ppisar pushed to perl (f26). "Fix a memory leak leak in Perl_reg_named_buff_fetch()"

notifications Wed, 08 Mar 2017 07:24:44 -0800

From d61d60edb3b17f8664e6f957916d33042d0790d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
Date: Wed, 8 Mar 2017 12:17:41 +0100
Subject: Fix a memory leak leak in Perl_reg_named_buff_fetch()


---
 ...-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch | 81 ++++++++++++++++++++++
 perl.spec                                          |  7 ++
 2 files changed, 88 insertions(+)
 create mode 100644 
perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch

diff --git 
a/perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch 
b/perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
new file mode 100644
index 0000000..0ebda55
--- /dev/null
+++ b/perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
@@ -0,0 +1,81 @@
+From 0cefeca1fd2405ad1b5544a3919e0000377fde5e Mon Sep 17 00:00:00 2001
+From: Tony Cook <t...@develop-help.com>
+Date: Tue, 21 Feb 2017 16:38:36 +1100
+Subject: [PATCH] (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 5.24.1:
+
+commit 853eb961c1a3b014b5a9510740abc15ccd4383b6
+Author: Tony Cook <t...@develop-help.com>
+Date:   Tue Feb 21 16:38:36 2017 +1100
+
+    (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch
+
+    Originally noted as a scoping issue by Andy Lester.
+
+Signed-off-by: Petr Písař <ppi...@redhat.com>
+---
+ regcomp.c     |  5 +----
+ t/op/svleak.t | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/regcomp.c b/regcomp.c
+index 6329f6c..989c528 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -7849,21 +7849,18 @@ SV*
+ Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv,
+                         const U32 flags)
+ {
+-    AV *retarray = NULL;
+     SV *ret;
+     struct regexp *const rx = ReANY(r);
+ 
+     PERL_ARGS_ASSERT_REG_NAMED_BUFF_FETCH;
+ 
+-    if (flags & RXapif_ALL)
+-        retarray=newAV();
+-
+     if (rx && RXp_PAREN_NAMES(rx)) {
+         HE *he_str = hv_fetch_ent( RXp_PAREN_NAMES(rx), namesv, 0, 0 );
+         if (he_str) {
+             IV i;
+             SV* sv_dat=HeVAL(he_str);
+             I32 *nums=(I32*)SvPVX(sv_dat);
++            AV * const retarray = (flags & RXapif_ALL) ? newAV() : NULL;
+             for ( i=0; i<SvIVX(sv_dat); i++ ) {
+                 if ((I32)(rx->nparens) >= nums[i]
+                     && rx->offs[nums[i]].start != -1
+diff --git a/t/op/svleak.t b/t/op/svleak.t
+index b0692ff..eeea7c1 100644
+--- a/t/op/svleak.t
++++ b/t/op/svleak.t
+@@ -15,7 +15,7 @@ BEGIN {
+ 
+ use Config;
+ 
+-plan tests => 133;
++plan tests => 134;
+ 
+ # run some code N times. If the number of SVs at the end of loop N is
+ # greater than (N-1)*delta at the end of loop 1, we've got a leak
+@@ -557,3 +557,13 @@ EOF
+     sub lk { { my $d = $op->hints_hash->HASH } }
+     ::leak(3, 0, \&lk, q!B::RHE->HASH shoudln't leak!);
+ }
++
++{
++    # Perl_reg_named_buff_fetch() leaks an AV when called with an RE
++    # with no named captures
++    sub named {
++        "x" =~ /x/;
++        re::regname("foo", 1);
++    }
++    ::leak(2, 0, \&named, "Perl_reg_named_buff_fetch() on no-name RE");
++}
+-- 
+2.7.4
+
diff --git a/perl.spec b/perl.spec
index 88a8a2a..e01514a 100644
--- a/perl.spec
+++ b/perl.spec
@@ -309,6 +309,10 @@ Patch87:        
perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf
 # in upstream after 5.25.9
 Patch88:        
perl-5.24.1-perl-129340-copy-the-source-when-inside-the-dest-in-.patch
 
+# Fix a memory leak leak in Perl_reg_named_buff_fetch(), RT#130822,
+# in upstream after 5.25.10
+Patch89:        
perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       
perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -3023,6 +3027,7 @@ popd
 %patch86 -p1
 %patch87 -p1
 %patch88 -p1
+%patch89 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -3096,6 +3101,7 @@ perl -x patchlevel.h \
     'Fedora Patch86: Fix a memory leak in list assignment from or to magic 
values, (RT#130766)' \
     'Fedora Patch87: Fix a null-pointer dereference on malformed code 
(RT#130815)' \
     'Fedora Patch88: Fix an use-after-free in substr() that modifies a magic 
variable (RT#129340)' \
+    'Fedora Patch89: Fix a memory leak leak in Perl_reg_named_buff_fetch() 
(RT#130822)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on 
Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5375,6 +5381,7 @@ popd
 * Wed Mar 08 2017 Petr Pisar <ppi...@redhat.com> - 4:5.24.1-390
 - Fix a null-pointer dereference on malformed code (RT#130815)
 - Fix an use-after-free in substr() that modifies a magic variable (RT#129340)
+- Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822)
 
 * Fri Feb 17 2017 Petr Pisar <ppi...@redhat.com> - 4:5.24.1-389
 - Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326)
-- 
cgit v1.1


        
https://src.fedoraproject.org/cgit/perl.git/commit/?h=f26&id=d61d60edb3b17f8664e6f957916d33042d0790d7
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

ppisar pushed to perl (f26). "Fix a memory leak leak in Perl_reg_named_buff_fetch()"

Reply via email to