rpms
/
perl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a buffer overread in when parsing a number

This commit is contained in:
Petr Písař 2019-11-12 17:18:17 +01:00
parent 126f691220
commit 148d5a6bc6
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
perl-5.30.1-handle-s-being-updated-without-len-being-updated.patch Normal file
View File

@ -0,0 +1,47 @@
From a0148bb8496444302b087bc0ffcf8dad42f8e475 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Mon, 11 Nov 2019 14:43:42 +1100
Subject: [PATCH] handle s being updated without len being updated
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
fix #17279
Petr Písař: Ported to 5.30.1 from
e56dfd967ce460481a9922d14e931b438548093d.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
numeric.c | 2 +-
t/lib/croak/regcomp | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/numeric.c b/numeric.c
index d6ce53e..35adebe 100644
--- a/numeric.c
+++ b/numeric.c
@@ -1552,7 +1552,7 @@ Perl_my_atof3(pTHX_ const char* orig, NV* value, const STRLEN len)
/* strtold() accepts 0x-prefixed hex and in POSIX implementations,
0b-prefixed binary numbers, which is backward incompatible
*/
- if ((len == 0 || len >= 2) && *s == '0' &&
+ if ((len == 0 || len - (s-orig) >= 2) && *s == '0' &&
(isALPHA_FOLD_EQ(s[1], 'x') || isALPHA_FOLD_EQ(s[1], 'b'))) {
*value = 0;
return (char *)s+1;
diff --git a/t/lib/croak/regcomp b/t/lib/croak/regcomp
index 0ba705e..c0c2710 100644
--- a/t/lib/croak/regcomp
+++ b/t/lib/croak/regcomp
@@ -70,3 +70,7 @@ qr/((a))/;
EXPECT
Too many nested open parens in regex; marked by <-- HERE in m/(( <-- HERE a))/ at - line 3.
########
+# NAME numeric parsing buffer overflow in numeric.c
+0=~/\p{nV:-0}/
+EXPECT
+Can't find Unicode property definition "nV:-0" in regex; marked by <-- HERE in m/\p{nV:-0} <-- HERE / at - line 1.
--
2.21.0

7
perl.spec
View File

@ -284,6 +284,10 @@ Patch69: perl-5.31.5-toke.c-comment-changes.patch
# Fix a race in File::stat() tests, GH#17234, in upstream after 5.31.5
Patch70: perl-5.31.5-prevent-a-race-between-name-based-stat-and-an-open-m.patch
# Fix a buffer overread in when parsing a number, GH#17279,
# in upstream after 5.31.5
Patch71: perl-5.30.1-handle-s-being-updated-without-len-being-updated.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2875,6 +2879,7 @@ rm -rf .git # Perl tests examine a git repository
%patch68 -p1
%patch69 -p1
%patch70 -p1
%patch71 -p1
%patch200 -p1
%patch201 -p1
@ -2940,6 +2945,7 @@ perl -x patchlevel.h \
'Fedora Patch68: Fix an unintended upgrade to UTF-8 in the middle of a transliteration' \
'Fedora Patch69: Fix an unintended upgrade to UTF-8 in the middle of a transliteration' \
'Fedora Patch70: Fix a race in File::stat() tests (GH#17234)' \
'Fedora Patch71: Fix a buffer overread in when parsing a number (GH#17279)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@ -5192,6 +5198,7 @@ popd
- Fix handling a layer argument in Tie::StdHandle::BINMODE() (RT#132475)
- Fix an unintended upgrade to UTF-8 in the middle of a transliteration
- Fix a race in File::stat() tests (GH#17234)
- Fix a buffer overread in when parsing a number (GH#17279)
* Mon Nov 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.30.1-447
- 5.30.1 bump (see <https://metacpan.org/pod/release/SHAY/perl-5.30.1/pod/perldelta.pod>