Fix a crash in optimized evaluation of "or ((0) x 0))"

This commit is contained in:
Petr Písař 2016-12-19 12:35:26 +01:00
parent bfea7ab5df
commit 4599430ffb
2 changed files with 83 additions and 1 deletions

View File

@ -0,0 +1,73 @@
From 702cf95bcb627f2b3b44fad409df7f0fd517af60 Mon Sep 17 00:00:00 2001
From: David Mitchell <davem@iabyn.com>
Date: Mon, 5 Dec 2016 14:54:44 +0000
Subject: [PATCH] assertion failure in ... or ((0) x 0))
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Petr Pisar: Ported to 5.24.0:
commit 5aa240eab7dbaa91f98c2fee1f04b6c0b5a9b9e3
Author: David Mitchell <davem@iabyn.com>
Date: Mon Dec 5 14:54:44 2016 +0000
assertion failure in ... or ((0) x 0))
[perl #130247] Perl_rpeep(OP *): Assertion `oldop' failed
the 'x 0' optimising code in rpeep didn't expect the repeat expression
to occur on the op_other side of an op_next chain.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
op.c | 4 ++--
t/op/repeat.t | 11 ++++++++++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/op.c b/op.c
index d7b900e..018d90c 100644
--- a/op.c
+++ b/op.c
@@ -13573,10 +13573,10 @@ Perl_rpeep(pTHX_ OP *o)
&& kid->op_next->op_type == OP_REPEAT
&& kid->op_next->op_private & OPpREPEAT_DOLIST
&& (kid->op_next->op_flags & OPf_WANT) == OPf_WANT_LIST
- && SvIOK(kSVOP_sv) && SvIVX(kSVOP_sv) == 0)
+ && SvIOK(kSVOP_sv) && SvIVX(kSVOP_sv) == 0
+ && oldop)
{
o = kid->op_next; /* repeat */
- assert(oldop);
oldop->op_next = o;
op_free(cBINOPo->op_first);
op_free(cBINOPo->op_last );
diff --git a/t/op/repeat.t b/t/op/repeat.t
index bee7dac..c933475 100644
--- a/t/op/repeat.t
+++ b/t/op/repeat.t
@@ -6,7 +6,7 @@ BEGIN {
}
require './test.pl';
-plan(tests => 48);
+plan(tests => 49);
# compile time
@@ -183,3 +183,12 @@ fresh_perl_like(
{ },
'(1) x ~1',
);
+
+# [perl #130247] Perl_rpeep(OP *): Assertion `oldop' failed
+#
+# the 'x 0' optimising code in rpeep didn't expect the repeat expression
+# to occur on the op_other side of an op_next chain.
+# This used to give an assertion failure
+
+eval q{() = (() or ((0) x 0)); 1};
+is($@, "", "RT #130247");
--
2.7.4

View File

@ -28,7 +28,7 @@
Name: perl Name: perl
Version: %{perl_version} Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise # release number must be even higher, because dual-lived modules will be broken otherwise
Release: 381%{?dist} Release: 382%{?dist}
Epoch: %{perl_epoch} Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language Summary: Practical Extraction and Report Language
Group: Development/Languages Group: Development/Languages
@ -234,6 +234,10 @@ Patch61: perl-5.24.0-split-was-leaving-PL_sv_undef-in-unused-ary-slots.pa
# in upstream after 5.25.7 # in upstream after 5.25.7
Patch62: perl-5.25.7-Fix-const-correctness-in-hv_func.h.patch Patch62: perl-5.25.7-Fix-const-correctness-in-hv_func.h.patch
# Fix a crash in optimized evaluation of "or ((0) x 0))", RT#130247,
# in upsream after 5.25.7
Patch63: perl-5.24.0-assertion-failure-in-.-or-0-x-0.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2922,6 +2926,7 @@ Perl extension for Version Objects
%patch60 -p1 %patch60 -p1
%patch61 -p1 %patch61 -p1
%patch62 -p1 %patch62 -p1
%patch63 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
@ -2975,6 +2980,7 @@ perl -x patchlevel.h \
'Fedora Patch60: Fix crash on explicit return from regular expression substitution (RT#130188)' \ 'Fedora Patch60: Fix crash on explicit return from regular expression substitution (RT#130188)' \
'Fedora Patch61: Fix assigning split() return values to an array' \ 'Fedora Patch61: Fix assigning split() return values to an array' \
'Fedora Patch62: Fix const correctness in hv_func.h (RT#130169)' \ 'Fedora Patch62: Fix const correctness in hv_func.h (RT#130169)' \
'Fedora Patch63: Fix a crash in optimized evaluation of "or ((0) x 0))" (RT#130247)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil} %{nil}
@ -5253,6 +5259,9 @@ popd
# Old changelog entries are preserved in CVS. # Old changelog entries are preserved in CVS.
%changelog %changelog
* Mon Dec 19 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-382
- Fix a crash in optimized evaluation of "or ((0) x 0))" (RT#130247)
* Thu Dec 01 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-381 * Thu Dec 01 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-381
- Fix crash in Storable when deserializing malformed code reference - Fix crash in Storable when deserializing malformed code reference
(RT#68348, RT#130098) (RT#68348, RT#130098)