Fix crash on explicit return from regular expression substitution

2016-11-28 14:15:43 +01:00 · 2016-11-28 14:15:43 +01:00 · 41b63f7330
commit 41b63f7330
parent 2a293b3799
2 changed files with 101 additions and 0 deletions
--- a/perl-5.24.0-crash-on-explicit-return-from-s-e.patch
+++ b/perl-5.24.0-crash-on-explicit-return-from-s-e.patch
@ -0,0 +1,94 @@
+From 2c639acf40b4abc2783352f8e20dbfb68389e633 Mon Sep 17 00:00:00 2001
+From: David Mitchell <davem@iabyn.com>
+Date: Mon, 28 Nov 2016 08:03:49 +0000
+Subject: [PATCH] crash on explicit return from s///e
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Petr Pisar: Ported to 5.24.0:
+
+commit 7332835e5da7b7a793ef814a84e53003be1d0138
+Author: David Mitchell <davem@iabyn.com>
+Date:   Mon Nov 28 08:03:49 2016 +0000
+
+    crash on explicit return from s///e
+
+    RT #130188
+
+    In
+
+        sub f {
+            my $x = 'a';
+            $x =~ s/./return;/e;
+        }
+
+    the 'return' triggers popping any contexts above the subroutine context:
+    in this case, a CXt_SUBST context. In this case, Perl_dounwind() calls
+    cx_popblock() for the bottom-most popped context, to restore any saved
+    vars. However, CXt_SUBST is the one context type which *doesn't* use
+    'struct block' as part of its context struct union, so you can't
+    cx_popblock() a CXt_SUBST context.
+
+    This commit makes it skip the cx_popblock() in this case.
+
+    Bug was introduced by me with v5.23.7-235-gfc6e609.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pp_ctl.c     |  6 ++++++
+ t/re/subst.t | 17 ++++++++++++++++-
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/pp_ctl.c b/pp_ctl.c
+index 99ff59a..b94c09a 100644
+--- a/pp_ctl.c
+++ b/pp_ctl.c
+@@ -1529,6 +1529,12 @@ Perl_dounwind(pTHX_ I32 cxix)
+ 	switch (CxTYPE(cx)) {
+ 	case CXt_SUBST:
+ 	    CX_POPSUBST(cx);
+            /* CXt_SUBST is not a block context type, so skip the
+             * cx_popblock(cx) below */
+            if (cxstack_ix == cxix + 1) {
+                cxstack_ix--;
+                return;
+            }
+ 	    break;
+ 	case CXt_SUB:
+ 	    cx_popsub(cx);
+diff --git a/t/re/subst.t b/t/re/subst.t
+index 26a78c7..c039cc4 100644
+--- a/t/re/subst.t
+++ b/t/re/subst.t
+@@ -11,7 +11,7 @@ BEGIN {
+     require './loc_tools.pl';
+ }
+ 
+-plan( tests => 270 );
+plan( tests => 271 );
+ 
+ $_ = 'david';
+ $a = s/david/rules/r;
+@@ -1102,3 +1102,18 @@ SKIP: {
+     $s =~ s/..\G//g;
+     is($s, "\x{123}", "#RT 126260 gofs");
+ }
+
+# [perl #130188] crash on return from substitution in subroutine
+# make sure returning from s///e doesn't SEGV
+{
+    my $f = sub {
+        my $x = 'a';
+        $x =~ s/./return;/e;
+    };
+    my $x = $f->();
+    pass("RT #130188");
+}
+
+
+
+
+-- 
+2.7.4
+
--- a/perl.spec
+++ b/perl.spec
@ -223,6 +223,10 @@ Patch58:        perl-5.24.0-perl-129130-make-chdir-allocate-the-stack-it-needs.p
 # RT130098
 Patch59:        perl-5.25.7-Fix-Storable-segfaults.patch

+# Fix crash on explicit return from regular expression substitution, RT#130188,
+# in upstream after 5.25.7
+Patch60:        perl-5.24.0-crash-on-explicit-return-from-s-e.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch

@ -2908,6 +2912,7 @@ Perl extension for Version Objects
 %patch57 -p1
 %patch58 -p1
 %patch59 -p1
+%patch60 -p1
 %patch200 -p1
 %patch201 -p1

@ -2958,6 +2963,7 @@ perl -x patchlevel.h \
    'Fedora Patch57: Avoid infinite loop in h2xs tool if enum and type have the same name (RT130001)' \
    'Fedora Patch58: Fix stack handling when calling chdir without an argument (RT#129130)' \
    'Fedora Patch59: Fix crash in Storable when deserializing malformed code reference (RT#68348, RT#130098)' \
+    'Fedora Patch60: Fix crash on explicit return from regular expression substitution (RT#130188)' \
    'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
    'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
    %{nil}
@ -5239,6 +5245,7 @@ popd
 * Mon Nov 28 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-381
 - Fix crash in Storable when deserializing malformed code reference
  (RT#68348, RT#130098)
+- Fix crash on explicit return from regular expression substitution (RT#130188)

 * Wed Nov 09 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-380
 - Tie perl-Errno release to interpreter build because of kernel version check