From 390a8a1af1f90b81c7488bbc8cf4595cac1e7386 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Tue, 12 Jul 2016 12:50:33 +0200 Subject: Fix a crash in lexical scope warnings
--- ...2-perl-128597-Crash-from-gp_free-ckWARN_d.patch | 101 +++++++++++++++++++++ perl.spec | 10 +- 2 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 perl-5.22.2-perl-128597-Crash-from-gp_free-ckWARN_d.patch diff --git a/perl-5.22.2-perl-128597-Crash-from-gp_free-ckWARN_d.patch b/perl-5.22.2-perl-128597-Crash-from-gp_free-ckWARN_d.patch new file mode 100644 index 0000000..9eed744 --- /dev/null +++ b/perl-5.22.2-perl-128597-Crash-from-gp_free-ckWARN_d.patch @@ -0,0 +1,101 @@ +From 31321d9c337d50cc8ead96ffacc82c90999ecef0 Mon Sep 17 00:00:00 2001 +From: Father Chrysostomos <spr...@cpan.org> +Date: Mon, 11 Jul 2016 14:49:17 -0700 +Subject: [PATCH] Crash from gp_free/ckWARN_d +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.22.2: + +commit a2637ca0a3fec01b80d7ea5ba62802354fd5e6f3 +Author: Father Chrysostomos <spr...@cpan.org> +Date: Mon Jul 11 14:49:17 2016 -0700 + + [perl #128597] Crash from gp_free/ckWARN_d + + See the explanation in the test added and in the RT ticket. + + The solution is to make the warn macros check that PL_curcop + is non-null. + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + regen/warnings.pl | 6 ++++-- + t/op/gv.t | 18 +++++++++++++++++- + warnings.h | 6 ++++-- + 3 files changed, 25 insertions(+), 5 deletions(-) + +diff --git a/regen/warnings.pl b/regen/warnings.pl +index 694cb03..85e6d5a 100644 +--- a/regen/warnings.pl ++++ b/regen/warnings.pl +@@ -362,8 +362,10 @@ EOM + + print $warn <<'EOM'; + +-#define isLEXWARN_on (PL_curcop->cop_warnings != pWARN_STD) +-#define isLEXWARN_off (PL_curcop->cop_warnings == pWARN_STD) ++#define isLEXWARN_on \ ++ (PL_curcop && PL_curcop->cop_warnings != pWARN_STD) ++#define isLEXWARN_off \ ++ (!PL_curcop || PL_curcop->cop_warnings == pWARN_STD) + #define isWARN_ONCE (PL_dowarn & (G_WARN_ON|G_WARN_ONCE)) + #define isWARN_on(c,x) (IsSet((U8 *)(c + 1), 2*(x))) + #define isWARNf_on(c,x) (IsSet((U8 *)(c + 1), 2*(x)+1)) +diff --git a/t/op/gv.t b/t/op/gv.t +index 2c9cc64..0cb8ebe 100644 +--- a/t/op/gv.t ++++ b/t/op/gv.t +@@ -12,7 +12,7 @@ BEGIN { + + use warnings; + +-plan(tests => 276 ); ++plan(tests => 277 ); + + # type coercion on assignment + $foo = 'foo'; +@@ -1150,6 +1150,22 @@ pass "No crash due to CvGV pointing to glob copy in the stash"; + is($c_125840, 1, 'RT #125840: $c=$d'); + } + ++# [perl #128597] Crash when gp_free calls ckWARN_d ++# I am not sure this test even belongs in this file, as the crash was the ++# result of various features interacting. But a call to ckWARN_d from ++# gv.c:gp_free triggered the crash, so this seems as good a place as any. ++# ‘die’ (or any abnormal scope exit) can cause the current cop to be freed, ++# if the subroutine containing the ‘die’ gets freed as a result. That ++# causes PL_curcop to be set to NULL. If a writable handle gets freed ++# while PL_curcop is NULL, then gp_free will call ckWARN_d while that con- ++# dition still holds, so ckWARN_d needs to know about PL_curcop possibly ++# being NULL. ++SKIP: { ++ skip_if_miniperl("No PerlIO::scalar on miniperl", 1); ++ runperl(prog => 'open my $fh, q|>|, \$buf;' ++ .'my $sub = eval q|sub {exit 0}|; $sub->()'); ++ is ($? & 127, 0,"[perl #128597] No crash when gp_free calls ckWARN_d"); ++} + + __END__ + Perl +diff --git a/warnings.h b/warnings.h +index 24fe243..b0a0eb4 100644 +--- a/warnings.h ++++ b/warnings.h +@@ -117,8 +117,10 @@ + #define WARN_ALLstring "\125\125\125\125\125\125\125\125\125\125\125\125\125\125\125\125\125" + #define WARN_NONEstring "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + +-#define isLEXWARN_on (PL_curcop->cop_warnings != pWARN_STD) +-#define isLEXWARN_off (PL_curcop->cop_warnings == pWARN_STD) ++#define isLEXWARN_on \ ++ (PL_curcop && PL_curcop->cop_warnings != pWARN_STD) ++#define isLEXWARN_off \ ++ (!PL_curcop || PL_curcop->cop_warnings == pWARN_STD) + #define isWARN_ONCE (PL_dowarn & (G_WARN_ON|G_WARN_ONCE)) + #define isWARN_on(c,x) (IsSet((U8 *)(c + 1), 2*(x))) + #define isWARNf_on(c,x) (IsSet((U8 *)(c + 1), 2*(x)+1)) +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index 30b0be8..0bcc86e 100644 --- a/perl.spec +++ b/perl.spec @@ -30,7 +30,7 @@ Name: perl Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 354%{?dist} +Release: 355%{?dist} Epoch: %{perl_epoch} Summary: Practical Extraction and Report Language Group: Development/Languages @@ -104,6 +104,9 @@ Patch30: perl-5.25.2-Don-t-let-XSLoader-load-relative-paths.patch # in upstream after 5.22.3 Patch31: perl-5.22.2-CVE-2016-1238-maint-5.22-dot-in-inc.patch +# Fix a crash in lexical scope warnings, RT#128597, in upstream after 5.25.2 +Patch32: perl-5.22.2-perl-128597-Crash-from-gp_free-ckWARN_d.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2148,6 +2151,7 @@ Perl extension for Version Objects %patch29 -p1 %patch30 -p1 %patch31 -p1 +%patch32 -p1 %patch200 -p1 %patch201 -p1 @@ -2171,6 +2175,7 @@ perl -x patchlevel.h \ 'Fedora Patch29: Fix duplicating PerlIO::encoding when spawning threads (RT#31923)' \ 'Fedora Patch30: Do not let XSLoader load relative paths (CVE-2016-6185)' \ 'Fedora Patch31: Avoid loading optional modules from default . (CVE-2016-1238)' \ + 'Fedora Patch32: Fix a crash in lexical scope warnings (RT#128597)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4184,6 +4189,9 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Fri Nov 04 2016 Petr Pisar <ppi...@redhat.com> - 4:5.22.2-355 +- Fix a crash in lexical scope warnings (RT#128597) + * Wed Aug 03 2016 Jitka Plesnikova <jples...@redhat.com> - 4:5.22.2-354 - Avoid loading optional modules from default . (CVE-2016-1238) -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f23&id=390a8a1af1f90b81c7488bbc8cf4595cac1e7386 _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org