Prevent from an integer overflow in RenewDouble() macro

This commit is contained in:
Petr Písař 2020-08-05 13:45:19 +02:00
parent 0350142371
commit 41b42279ab
2 changed files with 53 additions and 0 deletions

View File

@ -0,0 +1,46 @@
From 981fbfc16220a15e72457d8ece4e014988746946 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Thu, 12 Mar 2020 12:48:47 -0600
Subject: [PATCH] reentr.c: Prevent infinite looping
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is an easy, though paranoid hedge to prevent something that should
never happen from causing an infinite loop if it were to happen.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
reentr.c | 2 +-
regen/reentr.pl | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/reentr.c b/reentr.c
index 8438c8f90f..2429aa2f5d 100644
--- a/reentr.c
+++ b/reentr.c
@@ -36,7 +36,7 @@
#define RenewDouble(data_pointer, size_pointer, type) \
STMT_START { \
- const size_t size = *(size_pointer) * 2; \
+ const size_t size = MAX(*(size_pointer), 1) * 2; \
Renew((data_pointer), (size), type); \
*(size_pointer) = size; \
} STMT_END
diff --git a/regen/reentr.pl b/regen/reentr.pl
index 94721e9dec..ba2e1c8fa6 100644
--- a/regen/reentr.pl
+++ b/regen/reentr.pl
@@ -818,7 +818,7 @@ print $c <<"EOF";
#define RenewDouble(data_pointer, size_pointer, type) \\
STMT_START { \\
- const size_t size = *(size_pointer) * 2; \\
+ const size_t size = MAX(*(size_pointer), 1) * 2; \\
Renew((data_pointer), (size), type); \\
*(size_pointer) = size; \\
} STMT_END
--
2.25.4

View File

@ -197,6 +197,10 @@ Patch24: perl-5.33.0-Add-missing-MANIFEST-entry-from-fix-for-debugger.pat
# in upstream after 5.33.0
Patch25: perl-5.33.0-reentr.c-Buffer-sizes-for-asctime_r-ctime_r-are-smal.patch
# Prevent from an integer overflow in RenewDouble() macro,
# in upstream after 5.33.0
Patch26: perl-5.33.0-reentr.c-Prevent-infinite-looping.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -4208,6 +4212,7 @@ you're not running VMS, this module does nothing.
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch200 -p1
%patch201 -p1
@ -4240,6 +4245,7 @@ perl -x patchlevel.h \
'Fedora Patch23: Fix running actions after stepping in a debugger (GH#17901)' \
'Fedora Patch24: Fix running actions after stepping in a debugger (GH#17901)' \
'Fedora Patch25: Fix a buffer size for asctime_r() and ctime_r() functions' \
'Fedora Patch26: Prevent from an integer overflow in RenewDouble() macro' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@ -6967,6 +6973,7 @@ popd
- Fix setting a non-blocking mode in IO::Socket::UNIX (GH#17787)
- Fix running actions after stepping in a debugger (GH#17901)
- Fix a buffer size for asctime_r() and ctime_r() functions
- Prevent from an integer overflow in RenewDouble() macro
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4:5.32.0-458
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild