From 5d6a5ae819151fb0727547adb812bc0faa500983 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com> Date: Thu, 3 Nov 2016 09:16:29 +0100 Subject: Fix crash in "evalbytes S"
--- perl-5.24.0-Regression-test-for-RT-129196.patch | 45 +++++++++++++++++++++ ...rl-129196-Crash-bad-read-with-evalbytes-S.patch | 37 +++++++++++++++++ perl-5.25.4-toke.c-fix-mswin32-builds.patch | 46 ++++++++++++++++++++++ perl.spec | 12 ++++++ 4 files changed, 140 insertions(+) create mode 100644 perl-5.24.0-Regression-test-for-RT-129196.patch create mode 100644 perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch create mode 100644 perl-5.25.4-toke.c-fix-mswin32-builds.patch diff --git a/perl-5.24.0-Regression-test-for-RT-129196.patch b/perl-5.24.0-Regression-test-for-RT-129196.patch new file mode 100644 index 0000000..23beb36 --- /dev/null +++ b/perl-5.24.0-Regression-test-for-RT-129196.patch @@ -0,0 +1,45 @@ +From a51d828a6d402f30f37707c714de218f6b47dbd8 Mon Sep 17 00:00:00 2001 +From: Dan Collins <dcolli...@gmail.com> +Date: Sun, 4 Sep 2016 14:43:41 -0400 +Subject: [PATCH] Regression test for RT #129196 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.24.0: + +commit a6128716d2cc20147851e0a37768376647bd3242 +Author: Dan Collins <dcolli...@gmail.com> +Date: Sun Sep 4 14:43:41 2016 -0400 + + Regression test for RT #129196 + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + t/op/evalbytes.t | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/t/op/evalbytes.t b/t/op/evalbytes.t +index cca7c04..5e2af76 100644 +--- a/t/op/evalbytes.t ++++ b/t/op/evalbytes.t +@@ -6,7 +6,7 @@ BEGIN { + require './test.pl'; require './charset_tools.pl'; + } + +-plan(tests => 8); ++plan(tests => 9); + + { + local $SIG{__WARN__} = sub {}; +@@ -33,3 +33,7 @@ chop($upcode = "use utf8; $U_100" . chr 256); + is evalbytes $upcode, chr 256, 'use utf8 within evalbytes on utf8 string'; + eval { evalbytes chr 256 }; + like $@, qr/Wide character/, 'evalbytes croaks on non-bytes'; ++ ++eval 'evalbytes S'; ++ok 1, '[RT #129196] evalbytes S should not segfault'; ++ +-- +2.7.4 + diff --git a/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch b/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch new file mode 100644 index 0000000..e224f30 --- /dev/null +++ b/perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch @@ -0,0 +1,37 @@ +From 9bde56224e82f20e7a65b3469b1ffb6b9f6d4df8 Mon Sep 17 00:00:00 2001 +From: Father Chrysostomos <spr...@cpan.org> +Date: Sun, 4 Sep 2016 20:24:19 -0700 +Subject: [PATCH] =?UTF-8?q?[perl=20#129196]=20Crash/bad=20read=20with=20?= + =?UTF-8?q?=E2=80=98evalbytes=20S=E2=80=99?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +5dc13276 added some code to toke.c that did not take into account +that the opnum (‘f’) argument to UNI* could be a negated op number. +PL_last_lop_op must never be negative, since it is used as an offset +into a struct. + +Tests for the crash will come in the next commit. + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + toke.