Revert a fix for a buffer overrun in deprecated S_is_utf8_common()
This commit is contained in:
parent
ceb01be0f0
commit
28506e03c6
@ -1,29 +0,0 @@
|
||||
From 80ebe57f7bd7f07d3ad1ff9604b2580b98579582 Mon Sep 17 00:00:00 2001
|
||||
From: Steve Hay <steve.m.hay@googlemail.com>
|
||||
Date: Thu, 19 Jul 2018 13:49:00 +0100
|
||||
Subject: [PATCH] Fix VC6 build following commit aa3c16bd70
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
utf8.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/utf8.c b/utf8.c
|
||||
index 51039aed4f..57eac2d8f2 100644
|
||||
--- a/utf8.c
|
||||
+++ b/utf8.c
|
||||
@@ -6363,7 +6363,7 @@ Perl_utf8_to_uvchr(pTHX_ const U8 *s, STRLEN *retlen)
|
||||
}
|
||||
|
||||
return utf8_to_uvchr_buf(s,
|
||||
- s + strnlen((char *) s, UTF8_MAXBYTES),
|
||||
+ s + my_strnlen((char *) s, UTF8_MAXBYTES),
|
||||
retlen);
|
||||
}
|
||||
|
||||
--
|
||||
2.14.4
|
||||
|
@ -1,54 +0,0 @@
|
||||
From aa3c16bd709ef9b9c8c785af48f368e08f70c74b Mon Sep 17 00:00:00 2001
|
||||
From: Karl Williamson <khw@cpan.org>
|
||||
Date: Tue, 17 Jul 2018 13:57:54 -0600
|
||||
Subject: [PATCH] Make utf8_to_uvchr() safer
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This function is deprecated because the API doesn't allow it to
|
||||
determine the end of the input string, so it can read off the far end.
|
||||
But I just realized that since many strings are NUL-terminated, so we
|
||||
can forbid it from reading past the next NUL, and hence make it safe in
|
||||
many cases.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
utf8.c | 21 ++++++++++++++++++++-
|
||||
1 file changed, 20 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/utf8.c b/utf8.c
|
||||
index dec8aa1252..51039aed4f 100644
|
||||
--- a/utf8.c
|
||||
+++ b/utf8.c
|
||||
@@ -6345,7 +6345,26 @@ Perl_utf8_to_uvchr(pTHX_ const U8 *s, STRLEN *retlen)
|
||||
{
|
||||
PERL_ARGS_ASSERT_UTF8_TO_UVCHR;
|
||||
|
||||
- return utf8_to_uvchr_buf(s, s + UTF8_MAXBYTES, retlen);
|
||||
+ /* This function is unsafe if malformed UTF-8 input is given it, which is
|
||||
+ * why the function is deprecated. If the first byte of the input
|
||||
+ * indicates that there are more bytes remaining in the sequence that forms
|
||||
+ * the character than there are in the input buffer, it can read past the
|
||||
+ * end. But we can make it safe if the input string happens to be
|
||||
+ * NUL-terminated, as many strings in Perl are, by refusing to read past a
|
||||
+ * NUL. A NUL indicates the start of the next character anyway. If the
|
||||
+ * input isn't NUL-terminated, the function remains unsafe, as it always
|
||||
+ * has been.
|
||||
+ *
|
||||
+ * An initial NUL has to be handled separately, but all ASCIIs can be
|
||||
+ * handled the same way, speeding up this common case */
|
||||
+
|
||||
+ if (UTF8_IS_INVARIANT(*s)) { /* Assumes 's' contains at least 1 byte */
|
||||
+ return (UV) *s;
|
||||
+ }
|
||||
+
|
||||
+ return utf8_to_uvchr_buf(s,
|
||||
+ s + strnlen((char *) s, UTF8_MAXBYTES),
|
||||
+ retlen);
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
2.14.4
|
||||
|
@ -1,39 +0,0 @@
|
||||
From 2951abb4de83bfd534d332144e6a0bb3e2aaecdc Mon Sep 17 00:00:00 2001
|
||||
From: Karl Williamson <khw@cpan.org>
|
||||
Date: Mon, 30 Jul 2018 21:41:44 -0600
|
||||
Subject: [PATCH] Make utf8_to_uvchr() slightly safer
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Recent commit aa3c16bd709ef9b9c8c785af48f368e08f70c74b made this
|
||||
function safe if the input is a NUL-terminated string. But if not, it
|
||||
can read past the end of the buffer. It used as a limit the maximum
|
||||
length a UTF-8 code point can be. But most code points in real-world
|
||||
use aren't nearly that long, and we know how long that can be by looking
|
||||
at the first byte. Therefore, use the length determined by the first
|
||||
byte as the limit instead of the maximum possible.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
utf8.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/utf8.c b/utf8.c
|
||||
index ceb8ed82df..06b77689c0 100644
|
||||
--- a/utf8.c
|
||||
+++ b/utf8.c
|
||||
@@ -5755,8 +5755,8 @@ Perl_utf8_to_uvchr(pTHX_ const U8 *s, STRLEN *retlen)
|
||||
}
|
||||
|
||||
return utf8_to_uvchr_buf(s,
|
||||
- s + my_strnlen((char *) s, UTF8_MAXBYTES),
|
||||
- retlen);
|
||||
+ s + my_strnlen((char *) s, UTF8SKIP(s)),
|
||||
+ retlen);
|
||||
}
|
||||
|
||||
/*
|
||||
--
|
||||
2.14.4
|
||||
|
38
perl.spec
38
perl.spec
@ -81,7 +81,7 @@ License: GPL+ or Artistic
|
||||
Epoch: %{perl_epoch}
|
||||
