rpms
/
perl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a crash when compiling a regexp with impossible quantifiers

This commit is contained in:
Petr Písař 2017-02-10 10:58:17 +01:00
parent ccd8d520b4
commit 83a50fdcff
4 changed files with 176 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
perl-5.24.1-fix-RT-130561-recursion-and-optimising-away-impossib.patch Normal file
View File

@ -0,0 +1,93 @@
From fbb9dc823a06b4815ee8fd8632fc475b8034e379 Mon Sep 17 00:00:00 2001
From: Yves Orton <demerphq@gmail.com>
Date: Fri, 27 Jan 2017 10:18:51 +0100
Subject: [PATCH] fix RT #130561 - recursion and optimising away impossible
quantifiers are not friends
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ported to 5.24.1:
commit 31fc93954d1f379c7a49889d91436ce99818e1f6
Author: Yves Orton <demerphq@gmail.com>
Date: Fri Jan 27 10:18:51 2017 +0100
fix RT #130561 - recursion and optimising away impossible quantifiers are not friends
Instead of optimising away impossible quantifiers like (foo){1,0} treat them
as unquantified, and guard them with an OPFAIL. Thus /(foo){1,0}/ is treated
the same as /(*FAIL)(foo)/ this is important in patterns like /(foo){1,0}|(?1)/
where the (?1) needs to be able to recurse into the (foo) even though the
(foo){1,0} can never match. It also resolves various issues (SEGVs) with patterns
like /((?1)){1,0}/.
This patch would have been easier if S_reginsert() documented that it is
the callers responsibility to properly set up the NEXT_OFF() of the inserted
node (if the node has a NEXT_OFF())
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
regcomp.c | 14 +++-----------
t/re/pat_rt_report.t | 11 ++++++++++-
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/regcomp.c b/regcomp.c
index bcb8db5..9f343d3 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -11497,19 +11497,11 @@ S_regpiece(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
nextchar(pRExC_state);
if (max < min) { /* If can't match, warn and optimize to fail
unconditionally */
- if (SIZE_ONLY) {
-
- /* We can't back off the size because we have to reserve
- * enough space for all the things we are about to throw
- * away, but we can shrink it by the amount we are about
- * to re-use here */
- RExC_size += PREVOPER(RExC_size) - regarglen[(U8)OPFAIL];
- }
- else {
+ if (PASS2) {
ckWARNreg(RExC_parse, "Quantifier {n,m} with n > m can't match");
- RExC_emit = orig_emit;
}
- ret = reganode(pRExC_state, OPFAIL, 0);
+ reginsert(pRExC_state, OPFAIL, orig_emit, depth+1);
+ NEXT_OFF(orig_emit)= regarglen[OPFAIL] + NODE_STEP_REGNODE;
return ret;
}
else if (min == max && *RExC_parse == '?')
diff --git a/t/re/pat_rt_report.t b/t/re/pat_rt_report.t
index cb02ad2..2c1dbc4 100644
--- a/t/re/pat_rt_report.t
+++ b/t/re/pat_rt_report.t
@@ -20,7 +20,7 @@ use warnings;
use 5.010;
use Config;
-plan tests => 2500; # Update this when adding/deleting tests.
+plan tests => 2502; # Update this when adding/deleting tests.
run_tests() unless caller;
@@ -1113,6 +1113,15 @@ EOP
my $s = "\x{1ff}" . "f" x 32;
ok($s =~ /\x{1ff}[[:alpha:]]+/gca, "POSIXA pointer wrap");
}
+ {
+ # rt
+ fresh_perl_is(
+ '"foo"=~/((?1)){8,0}/; print "ok"',
+ "ok", {}, 'RT #130561 - allowing impossible quantifier should not cause SEGVs');
+ my $s= "foo";
+ ok($s=~/(foo){1,0}|(?1)/,
+ "RT #130561 - allowing impossible quantifier should not break recursion");
+ }
} # End of sub run_tests
1;
--
2.7.4

38
perl-5.25.9-only-mess-with-NEXT_OFF-when-we-are-in-PASS2.patch Normal file
View File

