Fix a null-pointer dereference on malformed code
This commit is contained in:
Petr Písař
parent
b39bdfd34d
commit
2f5d87ed75
|
|
@ -0,0 +1,72 @@
|
|||
From be05b2f7a801ae1721641fd240e0d7d6fc018136 Mon Sep 17 00:00:00 2001
|
||||
From: Aaron Crane <arc@cpan.org>
|
||||
Date: Sun, 19 Feb 2017 12:26:54 +0000
|
||||
Subject: [PATCH] fix ck_return null-pointer deref on malformed code
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Ported to 5.24.1:
|
||||
|
||||
commit e5c165a0b7551ffb94661aa7f18aabadba257782
|
||||
Author: Aaron Crane <arc@cpan.org>
|
||||
Date: Sun Feb 19 12:26:54 2017 +0000
|
||||
|
||||
[perl #130815] fix ck_return null-pointer deref on malformed code
|
||||
|
||||
commit 9de2a80ffc0eefb4d60e13766baf4bad129e0a92
|
||||
Author: David Mitchell <davem@iabyn.com>
|
||||
Date: Sun Feb 19 12:36:58 2017 +0000
|
||||
|
||||
bump test count in t/comp/parser.t
|
||||
|
||||
(the previous commit forgot to)
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
op.c | 2 +-
|
||||
t/comp/parser.t | 8 +++++++-
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/op.c b/op.c
|
||||
index 018d90c..9a61ea7 100644
|
||||
--- a/op.c
|
||||
+++ b/op.c
|
||||
@@ -10695,7 +10695,7 @@ Perl_ck_return(pTHX_ OP *o)
|
||||
PERL_ARGS_ASSERT_CK_RETURN;
|
||||
|
||||
kid = OpSIBLING(cLISTOPo->op_first);
|
||||
- if (CvLVALUE(PL_compcv)) {
|
||||
+ if (PL_compcv && CvLVALUE(PL_compcv)) {
|
||||
for (; kid; kid = OpSIBLING(kid))
|
||||
op_lvalue(kid, OP_LEAVESUBLV);
|
||||
}
|
||||
diff --git a/t/comp/parser.t b/t/comp/parser.t
|
||||
index 50f601c..5016509 100644
|
||||
--- a/t/comp/parser.t
|
||||
+++ b/t/comp/parser.t
|
||||
@@ -8,7 +8,7 @@ BEGIN {
|
||||
chdir 't' if -d 't';
|
||||
}
|
||||
|
||||
-print "1..173\n";
|
||||
+print "1..174\n";
|
||||
|
||||
sub failed {
|
||||
my ($got, $expected, $name) = @_;
|
||||
@@ -546,6 +546,12 @@ eval "grep+grep";
|
||||
eval 'qq{@{0]}${}},{})';
|
||||
is(1, 1, "RT #124207");
|
||||
|
||||
+# RT #130815: crash in ck_return for malformed code
|
||||
+{
|
||||
+ eval 'm(@{if(0){sub d{]]])}return';
|
||||
+ like $@, qr/^syntax error at \(eval \d+\) line 1, near "\{\]"/,
|
||||
+ 'RT #130815: null pointer deref';
|
||||
+}
|
||||
|
||||
# Add new tests HERE (above this line)
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
11
perl.spec
11
perl.spec
|
|
@ -28,7 +28,7 @@
|
|||
Name: perl
|
||||
Version: %{perl_version}
|
||||
# release number must be even higher, because dual-lived modules will be broken otherwise
|
||||
Release: 389%{?dist}
|
||||
Release: 390%{?dist}
|
||||
Epoch: %{perl_epoch}
|
||||
Summary: Practical Extraction and Report Language
|
||||
Group: Development/Languages
|
||||
|
|
@ -301,6 +301,10 @@ Patch85: perl-5.24.1-fix-pad-scope-issue-in-re_evals.patch
|
|||
# in upstream after 5.25.9
|
||||
Patch86: perl-5.25.9-avoid-a-leak-in-list-assign-from-to-magic-values.patch
|
||||
|
||||
# Fix a null-pointer dereference on malformed code, RT#130815,
|
||||
# in upstream after 5.25.9
|
||||
Patch87: perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf.patch
|
||||
|
||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||
|
||||
|
|
@ -3013,6 +3017,7 @@ popd
|
|||
%patch84 -p1
|
||||
%patch85 -p1
|
||||
%patch86 -p1
|
||||
%patch87 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
|
||||
|
|
@ -3084,6 +3089,7 @@ perl -x patchlevel.h \
|
|||
'Fedora Patch83: Fix a buffer overflow when studying some regexps repeatedly (RT#129281, RT#129061)' \
|
||||
'Fedora Patch85: Fix a heap buffer overflow when evaluating regexps with embedded code blocks from more than one source, RT#129881' \
|
||||
'Fedora Patch86: Fix a memory leak in list assignment from or to magic values, (RT#130766)' \
|
||||
'Fedora Patch87: Fix a null-pointer dereference on malformed code (RT#130815)' \
|
||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||
%{nil}
|
||||
|
|
@ -5360,6 +5366,9 @@ popd
|
|||
|
||||
# Old changelog entries are preserved in CVS.
|
||||
%changelog
|
||||
* Wed Mar 08 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-390
|
||||
- Fix a null-pointer dereference on malformed code (RT#130815)
|
||||
|
||||
* Fri Feb 17 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-389
|
||||
- Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326)
|
||||
- Fix a heap buffer overflow when evaluating regexps with embedded code blocks
|
||||
|
|
|
|||
Loading…
Reference in New Issue