea7 100644 +--- a/op.c ++++ b/op.c +@@ -10695,7 +10695,7 @@ Perl_ck_return(pTHX_ OP *o) + PERL_ARGS_ASSERT_CK_RETURN; + + kid = OpSIBLING(cLISTOPo->op_first); +- if (CvLVALUE(PL_compcv)) { ++ if (PL_compcv && CvLVALUE(PL_compcv)) { + for (; kid; kid = OpSIBLING(kid)) + op_lvalue(kid, OP_LEAVESUBLV); + } +diff --git a/t/comp/parser.t b/t/comp/parser.t +index 50f601c..5016509 100644 +--- a/t/comp/parser.t ++++ b/t/comp/parser.t +@@ -8,7 +8,7 @@ BEGIN { + chdir 't' if -d 't'; + } + +-print "1..173\n"; ++print "1..174\n"; + + sub failed { + my ($got, $expected, $name) = @_; +@@ -546,6 +546,12 @@ eval "grep+grep"; + eval 'qq{@{0]}${}},{})'; + is(1, 1, "RT #124207"); + ++# RT #130815: crash in ck_return for malformed code ++{ ++ eval 'm(@{if(0){sub d{]]])}return'; ++ like $@, qr/^syntax error at \(eval \d+\) line 1, near "\{\]"/, ++ 'RT #130815: null pointer deref'; ++} + + # Add new tests HERE (above this line) + +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index e2bf22c..78e4d1a 100644 --- a/perl.spec +++ b/perl.spec @@ -29,7 +29,7 @@ Name: perl Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 369%{?dist} +Release: 370%{?dist} Epoch: %{perl_epoch} Summary: Practical Extraction and Report Language Group: Development/Languages @@ -203,6 +203,10 @@ Patch67: perl-5.24.1-buffer-overrun-with-format-and-use-bytes.patch Patch68: perl-5.22.3-perl-129281-test-for-buffer-overflow-issue.patch Patch69: perl-5.25.9-perl-129061-CURLYX-nodes-can-be-studied-more-than-on.patch +# Fix a null-pointer dereference on malformed code, RT#130815, +# in upstream after 5.25.9 +Patch70: perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2514,6 +2518,7 @@ Perl extension for Version Objects %patch67 -p1 %patch68 -p1 %patch69 -p1 +%patch70 -p1 %patch200 -p1 %patch201 -p1 @@ -2568,6 +2573,7 @@ perl -x patchlevel.h \ 'Fedora Patch64: Fix a crash when compiling a regexp with impossible quantifiers (RT#130561)' \ 'Fedora Patch67: Fix a buffer overrun with format and "use bytes" (RT#130703)' \ 'Fedora Patch68: Fix a buffer overflow when studying some regexps repeatedly (RT#129281, RT#129061)' \ + 'Fedora Patch70: Fix a null-pointer dereference on malformed code (RT#130815)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4820,6 +4826,9 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Wed Mar 08 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-370 +- Fix a null-pointer dereference on malformed code (RT#130815) + * Fri Feb 17 2017 Petr Pisar <ppi...@redhat.com> - 4:5.22.3-369 - Fix a crash when compiling a regexp with impossible quantifiers (RT#130561) - Fix a buffer overrun with format and "use bytes" (RT#130703) -- cgit v1.1 https://src.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=80911529e50abd66df09ca540cf18f17dd0208db _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org