Version: %{perl_version}
|
||||
# release number must be even higher, because dual-lived modules will be broken otherwise
|
||||
Release: 421%{?dist}
|
||||
Release: 422%{?dist}
|
||||
Summary: Practical Extraction and Report Language
|
||||
Url: https://www.perl.org/
|
||||
Source0: https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz
|
||||
@ -181,30 +181,24 @@ Patch22: perl-5.29.1-perl-133314-always-close-the-directory-handle-on-cle
|
||||
# in upstream after 5.29.1
|
||||
Patch23: perl-5.29.1-utf8.c-Make-safer-a-deprecated-function.patch
|
||||
|
||||
# Fix a buffer overrun in deprecated utf8_to_uvchr(),
|
||||
# in upstrem after 5.29.0
|
||||
Patch24: perl-5.29.0-Make-utf8_to_uvchr-safer.patch
|
||||
Patch25: perl-5.29.0-Fix-VC6-build-following-commit-aa3c16bd70.patch
|
||||
Patch26: perl-5.29.1-Make-utf8_to_uvchr-slightly-safer.patch
|
||||
|
||||
# Fix a time race in Time-HiRes/t/itimer.t test, in upstream after 5.29.1
|
||||
Patch27: perl-5.29.1-Time-HiRes-t-itimer.t-avoid-race-condition.patch
|
||||
Patch24: perl-5.29.1-Time-HiRes-t-itimer.t-avoid-race-condition.patch
|
||||
|
||||
# Fix matching an ASCII digit followed by a non-ASCII digit using a script
|
||||
# run, in upstream after 5.29.1
|
||||
Patch28: perl-5.28.0-Fix-script-run-bug-1-followed-by-Thai-digit.patch
|
||||
Patch25: perl-5.28.0-Fix-script-run-bug-1-followed-by-Thai-digit.patch
|
||||
|
||||
# Fix Time::Piece to handle objects in overloaded methods correctly,
|
||||
# in upstream after 5.29.1
|
||||
Patch29: perl-5.29.1-Update-Time-Piece-to-CPAN-version-1.33.patch
|
||||
Patch26: perl-5.29.1-Update-Time-Piece-to-CPAN-version-1.33.patch
|
||||
|
||||
# Fix an assignment to a lexical variable in multiconcatenation expressions,
|
||||
# RT#133441, in upstream after 5.29.2
|
||||
Patch30: perl-5.29.2-multiconcat-mutator-not-seen-in-lex.patch
|
||||
Patch27: perl-5.29.2-multiconcat-mutator-not-seen-in-lex.patch
|
||||
|
||||
# Fix a spurious warning about uninitialized value in warn, RT#132683,
|
||||
# in upstream after 5.29.2
|
||||
Patch31: perl-5.29.2-perl-132683-don-t-try-to-convert-PL_sv_placeholder-i.patch
|
||||
Patch28: perl-5.29.2-perl-132683-don-t-try-to-convert-PL_sv_placeholder-i.patch
|
||||
|
||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||
@ -2787,9 +2781,6 @@ Perl extension for Version Objects
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
%patch31 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
|
||||
@ -2820,14 +2811,11 @@ perl -x patchlevel.h \
|
||||
'Fedora Patch21: Fix a file descriptor leak in in-place edits (RT#133314)' \
|
||||
'Fedora Patch22: Fix a file descriptor leak in in-place edits (RT#133314)' \
|
||||
'Fedora Patch23: Fix a buffer overrun in deprecated S_is_utf8_common()' \
|
||||
'Fedora Patch24: Fix a buffer overrun in deprecated utf8_to_uvchr()' \
|
||||
'Fedora Patch25: Fix a buffer overrun in deprecated utf8_to_uvchr()' \
|
||||
'Fedora Patch26: Fix a buffer overrun in deprecated utf8_to_uvchr()' \
|
||||
'Fedora Patch27: Fix a time race in Time-HiRes/t/itimer.t test' \
|
||||
'Fedora Patch28: Fix matching an ASCII digit followed by a non-ASCII digit using a script run' \
|
||||
'Fedora Patch29: Fix Time::Piece to handle objects in overloaded methods correctly' \
|
||||
'Fedora Patch30: Fix an assignment to a lexical variable in multiconcatenation expressions (RT#133441)' \
|
||||
'Fedora Patch31: Fix a spurious warning about uninitialized value in warn (RT#132683)' \
|
||||
'Fedora Patch24: Fix a time race in Time-HiRes/t/itimer.t test' \
|
||||
'Fedora Patch25: Fix matching an ASCII digit followed by a non-ASCII digit using a script run' \
|
||||
'Fedora Patch26: Fix Time::Piece to handle objects in overloaded methods correctly' \
|
||||
'Fedora Patch27: Fix an assignment to a lexical variable in multiconcatenation expressions (RT#133441)' \
|
||||
'Fedora Patch28: Fix a spurious warning about uninitialized value in warn (RT#132683)' \
|
||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||
%{nil}
|
||||
@ -5116,6 +5104,10 @@ popd
|
||||
|
||||
# Old changelog entries are preserved in CVS.
|
||||
%changelog
|
||||
* Mon Sep 10 2018 Petr Pisar <ppisar@redhat.com> - 4:5.28.0-422
|
||||
- Revert a fix for a buffer overrun in deprecated S_is_utf8_common()
|
||||
(bug #1627091)
|
||||
|
||||
* Wed Sep 05 2018 Petr Pisar <ppisar@redhat.com> - 4:5.28.0-421
|
||||
- Fix a buffer overrun in deprecated S_is_utf8_common()
|
||||
- Fix a buffer overrun in deprecated utf8_to_uvchr()
|
||||
|
Loading…
Reference in New Issue
Block a user