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/toke.c b/toke.c +index 2fe8b69..2350703 100644 +--- a/toke.c ++++ b/toke.c +@@ -241,7 +241,7 @@ static const char* const lex_state_names[] = { + if (have_x) PL_expect = x; \ + PL_bufptr = s; \ + PL_last_uni = PL_oldbufptr; \ +- PL_last_lop_op = f; \ ++ PL_last_lop_op = f < 0 ? -f : f; \ + if (*s == '(') \ + return REPORT( (int)FUNC1 ); \ + s = skipspace(s); \ +-- +2.7.4 + diff --git a/perl-5.25.4-toke.c-fix-mswin32-builds.patch b/perl-5.25.4-toke.c-fix-mswin32-builds.patch new file mode 100644 index 0000000..5b066c8 --- /dev/null +++ b/perl-5.25.4-toke.c-fix-mswin32-builds.patch @@ -0,0 +1,46 @@ +From 0af40c757f083cc12988effb46da5313cd042f00 Mon Sep 17 00:00:00 2001 +From: David Mitchell <da...@iabyn.com> +Date: Mon, 5 Sep 2016 15:49:28 +0100 +Subject: [PATCH] toke.c: fix mswin32 builds +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +9bde56224 added this as part of macro: + +- PL_last_lop_op = f; \ ++ PL_last_lop_op = f < 0 ? -f : f; \ + +which broke win32 builds due to this + + UNIBRACK(-OP_ENTEREVAL) + +expanding to + + PL_last_lop_op = -345 < 0 ? --345 : -345 + +and the -- being seen as a pre-dec op. + +Diagnosed by Dagfinn Ilmari Mannsåker. + +Signed-off-by: Petr Písař <ppi...@redhat.com> +--- + toke.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/toke.c b/toke.c +index 2350703..a1cdda8 100644 +--- a/toke.c ++++ b/toke.c +@@ -241,7 +241,7 @@ static const char* const lex_state_names[] = { + if (have_x) PL_expect = x; \ + PL_bufptr = s; \ + PL_last_uni = PL_oldbufptr; \ +- PL_last_lop_op = f < 0 ? -f : f; \ ++ PL_last_lop_op = (f) < 0 ? -(f) : (f); \ + if (*s == '(') \ + return REPORT( (int)FUNC1 ); \ + s = skipspace(s); \ +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index 39976a0..9e6ceab 100644 --- a/perl.spec +++ b/perl.spec @@ -110,6 +110,11 @@ Patch32: perl-5.22.2-perl-128597-Crash-from-gp_free-ckWARN_d.patch # in upstream after 5.25.1 Patch33: perl-5.25.1-perl-128316-preserve-errno-from-failed-system-calls.patch +# Fix crash in "evalbytes S", RT#129196, in upstream after 5.25.4 +Patch34: perl-5.25.4-perl-129196-Crash-bad-read-with-evalbytes-S.patch +Patch35: perl-5.24.0-Regression-test-for-RT-129196.patch +Patch36: perl-5.25.4-toke.c-fix-mswin32-builds.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2384,6 +2389,9 @@ Perl extension for Version Objects %patch31 -p1 %patch32 -p1 %patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 %patch200 -p1 %patch201 -p1 @@ -2409,6 +2417,9 @@ perl -x patchlevel.h \ 'Fedora Patch31: Avoid loading optional modules from default . (CVE-2016-1238)' \ 'Fedora Patch32: Fix a crash in lexical scope warnings (RT#128597)' \ 'Fedora Patch33: Do not mangle errno from failed socket calls (RT#128316)' \ + 'Fedora Patch34: Fix crash in "evalbytes S" (RT#129196)' \ + 'Fedora Patch35: Fix crash in "evalbytes S" (RT#129196)' \ + 'Fedora Patch36: Fix crash in "evalbytes S" (RT#129196)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4664,6 +4675,7 @@ popd * Fri Nov 04 2016 Petr Pisar <ppi...@redhat.com> - 4:5.22.2-363 - Fix a crash in lexical scope warnings (RT#128597) - Do not mangle errno from failed socket calls (RT#128316) +- Fix crash in "evalbytes S" (RT#129196) * Wed Aug 03 2016 Jitka Plesnikova <jples...@redhat.com> - 4:5.22.2-362 - Avoid loading optional modules from default . (CVE-2016-1238) -- cgit v0.12 http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f24&id=5d6a5ae819151fb0727547adb812bc0faa500983 _______________________________________________ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org