ppisar pushed to perl (f25). "Fix crash on explicit return from regular expression substitution"

Mon, 19 Dec 2016 06:12:08 -0800 

From 357d7b2c1c247ac324a3e4abc8221ff9889db9d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Mon, 28 Nov 2016 14:15:43 +0100
Subject: Fix crash on explicit return from regular expression substitution

---
 ...-5.24.0-crash-on-explicit-return-from-s-e.patch | 94 ++++++++++++++++++++++
 perl.spec                                          |  7 ++
 2 files changed, 101 insertions(+)
 create mode 100644 perl-5.24.0-crash-on-explicit-return-from-s-e.patch

diff --git a/perl-5.24.0-crash-on-explicit-return-from-s-e.patch 
b/perl-5.24.0-crash-on-explicit-return-from-s-e.patch
new file mode 100644
index 0000000..d7fd09d
--- /dev/null
+++ b/perl-5.24.0-crash-on-explicit-return-from-s-e.patch
@@ -0,0 +1,94 @@
+From 2c639acf40b4abc2783352f8e20dbfb68389e633 Mon Sep 17 00:00:00 2001
+From: David Mitchell <da...@iabyn.com>
+Date: Mon, 28 Nov 2016 08:03:49 +0000
+Subject: [PATCH] crash on explicit return from s///e
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Petr Pisar: Ported to 5.24.0:
+
+commit 7332835e5da7b7a793ef814a84e53003be1d0138
+Author: David Mitchell <da...@iabyn.com>
+Date:   Mon Nov 28 08:03:49 2016 +0000
+
+    crash on explicit return from s///e
+
+    RT #130188
+
+    In
+
+        sub f {
+            my $x = 'a';
+            $x =~ s/./return;/e;
+        }
+
+    the 'return' triggers popping any contexts above the subroutine context:
+    in this case, a CXt_SUBST context. In this case, Perl_dounwind() calls
+    cx_popblock() for the bottom-most popped context, to restore any saved
+    vars. However, CXt_SUBST is the one context type which *doesn't* use
+    'struct block' as part of its context struct union, so you can't
+    cx_popblock() a CXt_SUBST context.
+
+    This commit makes it skip the cx_popblock() in this case.
+
+    Bug was introduced by me with v5.23.7-235-gfc6e609.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ pp_ctl.c     |  6 ++++++
+ t/re/subst.t | 17 ++++++++++++++++-
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/pp_ctl.c b/pp_ctl.c
+index 99ff59a..b94c09a 100644
+--- a/pp_ctl.c
++++ b/pp_ctl.c
+@@ -1529,6 +1529,12 @@ Perl_dounwind(pTHX_ I32 cxix)
+       switch (CxTYPE(cx)) {
+       case CXt_SUBST:
+           CX_POPSUBST(cx);
++            /* CXt_SUBST is not a block context type, so skip the
++             * cx_popblock(cx) below */
++            if (cxstack_ix == cxix + 1) {
++                cxstack_ix--;
++                return;
++            }
+           break;
+       case CXt_SUB:
+           cx_popsub(cx);
+diff --git a/t/re/subst.t b/t/re/subst.t
+index 26a78c7..c039cc4 100644
+--- a/t/re/subst.t
++++ b/t/re/subst.t
+@@ -11,7 +11,7 @@ BEGIN {
+     require './loc_tools.pl';
+ }
+ 
+-plan( tests => 270 );
++plan( tests => 271 );
+ 
+ $_ = 'david';
+ $a = s/david/rules/r;
+@@ -1102,3 +1102,18 @@ SKIP: {
+     $s =~ s/..\G//g;
+     is($s, "\x{123}", "#RT 126260 gofs");
+ }
++
++# [perl #130188] crash on return from substitution in subroutine
++# make sure returning from s///e doesn't SEGV
++{
++    my $f = sub {
++        my $x = 'a';
++        $x =~ s/./return;/e;
++    };
++    my $x = $f->();
++    pass("RT #130188");
++}
++
++
++
++
+-- 
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index 46a16fd..df4cdeb 100644
--- a/perl.spec
+++ b/perl.spec
@@ -223,6 +223,10 @@ Patch58:        
perl-5.24.0-perl-129130-make-chdir-allocate-the-stack-it-needs.p
 # RT130098
 Patch59:        perl-5.25.7-Fix-Storable-segfaults.patch
 
+# Fix crash on explicit return from regular expression substitution, RT#130188,
+# in upstream after 5.25.7
+Patch60:        perl-5.24.0-crash-on-explicit-return-from-s-e.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2906,6 +2910,7 @@ Perl extension for Version Objects
 %patch57 -p1
 %patch58 -p1
 %patch59 -p1
+%patch60 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2956,6 +2961,7 @@ perl -x patchlevel.h \
     'Fedora Patch57: Avoid infinite loop in h2xs tool if enum and type have 
the same name (RT130001)' \
     'Fedora Patch58: Fix stack handling when calling chdir without an argument 
(RT#129130)' \
     'Fedora Patch59: Fix crash in Storable when deserializing malformed code 
reference (RT#68348, RT#130098)' \
+    'Fedora Patch60: Fix crash on explicit return from regular expression 
substitution (RT#130188)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on 
Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5237,6 +5243,7 @@ popd
 * Mon Dec 19 2016 Petr Pisar <ppi...@redhat.com> - 4:5.24.0-380
 - Fix crash in Storable when deserializing malformed code reference
   (RT#68348, RT#130098)
+- Fix crash on explicit return from regular expression substitution (RT#130188)
 
 * Wed Nov 09 2016 Petr Pisar <ppi...@redhat.com> - 4:5.24.0-379
 - Tie perl-Errno release to interpreter build because of kernel version check
-- 
cgit v0.12


        
http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=f25&id=357d7b2c1c247ac324a3e4abc8221ff9889db9d3
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

Reply via email to