Fix a crash with a negative precision in sprintf function

2019-06-25 16:01:49 +02:00 · 2019-06-25 16:01:49 +02:00 · 67cb403909
commit 67cb403909
parent 2817041734
3 changed files with 101 additions and 0 deletions
--- a/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch
+++ b/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch
@ -0,0 +1,63 @@
+From b0f5b1daacb21ab7e46a772a6ff0f70ca627cb58 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Tue, 9 Apr 2019 14:27:41 +0100
+Subject: [PATCH 1/2] [#134008] More carefully ignore negative precision in
+ sprintf
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check has_precis more consistently; ensure precis is left as 0 if provided
+as a negative number.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ sv.c            | 7 +++++--
+ t/op/sprintf2.t | 3 +++
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/sv.c b/sv.c
+index de67b7657e..8fbca52eb2 100644
+--- a/sv.c
+++ b/sv.c
+@@ -11765,11 +11765,11 @@ S_format_hexfp(pTHX_ char * const buf, const STRLEN bufsize, const char c,
+     else {
+         *p++ = '0';
+         exponent = 0;
+-        zerotail = precis;
+        zerotail = has_precis ? precis : 0;
+     }
+ 
+     /* The radix is always output if precis, or if alt. */
+-    if (precis > 0 || alt) {
+    if ((has_precis && precis > 0) || alt) {
+       hexradix = TRUE;
+     }
+ 
+@@ -12223,6 +12223,9 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p
+                     }
+                     precis = S_sprintf_arg_num_val(aTHX_ args, i, sv, &neg);
+                     has_precis = !neg;
+                    /* ignore negative precision */
+                    if (!has_precis)
+                        precis = 0;
+                 }
+ 	    }
+ 	    else {
+diff --git a/t/op/sprintf2.t b/t/op/sprintf2.t
+index dc87821152..569bd8053d 100644
+--- a/t/op/sprintf2.t
+++ b/t/op/sprintf2.t
+@@ -838,6 +838,9 @@ SKIP: {
+     # [rt.perl.org #128889]
+     is(sprintf("%.*a", -1, 1.03125), "0x1.08p+0", "[rt.perl.org #128889]");
+ 
+    # [rt.perl.org #134008]
+    is(sprintf("%.*a", -99999, 1.03125), "0x1.08p+0", "[rt.perl.org #134008]");
+
+     # [rt.perl.org #128890]
+     is(sprintf("%a", 0x1.18p+0), "0x1.18p+0");
+     is(sprintf("%.1a", 0x1.08p+0), "0x1.0p+0");
+-- 
+2.20.1
+
--- a/perl-5.31.0-perl-134008-an-alternative-test.patch
+++ b/perl-5.31.0-perl-134008-an-alternative-test.patch
@ -0,0 +1,28 @@
+From 9dfe0a3438ae69872b71b98e4fb4f4bef084983d Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Mon, 3 Jun 2019 14:34:17 +1000
+Subject: [PATCH 2/2] (perl #134008) an alternative test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ t/op/sprintf2.t | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/t/op/sprintf2.t b/t/op/sprintf2.t
+index 569bd8053d..84259a4afd 100644
+--- a/t/op/sprintf2.t
+++ b/t/op/sprintf2.t
+@@ -840,6 +840,7 @@ SKIP: {
+ 
+     # [rt.perl.org #134008]
+     is(sprintf("%.*a", -99999, 1.03125), "0x1.08p+0", "[rt.perl.org #134008]");
+    is(sprintf("%.*a", -100000,0), "0x0p+0", "negative precision ignored by format_hexfp");
+ 
+     # [rt.perl.org #128890]
+     is(sprintf("%a", 0x1.18p+0), "0x1.18p+0");
+-- 
+2.20.1
+
--- a/perl.spec
+++ b/perl.spec
@ -171,6 +171,11 @@ Patch21:        perl-5.31.0-perl-122112-test-for-signal-handler-death-in-pclose.
 Patch22:        perl-5.31.0-perl-122112-a-simpler-fix-for-pclose-aborted-by-a-si.patch
 Patch23:        perl-5.31.0-perl-122112-remove-some-interfering-debug-output.patch

+# Fix a crash with a negative precision in sprintf function, RT#134008,
+# fixed after 5.31.0
+Patch24:        perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch
+Patch25:        perl-5.31.0-perl-134008-an-alternative-test.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch

@ -2712,6 +2717,8 @@ Perl extension for Version Objects
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
+%patch25 -p1
 %patch200 -p1
 %patch201 -p1

@ -2742,6 +2749,8 @@ perl -x patchlevel.h \
    'Fedora Patch21: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \
    'Fedora Patch22: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \
    'Fedora Patch23: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \
+    'Fedora Patch24: Fix a crash with a negative precision in sprintf function (RT#134008)' \
+    'Fedora Patch25: Fix a crash with a negative precision in sprintf function (RT#134008)' \
    'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
    'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
    %{nil}
@ -4995,6 +5004,7 @@ popd
 - Fix stacking file test operators (CPAN RT#127073)
 - Fix a crash in SIGALARM handler when waiting on a child process to be closed
  (RT#122112)
+- Fix a crash with a negative precision in sprintf function (RT#134008)

 * Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.30.0-439
 - Define %%perl_vendor*, %%perl_archlib, %%perl_privlib, because in rpm