ppisar pushed to perl (f25). "Fix crash in splice"

notifications Thu, 03 Nov 2016 08:44:48 -0700

From 0fd19a3d3fe1fc7289e3973022e8a02769b84f39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Thu, 3 Nov 2016 09:45:10 +0100
Subject: Fix crash in splice


---
 perl-5.24.0-perl-129164-Crash-with-splice.patch | 79 +++++++++++++++++++++++++
 perl.spec                                       |  6 ++
 2 files changed, 85 insertions(+)
 create mode 100644 perl-5.24.0-perl-129164-Crash-with-splice.patch

diff --git a/perl-5.24.0-perl-129164-Crash-with-splice.patch 
b/perl-5.24.0-perl-129164-Crash-with-splice.patch
new file mode 100644
index 0000000..44dbe0c
--- /dev/null
+++ b/perl-5.24.0-perl-129164-Crash-with-splice.patch
@@ -0,0 +1,79 @@
+From 54550573a613ad20f00521880f345644a1db85cc Mon Sep 17 00:00:00 2001
+From: Father Chrysostomos <spr...@cpan.org>
+Date: Sun, 11 Sep 2016 21:29:56 -0700
+Subject: [PATCH] Crash with splice
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.24.0:
+
+commit 92b69f6501b4d7351e09c8b1ddd386aa7e1c9cd1
+Author: Father Chrysostomos <spr...@cpan.org>
+Date:   Sun Sep 11 21:29:56 2016 -0700
+
+    [perl #129164] Crash with splice
+
+    This fixes #129166 and #129167 as well.
+
+    splice needs to take into account that arrays can hold NULLs and
+    return &PL_sv_undef in those cases where it would have returned a
+    NULL element.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ pp.c         |  4 ++++
+ t/op/array.t | 17 +++++++++++++++++
+ 2 files changed, 21 insertions(+)
+
+diff --git a/pp.c b/pp.c
+index 4a2cde0..4153482 100644
+--- a/pp.c
++++ b/pp.c
+@@ -5488,6 +5488,8 @@ PP(pp_splice)
+               for (i = length - 1, dst = &AvARRAY(ary)[offset]; i > 0; i--)
+                   SvREFCNT_dec(*dst++);       /* free them now */
+           }
++          if (!*MARK)
++              *MARK = &PL_sv_undef;
+       }
+       AvFILLp(ary) += diff;
+ 
+@@ -5584,6 +5586,8 @@ PP(pp_splice)
+               while (length-- > 0)
+                   SvREFCNT_dec(tmparyval[length]);
+           }
++          if (!*MARK)
++              *MARK = &PL_sv_undef;
+       }
+       else
+           *MARK = &PL_sv_undef;
+diff --git a/t/op/array.t b/t/op/array.t
+index 4f0a772..fb4e8c6 100644
+--- a/t/op/array.t
++++ b/t/op/array.t
+@@ -555,4 +555,21 @@ is $#foo, 3, 'assigning to arylen aliased in 
foreach(scalar $#arylen)';
+     is "@a", 'a b c', 'assigning to itself';
+ }
+ 
++# [perl #129164], [perl #129166], [perl #129167]
++# splice() with null array entries
++# These used to crash.
++$#a = -1; $#a++;
++() = 0-splice @a; # subtract
++$#a = -1; $#a++;
++() =  -splice @a; # negate
++$#a = -1; $#a++;
++() = 0+splice @a; # add
++# And with array expansion, too
++$#a = -1; $#a++;
++() = 0-splice @a, 0, 1, 1, 1;
++$#a = -1; $#a++;
++() =  -splice @a, 0, 1, 1, 1;
++$#a = -1; $#a++;
++() = 0+splice @a, 0, 1, 1, 1;
++
+ "We're included by lib/Tie/Array/std.t so we need to return something true";
+-- 
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index 88d11b8..8b9aa0c 100644
--- a/perl.spec
+++ b/perl.spec
@@ -188,6 +188,9 @@ Patch45:        
perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch
 Patch46:        perl-5.24.0-Regression-test-for-RT-129196.patch
 Patch47:        perl-5.25.4-toke.c-fix-mswin32-builds.patch
 
+# Fix crash in splice, RT#129164, RT#129166, RT#129167, in upstream after 
5.25.4
+Patch48:        perl-5.24.0-perl-129164-Crash-with-splice.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2856,6 +2859,7 @@ Perl extension for Version Objects
 %patch45 -p1
 %patch46 -p1
 %patch47 -p1
+%patch48 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2894,6 +2898,7 @@ perl -x patchlevel.h \
     'Fedora Patch45: Fix crash in "evalbytes S" (RT#129196)' \
     'Fedora Patch46: Fix crash in "evalbytes S" (RT#129196)' \
     'Fedora Patch47: Fix crash in "evalbytes S" (RT#129196)' \
+    'Fedora Petch48: Fix crash in splice (RT#129164, RT#129166, RT#129167)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on 
Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5174,6 +5179,7 @@ popd
 %changelog
 * Thu Nov 03 2016 Petr Pisar <ppi...@redhat.com> - 4:5.24.0-378
 - Fix crash in "evalbytes S" (RT#129196)
+- Fix crash in splice (RT#129164, RT#129166, RT#129167)
 
 * Tue Aug 02 2016 Jitka Plesnikova <jples...@redhat.com> - 4:5.24.0-377
 - Avoid loading of modules from current directory, CVE-2016-1238, (bug 
#1360425)
-- 
cgit v0.12


        
http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f25&id=0fd19a3d3fe1fc7289e3973022e8a02769b84f39
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

ppisar pushed to perl (f25). "Fix crash in splice"

Reply via email to