From 67cb40390944c6bdd2d56df7e2ebbf1de9aeb41f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Tue, 25 Jun 2019 16:01:49 +0200 Subject: [PATCH] Fix a crash with a negative precision in sprintf function --- ...fully-ignore-negative-precision-in-s.patch | 63 +++++++++++++++++++ ...31.0-perl-134008-an-alternative-test.patch | 28 +++++++++ perl.spec | 10 +++ 3 files changed, 101 insertions(+) create mode 100644 perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch create mode 100644 perl-5.31.0-perl-134008-an-alternative-test.patch diff --git a/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch b/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch new file mode 100644 index 0000000..0985db6 --- /dev/null +++ b/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch @@ -0,0 +1,63 @@ +From b0f5b1daacb21ab7e46a772a6ff0f70ca627cb58 Mon Sep 17 00:00:00 2001 +From: Hugo van der Sanden +Date: Tue, 9 Apr 2019 14:27:41 +0100 +Subject: [PATCH 1/2] [#134008] More carefully ignore negative precision in + sprintf +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Check has_precis more consistently; ensure precis is left as 0 if provided +as a negative number. + +Signed-off-by: Petr Písař +--- + sv.c | 7 +++++-- + t/op/sprintf2.t | 3 +++ + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/sv.c b/sv.c +index de67b7657e..8fbca52eb2 100644 +--- a/sv.c ++++ b/sv.c +@@ -11765,11 +11765,11 @@ S_format_hexfp(pTHX_ char * const buf, const STRLEN bufsize, const char c, + else { + *p++ = '0'; + exponent = 0; +- zerotail = precis; ++ zerotail = has_precis ? precis : 0; + } + + /* The radix is always output if precis, or if alt. */ +- if (precis > 0 || alt) { ++ if ((has_precis && precis > 0) || alt) { + hexradix = TRUE; + } + +@@ -12223,6 +12223,9 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p + } + precis = S_sprintf_arg_num_val(aTHX_ args, i, sv, &neg); + has_precis = !neg; ++ /* ignore negative precision */ ++ if (!has_precis) ++ precis = 0; + } + } + else { +diff --git a/t/op/sprintf2.t b/t/op/sprintf2.t +index dc87821152..569bd8053d 100644 +--- a/t/op/sprintf2.t ++++ b/t/op/sprintf2.t +@@ -838,6 +838,9 @@ SKIP: { + # [rt.perl.org #128889] + is(sprintf("%.*a", -1, 1.03125), "0x1.08p+0", "[rt.perl.org #128889]"); + ++ # [rt.perl.org #134008] ++ is(sprintf("%.*a", -99999, 1.03125), "0x1.08p+0", "[rt.perl.org #134008]"); ++ + # [rt.perl.org #128890] + is(sprintf("%a", 0x1.18p+0), "0x1.18p+0"); + is(sprintf("%.1a", 0x1.08p+0), "0x1.0p+0"); +-- +2.20.1 + diff --git a/perl-5.31.0-perl-134008-an-alternative-test.patch b/perl-5.31.0-perl-134008-an-alternative-test.patch new file mode 100644 index 0000000..7990681 --- /dev/null +++ b/perl-5.31.0-perl-134008-an-alternative-test.patch @@ -0,0 +1,28 @@ +From 9dfe0a3438ae69872b71b98e4fb4f4bef084983d Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Mon, 3 Jun 2019 14:34:17 +1000 +Subject: [PATCH 2/2] (perl #134008) an alternative test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Petr Písař +--- + t/op/sprintf2.t | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/t/op/sprintf2.t b/t/op/sprintf2.t +index 569bd8053d..84259a4afd 100644 +--- a/t/op/sprintf2.t ++++ b/t/op/sprintf2.t +@@ -840,6 +840,7 @@ SKIP: { + + # [rt.perl.org #134008] + is(sprintf("%.*a", -99999, 1.03125), "0x1.08p+0", "[rt.perl.org #134008]"); ++ is(sprintf("%.*a", -100000,0), "0x0p+0", "negative precision ignored by format_hexfp"); + + # [rt.perl.org #128890] + is(sprintf("%a", 0x1.18p+0), "0x1.18p+0"); +-- +2.20.1 + diff --git a/perl.spec b/perl.spec index 2b9afc2..bbf34f5 100644 --- a/perl.spec +++ b/perl.spec @@ -171,6 +171,11 @@ Patch21: perl-5.31.0-perl-122112-test-for-signal-handler-death-in-pclose. Patch22: perl-5.31.0-perl-122112-a-simpler-fix-for-pclose-aborted-by-a-si.patch Patch23: perl-5.31.0-perl-122112-remove-some-interfering-debug-output.patch +# Fix a crash with a negative precision in sprintf function, RT#134008, +# fixed after 5.31.0 +Patch24: perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch +Patch25: perl-5.31.0-perl-134008-an-alternative-test.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2712,6 +2717,8 @@ Perl extension for Version Objects %patch21 -p1 %patch22 -p1 %patch23 -p1 +%patch24 -p1 +%patch25 -p1 %patch200 -p1 %patch201 -p1 @@ -2742,6 +2749,8 @@ perl -x patchlevel.h \ 'Fedora Patch21: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \ 'Fedora Patch22: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \ 'Fedora Patch23: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \ + 'Fedora Patch24: Fix a crash with a negative precision in sprintf function (RT#134008)' \ + 'Fedora Patch25: Fix a crash with a negative precision in sprintf function (RT#134008)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4995,6 +5004,7 @@ popd - Fix stacking file test operators (CPAN RT#127073) - Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112) +- Fix a crash with a negative precision in sprintf function (RT#134008) * Tue Jun 11 2019 Jitka Plesnikova - 4:5.30.0-439 - Define %%perl_vendor*, %%perl_archlib, %%perl_privlib, because in rpm