Fix a crash when matching case insensitively
This commit is contained in:
Petr Písař
parent
1e4bec8baa
commit
86fd404cb1
|
|
@ -0,0 +1,79 @@
|
|||
From 4d980ef2cd6bf458706048a5627d02ea8ebf39b4 Mon Sep 17 00:00:00 2001
|
||||
From: Hugo van der Sanden <hv@crypt.org>
|
||||
Date: Mon, 25 Mar 2019 11:27:12 +0000
|
||||
Subject: [PATCH] coredump in Perl_re_intuit_start
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Make sure we have a valid non-utf8 'other' check substring before we
|
||||
try to use it.
|
||||
|
||||
Petr Písař: Ported to 5.28.1 from
|
||||
fd8def15a58c97aa89cce8569befded97fd8c3b7.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
regexec.c | 9 +++++++--
|
||||
t/re/pat_rt_report.t | 11 ++++++++++-
|
||||
2 files changed, 17 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/regexec.c b/regexec.c
|
||||
index 830a16a..357a109 100644
|
||||
--- a/regexec.c
|
||||
+++ b/regexec.c
|
||||
@@ -1277,8 +1277,8 @@ Perl_re_intuit_start(pTHX_
|
||||
|
||||
/* now look for the 'other' substring if defined */
|
||||
|
||||
- if (utf8_target ? prog->substrs->data[other_ix].utf8_substr
|
||||
- : prog->substrs->data[other_ix].substr)
|
||||
+ if (prog->substrs->data[other_ix].utf8_substr
|
||||
+ || prog->substrs->data[other_ix].substr)
|
||||
{
|
||||
/* Take into account the "other" substring. */
|
||||
char *last, *last1;
|
||||
@@ -1288,6 +1288,11 @@ Perl_re_intuit_start(pTHX_
|
||||
|
||||
do_other_substr:
|
||||
other = &prog->substrs->data[other_ix];
|
||||
+ if (!utf8_target && !other->substr) {
|
||||
+ if (!to_byte_substr(prog)) {
|
||||
+ NON_UTF8_TARGET_BUT_UTF8_REQUIRED(fail);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
/* if "other" is anchored:
|
||||
* we've previously found a floating substr starting at check_at.
|
||||
diff --git a/t/re/pat_rt_report.t b/t/re/pat_rt_report.t
|
||||
index dd740e7..4dc2dec 100644
|
||||
--- a/t/re/pat_rt_report.t
|
||||
+++ b/t/re/pat_rt_report.t
|
||||
@@ -20,7 +20,7 @@ use warnings;
|
||||
use 5.010;
|
||||
use Config;
|
||||
|
||||
-plan tests => 2504; # Update this when adding/deleting tests.
|
||||
+plan tests => 2505; # Update this when adding/deleting tests.
|
||||
|
||||
run_tests() unless caller;
|
||||
|
||||
@@ -1141,6 +1141,15 @@ EOP
|
||||
ok($s=~/(foo){1,0}|(?1)/,
|
||||
"RT #130561 - allowing impossible quantifier should not break recursion");
|
||||
}
|
||||
+ {
|
||||
+ # RT #133892 Coredump in Perl_re_intuit_start
|
||||
+ # Second match flips to checking floating substring before fixed
|
||||
+ # substring, which triggers a pathway that failed to check there
|
||||
+ # was a non-utf8 version of the string before trying to use it
|
||||
+ # resulting in a SEGV.
|
||||
+ my $result = grep /b\x{1c0}ss0/i, qw{ xxxx xxxx0 };
|
||||
+ ok($result == 0);
|
||||
+ }
|
||||
|
||||
} # End of sub run_tests
|
||||
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
|
@ -302,6 +302,10 @@ Patch67: perl-5.29.9-Fix-recent-double-free-in-S_parse_gv_stash_name.patc
|
|||
# Fix a memory leak when deletion in a tied hash dies, in upstream after 5.29.9
|
||||
Patch68: perl-5.29.9-avoid-leak-with-local-h-foo-a-n.patch
|
||||
|
||||
# Fix a crash when matching case insensitively, RT#133892,
|
||||
# in upstream after 5.29.9
|
||||
Patch69: perl-5.28.1-perl-133892-coredump-in-Perl_re_intuit_start.patch
|
||||
|
||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||
|
||||
|
|
@ -2926,6 +2930,7 @@ Perl extension for Version Objects
|
|||
%patch66 -p1
|
||||
%patch67 -p1
|
||||
%patch68 -p1
|
||||
%patch69 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
|
||||
|
|
@ -2985,6 +2990,7 @@ perl -x patchlevel.h \
|
|||
'Fedora Patch65: Fix a memory leak when parsing misindented here-documents' \
|
||||
'Fedora Patch66: Fix a memory leak in package name lookup (RT#133977)' \
|
||||
'Fedora Patch68: Fix a memory leak when deletion in a tied hash dies' \
|
||||
'Fedora Patch69: Fix a crash when matching case insensitively (RT#133892)' \
|
||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||
%{nil}
|
||||
|
|
@ -5286,6 +5292,7 @@ popd
|
|||
- Fix a memory leak when parsing misindented here-documents
|
||||
- Fix a memory leak in package name lookup (RT#133977)
|
||||
- Fix a memory leak when deletion in a tied hash dies
|
||||
- Fix a crash when matching case insensitively (RT#133892)
|
||||
|
||||
* Tue Mar 05 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-434
|
||||
- Add explicit Requires: libxcrypt-devel to devel sub-package (bug #1666098)
|
||||
|
|
|
|||
Loading…
Reference in New Issue