@ -0,0 +1,38 @@
From bb78386f13c18a1a7dae932b9b36e977056b13c7 Mon Sep 17 00:00:00 2001
From: Yves Orton <demerphq@gmail.com>
Date: Fri, 27 Jan 2017 16:57:40 +0100
Subject: [PATCH] only mess with NEXT_OFF() when we are in PASS2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In 31fc93954d1f379c7a49889d91436ce99818e1f6 I added code that would modify
NEXT_OFF() when we were not in PASS2, when we should not do so. Strangly this
did not segfault when I tested, but this fix is required.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
regcomp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/regcomp.c b/regcomp.c
index 322d230..d5ce63f 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -11709,11 +11709,11 @@ S_regpiece(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
nextchar(pRExC_state);
if (max < min) { /* If can't match, warn and optimize to fail
unconditionally */
+ reginsert(pRExC_state, OPFAIL, orig_emit, depth+1);
if (PASS2) {
ckWARNreg(RExC_parse, "Quantifier {n,m} with n > m can't match");
+ NEXT_OFF(orig_emit)= regarglen[OPFAIL] + NODE_STEP_REGNODE;
}
- reginsert(pRExC_state, OPFAIL, orig_emit, depth+1);
- NEXT_OFF(orig_emit)= regarglen[OPFAIL] + NODE_STEP_REGNODE;
return ret;
}
else if (min == max && *RExC_parse == '?')
--
2.7.4

34
perl-5.25.9-silence-warnings-from-tests-about-impossible-quantif.patch Normal file
View File

@ -0,0 +1,34 @@
From 923e23bad0514e1bd29112650fb78aa4ea69e1b7 Mon Sep 17 00:00:00 2001
From: Yves Orton <demerphq@gmail.com>
Date: Sat, 28 Jan 2017 15:13:17 +0100
Subject: [PATCH] silence warnings from tests about impossible quantifiers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
thanks to Dave M for noticing....
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/re/pat_rt_report.t | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/t/re/pat_rt_report.t b/t/re/pat_rt_report.t
index 21aff58..dd740e7 100644
--- a/t/re/pat_rt_report.t
+++ b/t/re/pat_rt_report.t
@@ -1134,9 +1134,10 @@ EOP
{
# rt
fresh_perl_is(
- '"foo"=~/((?1)){8,0}/; print "ok"',
+ 'no warnings "regexp"; "foo"=~/((?1)){8,0}/; print "ok"',
"ok", {}, 'RT #130561 - allowing impossible quantifier should not cause SEGVs');
my $s= "foo";
+ no warnings 'regexp';
ok($s=~/(foo){1,0}|(?1)/,
"RT #130561 - allowing impossible quantifier should not break recursion");
}
--
2.7.4

11
perl.spec
View File

@ -277,6 +277,12 @@ Patch76: perl-5.24.1-perl-129274-avoid-treating-the-in-as-a-comment-intro
Patch77: Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch
Patch78: IO-Compress-2.070-Adapt-tests-to-zlib-1.2.11.patch
# Fix a crash when compiling a regexp with impossible quantifiers, RT#130561,
# in upstream after 5.25.9
Patch79: perl-5.24.1-fix-RT-130561-recursion-and-optimising-away-impossib.patch
Patch80: perl-5.25.9-only-mess-with-NEXT_OFF-when-we-are-in-PASS2.patch
Patch81: perl-5.25.9-silence-warnings-from-tests-about-impossible-quantif.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2983,6 +2989,9 @@ popd
pushd cpan/IO-Compress
%patch78 -p1
popd
%patch79 -p1
%patch80 -p1
%patch81 -p1
%patch200 -p1
%patch201 -p1
@ -3048,6 +3057,7 @@ perl -x patchlevel.h \
'Fedora Patch75: Fix parsing goto statements in multicalled subroutine (RT#113938)' \
'Fedora Patch76: Fix a heap overlow in parsing $# (RT#129274)' \
'Fedora Patch77: Adapt tests to zlib-1.2.11 (CPAN RT#119762)' \
'Fedora Patch79: Fix a crash when compiling a regexp with impossible quantifiers (RT#130561)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@ -5326,6 +5336,7 @@ popd
%changelog
* Fri Feb 10 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-388
- Adapt tests to zlib-1.2.11 (bug #1420326)
- Fix a crash when compiling a regexp with impossible quantifiers (RT#130561)
* Thu Jan 26 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-387
- Fix UTF-8 string handling in & operator (RT#129287)