Fix crash in Storable when deserializing malformed code reference
This commit is contained in:
Petr Písař
parent
592810058a
commit
2a293b3799
61
perl-5.25.7-Fix-Storable-segfaults.patch
Normal file
61
perl-5.25.7-Fix-Storable-segfaults.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From fecd3be8dbdb747b9cbf4cbb9299ce40faabc8e6 Mon Sep 17 00:00:00 2001
|
||||
From: John Lightsey <lightsey@debian.org>
|
||||
Date: Mon, 14 Nov 2016 11:56:15 +0100
|
||||
Subject: [PATCH] Fix Storable segfaults.
|
||||
|
||||
Fix a null pointed dereference segfault in storable when the
|
||||
retrieve_code logic was unable to read the string that contained
|
||||
the code.
|
||||
|
||||
Also fix several locations where retrieve_other was called with a
|
||||
null context pointer. This also resulted in a null pointer
|
||||
dereference.
|
||||
---
|
||||
dist/Storable/Storable.xs | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
|
||||
index 053951c..caa489c 100644
|
||||
--- a/dist/Storable/Storable.xs
|
||||
+++ b/dist/Storable/Storable.xs
|
||||
@@ -5647,6 +5647,10 @@ static SV *retrieve_code(pTHX_ stcxt_t *cxt, const char *cname)
|
||||
CROAK(("Unexpected type %d in retrieve_code\n", type));
|
||||
}
|
||||
|
||||
+ if (!text) {
|
||||
+ CROAK(("Unable to retrieve code\n"));
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* prepend "sub " to the source
|
||||
*/
|
||||
@@ -5767,7 +5771,7 @@ static SV *old_retrieve_array(pTHX_ stcxt_t *cxt, const char *cname)
|
||||
continue; /* av_extend() already filled us with undef */
|
||||
}
|
||||
if (c != SX_ITEM)
|
||||
- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
|
||||
+ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
|
||||
TRACEME(("(#%d) item", i));
|
||||
sv = retrieve(aTHX_ cxt, 0); /* Retrieve item */
|
||||
if (!sv)
|
||||
@@ -5844,7 +5848,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname)
|
||||
if (!sv)
|
||||
return (SV *) 0;
|
||||
} else
|
||||
- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
|
||||
+ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
|
||||
|
||||
/*
|
||||
* Get key.
|
||||
@@ -5855,7 +5859,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname)
|
||||
|
||||
GETMARK(c);
|
||||
if (c != SX_KEY)
|
||||
- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
|
||||
+ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
|
||||
RLEN(size); /* Get key size */
|
||||
KBUFCHK((STRLEN)size); /* Grow hash key read pool if needed */
|
||||
if (size)
|
||||
--
|
||||
2.10.2
|
||||
|
||||
12
perl.spec
12
perl.spec
@ -28,7 +28,7 @@
|
||||
Name: perl
|
||||
Version: %{perl_version}
|
||||
# release number must be even higher, because dual-lived modules will be broken otherwise
|
||||
Release: 380%{?dist}
|
||||
Release: 381%{?dist}
|
||||
Epoch: %{perl_epoch}
|
||||
Summary: Practical Extraction and Report Language
|
||||
Group: Development/Languages
|
||||
@ -219,6 +219,10 @@ Patch57: perl-5.25.6-perl-130001-h2xs-avoid-infinite-loop-for-enums.patch
|
||||
# in upstream after 5.25.6
|
||||
Patch58: perl-5.24.0-perl-129130-make-chdir-allocate-the-stack-it-needs.patch
|
||||
|
||||
# Fix crash in Storable when deserializing malformed code reference, RT#68348,
|
||||
# RT130098
|
||||
Patch59: perl-5.25.7-Fix-Storable-segfaults.patch
|
||||
|
||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||
|
||||
@ -2903,6 +2907,7 @@ Perl extension for Version Objects
|
||||
%patch56 -p1
|
||||
%patch57 -p1
|
||||
%patch58 -p1
|
||||
%patch59 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
|
||||
@ -2952,6 +2957,7 @@ perl -x patchlevel.h \
|
||||
'Fedora Patch56: Fix firstchar bitmap under UTF-8 with prefix optimization (RT#129950)' \
|
||||
'Fedora Patch57: Avoid infinite loop in h2xs tool if enum and type have the same name (RT130001)' \
|
||||
'Fedora Patch58: Fix stack handling when calling chdir without an argument (RT#129130)' \
|
||||
'Fedora Patch59: Fix crash in Storable when deserializing malformed code reference (RT#68348, RT#130098)' \
|
||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||
%{nil}
|
||||
@ -5230,6 +5236,10 @@ popd
|
||||
|
||||
# Old changelog entries are preserved in CVS.
|
||||
%changelog
|
||||
* Mon Nov 28 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-381
|
||||
- Fix crash in Storable when deserializing malformed code reference
|
||||
(RT#68348, RT#130098)
|
||||
|
||||
* Wed Nov 09 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-380
|
||||
- Tie perl-Errno release to interpreter build because of kernel version check
|
||||
(bug #1393421)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user