Prevent from an integer overflow in RenewDouble() macro

2020-08-05 13:45:19 +02:00 · 2020-08-05 13:45:19 +02:00 · 41b42279ab
commit 41b42279ab
parent 0350142371
2 changed files with 53 additions and 0 deletions
--- a/perl-5.33.0-reentr.c-Prevent-infinite-looping.patch
+++ b/perl-5.33.0-reentr.c-Prevent-infinite-looping.patch
@ -0,0 +1,46 @@
 From 981fbfc16220a15e72457d8ece4e014988746946 Mon Sep 17 00:00:00 2001
 From: Karl Williamson <khw@cpan.org>
 Date: Thu, 12 Mar 2020 12:48:47 -0600
 Subject: [PATCH] reentr.c: Prevent infinite looping
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 This is an easy, though  paranoid hedge to prevent something that should
 never happen from causing an infinite loop if it were to happen.
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 reentr.c        | 2 +-
 regen/reentr.pl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/reentr.c b/reentr.c
 index 8438c8f90f..2429aa2f5d 100644
 --- a/reentr.c
 +++ b/reentr.c
@@ -36,7 +36,7 @@
 #define RenewDouble(data_pointer, size_pointer, type) \
     STMT_START { \
 -	const size_t size = *(size_pointer) * 2; \
 +	const size_t size = MAX(*(size_pointer), 1) * 2; \
 	Renew((data_pointer), (size), type); \
 	*(size_pointer) = size; \
     } STMT_END
 diff --git a/regen/reentr.pl b/regen/reentr.pl
 index 94721e9dec..ba2e1c8fa6 100644
 --- a/regen/reentr.pl
 +++ b/regen/reentr.pl
@@ -818,7 +818,7 @@ print $c <<"EOF";
 #define RenewDouble(data_pointer, size_pointer, type) \\
     STMT_START { \\
 -	const size_t size = *(size_pointer) * 2; \\
 +	const size_t size = MAX(*(size_pointer), 1) * 2; \\
 	Renew((data_pointer), (size), type); \\
 	*(size_pointer) = size; \\
     } STMT_END
 -- 
 2.25.4
--- a/perl.spec
+++ b/perl.spec
@ -197,6 +197,10 @@ Patch24:        perl-5.33.0-Add-missing-MANIFEST-entry-from-fix-for-debugger.pat
 # in upstream after 5.33.0
 Patch25:        perl-5.33.0-reentr.c-Buffer-sizes-for-asctime_r-ctime_r-are-smal.patch
 # Prevent from an integer overflow in RenewDouble() macro,
 # in upstream after 5.33.0
 Patch26:        perl-5.33.0-reentr.c-Prevent-infinite-looping.patch
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -4208,6 +4212,7 @@ you're not running VMS, this module does nothing.
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
 %patch200 -p1
 %patch201 -p1
@ -4240,6 +4245,7 @@ perl -x patchlevel.h \
    'Fedora Patch23: Fix running actions after stepping in a debugger (GH#17901)' \
    'Fedora Patch24: Fix running actions after stepping in a debugger (GH#17901)' \
    'Fedora Patch25: Fix a buffer size for asctime_r() and ctime_r() functions' \
    'Fedora Patch26: Prevent from an integer overflow in RenewDouble() macro' \
    'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
    'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
    %{nil}
@ -6967,6 +6973,7 @@ popd
 - Fix setting a non-blocking mode in IO::Socket::UNIX (GH#17787)
 - Fix running actions after stepping in a debugger (GH#17901)
 - Fix a buffer size for asctime_r() and ctime_r() functions
 - Prevent from an integer overflow in RenewDouble() macro
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4:5.32.0-458
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild