From 5d9c04077aab32f5acff62184d1ffd7b64880324 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 7 Jul 2016 15:31:30 +0200 Subject: [PATCH] Fix a crash when vivifying a stub in a deleted package --- ...-Crash-vivifying-stub-in-deleted-pkg.patch | 60 +++++++++++++++++++ perl.spec | 11 +++- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 perl-5.25.2-perl-128532-Crash-vivifying-stub-in-deleted-pkg.patch diff --git a/perl-5.25.2-perl-128532-Crash-vivifying-stub-in-deleted-pkg.patch b/perl-5.25.2-perl-128532-Crash-vivifying-stub-in-deleted-pkg.patch new file mode 100644 index 0000000..fc517b9 --- /dev/null +++ b/perl-5.25.2-perl-128532-Crash-vivifying-stub-in-deleted-pkg.patch @@ -0,0 +1,60 @@ +From 63aab7ecaa6e826f845c405894bd8c4b6f601b39 Mon Sep 17 00:00:00 2001 +From: Father Chrysostomos +Date: Sun, 3 Jul 2016 22:23:34 -0700 +Subject: [PATCH] [perl #128532] Crash vivifying stub in deleted pkg +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +v5.17.0-515-g186a5ba, which added newSTUB, did not take into account +that a GV may have a null GvSTASH pointer, if its stash has been +freed, so this crashes: + +delete $My::{"Foo::"}; \&My::Foo::foo + +Signed-off-by: Petr Písař +--- + op.c | 2 +- + t/op/ref.t | 6 +++++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/op.c b/op.c +index 46e76ac..4735d1b 100644 +--- a/op.c ++++ b/op.c +@@ -9081,7 +9081,7 @@ Perl_newSTUB(pTHX_ GV *gv, bool fake) + assert(!GvCVu(gv)); + GvCV_set(gv, cv); + GvCVGEN(gv) = 0; +- if (!fake && HvENAME_HEK(GvSTASH(gv))) ++ if (!fake && GvSTASH(gv) && HvENAME_HEK(GvSTASH(gv))) + gv_method_changed(gv); + if (SvFAKE(gv)) { + cvgv = gv_fetchsv((SV *)gv, GV_ADDMULTI, SVt_PVCV); +diff --git a/t/op/ref.t b/t/op/ref.t +index 19a44bb..84d9217 100644 +--- a/t/op/ref.t ++++ b/t/op/ref.t +@@ -8,7 +8,7 @@ BEGIN { + + use strict qw(refs subs); + +-plan(235); ++plan(236); + + # Test this first before we extend the stack with other operations. + # This caused an asan failure due to a bad write past the end of the stack. +@@ -124,6 +124,10 @@ is (join(':',@{$spring2{"foo"}}), "1:2:3:4"); + is ($called, 1); + } + is ref eval {\&{""}}, "CODE", 'reference to &{""} [perl #94476]'; ++delete $My::{"Foo::"}; ++is ref \&My::Foo::foo, "CODE", ++ 'creating stub with \&deleted_stash::foo [perl #128532]'; ++ + + # Test references to return values of operators (TARGs/PADTMPs) + { +-- +2.5.5 + diff --git a/perl.spec b/perl.spec index a6be3f8..771a013 100644 --- a/perl.spec +++ b/perl.spec @@ -28,7 +28,7 @@ Name: perl Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 371%{?dist} +Release: 372%{?dist} Epoch: %{perl_epoch} Summary: Practical Extraction and Report Language Group: Development/Languages @@ -146,6 +146,10 @@ Patch38: perl-5.25.2-perl-128508-Fix-line-numbers-with-perl-x.patch # in upstream after 5.25.2 Patch39: perl-5.25.2-Don-t-let-XSLoader-load-relative-paths.patch +# Fix a crash when vivifying a stub in a deleted package, RT#128532, +# in upstream after 5.25.2 +Patch40: perl-5.25.2-perl-128532-Crash-vivifying-stub-in-deleted-pkg.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2804,6 +2808,7 @@ Perl extension for Version Objects %patch37 -p1 %patch38 -p1 %patch39 -p1 +%patch40 -p1 %patch200 -p1 %patch201 -p1 @@ -2834,6 +2839,7 @@ perl -x patchlevel.h \ 'Fedora Patch37: Do not crash when inserting a non-stash into a stash (RT#128238)' \ 'Fedora Patch38: Fix line numbers with perl -x (RT#128508)' \ 'Fedora Patch39: Do not let XSLoader load relative paths (RT#115808)' \ + 'Fedora Patch40: Fix a crash when vivifying a stub in a deleted package (RT#128532)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5100,6 +5106,9 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Thu Jul 07 2016 Petr Pisar - 4:5.24.0-372 +- Fix a crash when vivifying a stub in a deleted package (RT#128532) + * Thu Jul 07 2016 Jitka Plesnikova - 4:5.24.0-371 - Do not let XSLoader load relative paths (RT#115808)