diff --git a/perl-5.31.0-S_scan_const-Properly-test-if-need-to-grow.patch b/perl-5.31.0-S_scan_const-Properly-test-if-need-to-grow.patch new file mode 100644 index 0000000..74957d4 --- /dev/null +++ b/perl-5.31.0-S_scan_const-Properly-test-if-need-to-grow.patch @@ -0,0 +1,49 @@ +From 89f69032d6a71f41b96ae6becbf3df4e2f9509a5 Mon Sep 17 00:00:00 2001 +From: Karl Williamson +Date: Sat, 27 Apr 2019 13:56:39 -0600 +Subject: [PATCH] S_scan_const() Properly test if need to grow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As we parse the input, creating a string constant, we may have to grow +the destination if it fills up as we go along. It allocates space in an +SV and populates the string, but it doesn' update the SvCUR until the +end, so in single stepping the debugger through the code, the SV looks +empty until the end. It turns out that as a result SvEND also doesn't +get updated and still points to the beginning of the string until SvCUR +is finally set. That means that the test changed by this commit was +always succeeding, because it was using SvEND that didn't get updated, +so it would attempt to grow each time through the loop. By moving a +couple of statements earlier, and using SvLEN instead, which does always +have the correct value, those extra growth attempts are avoided. + +Signed-off-by: Petr Písař +--- + toke.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/toke.c b/toke.c +index 68eea0cae6..03c4f2ba26 100644 +--- a/toke.c ++++ b/toke.c +@@ -4097,10 +4097,12 @@ S_scan_const(pTHX_ char *start) + goto default_action; /* Redo, having upgraded so both are UTF-8 */ + } + else { /* UTF8ness matters: convert this non-UTF8 source char to +- UTF-8 for output. It will occupy 2 bytes */ +- if (d + 2 >= SvEND(sv)) { +- const STRLEN extra = 2 + (send - s - 1) + 1; +- const STRLEN off = d - SvPVX_const(sv); ++ UTF-8 for output. It will occupy 2 bytes, but don't include ++ the input byte since we haven't incremented 's' yet. See ++ Note on sizing above. */ ++ const STRLEN off = d - SvPVX(sv); ++ const STRLEN extra = 2 + (send - s - 1) + 1; ++ if (off + extra > SvLEN(sv)) { + d = off + SvGROW(sv, off + extra); + } + *d++ = UTF8_EIGHT_BIT_HI(*s); +-- +2.20.1 + diff --git a/perl.spec b/perl.spec index d3839c8..4131e6e 100644 --- a/perl.spec +++ b/perl.spec @@ -154,6 +154,9 @@ Patch14: perl-5.31.0-PATCH-perl-134134-read-beyond-end-of-buffer.patch # Do not panic when outputting a warning, RT#134059, fixed after 5.31.0 Patch15: perl-5.31.0-PATCH-perl-134059-panic-outputting-a-warning.patch +# Fix memory handling when parsing string literals, fixed after 5.31.0 +Patch16: perl-5.31.0-S_scan_const-Properly-test-if-need-to-grow.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2687,6 +2690,7 @@ Perl extension for Version Objects %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 %patch200 -p1 %patch201 -p1 @@ -2709,6 +2713,7 @@ perl -x patchlevel.h \ 'Fedora Patch13: Pass the correct CFLAGS to dtrace' \ 'Fedora Patch14: Fix an out-of-buffer read while parsing a Unicode property name (RT#134134)' \ 'Fedora Patch15: Do not panic when outputting a warning (RT#134059)' \ + 'Fedora Patch16: Fix memory handling when parsing string literals' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -4957,6 +4962,7 @@ popd * Tue Jun 25 2019 Petr Pisar - 4:5.30.0-440 - Fix an out-of-buffer read while parsing a Unicode property name (RT#134134) - Do not panic when outputting a warning (RT#134059) +- Fix memory handling when parsing string literals * Tue Jun 11 2019 Jitka Plesnikova - 4:5.30.0-439 - Define %%perl_vendor*, %%perl_archlib, %%perl_privlib, because in rpm