Fix a crash when matching case insensitively

2019-04-05 18:00:26 +02:00 · 2019-04-05 18:00:26 +02:00 · 86fd404cb1
commit 86fd404cb1
parent 1e4bec8baa
2 changed files with 86 additions and 0 deletions
--- a/perl-5.28.1-perl-133892-coredump-in-Perl_re_intuit_start.patch
+++ b/perl-5.28.1-perl-133892-coredump-in-Perl_re_intuit_start.patch
@ -0,0 +1,79 @@
+From 4d980ef2cd6bf458706048a5627d02ea8ebf39b4 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Mon, 25 Mar 2019 11:27:12 +0000
+Subject: [PATCH] coredump in Perl_re_intuit_start
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Make sure we have a valid non-utf8 'other' check substring before we
+try to use it.
+
+Petr Písař: Ported to 5.28.1 from
+fd8def15a58c97aa89cce8569befded97fd8c3b7.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ regexec.c            |  9 +++++++--
+ t/re/pat_rt_report.t | 11 ++++++++++-
+ 2 files changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/regexec.c b/regexec.c
+index 830a16a..357a109 100644
+--- a/regexec.c
+++ b/regexec.c
+@@ -1277,8 +1277,8 @@ Perl_re_intuit_start(pTHX_
+ 
+     /* now look for the 'other' substring if defined */
+ 
+-    if (utf8_target ? prog->substrs->data[other_ix].utf8_substr
+-                    : prog->substrs->data[other_ix].substr)
+    if (prog->substrs->data[other_ix].utf8_substr
+        || prog->substrs->data[other_ix].substr)
+     {
+ 	/* Take into account the "other" substring. */
+         char *last, *last1;
+@@ -1288,6 +1288,11 @@ Perl_re_intuit_start(pTHX_
+ 
+       do_other_substr:
+         other = &prog->substrs->data[other_ix];
+        if (!utf8_target && !other->substr) {
+            if (!to_byte_substr(prog)) {
+                NON_UTF8_TARGET_BUT_UTF8_REQUIRED(fail);
+            }
+        }
+ 
+         /* if "other" is anchored:
+          * we've previously found a floating substr starting at check_at.
+diff --git a/t/re/pat_rt_report.t b/t/re/pat_rt_report.t
+index dd740e7..4dc2dec 100644
+--- a/t/re/pat_rt_report.t
+++ b/t/re/pat_rt_report.t
+@@ -20,7 +20,7 @@ use warnings;
+ use 5.010;
+ use Config;
+ 
+-plan tests => 2504;  # Update this when adding/deleting tests.
+plan tests => 2505;  # Update this when adding/deleting tests.
+ 
+ run_tests() unless caller;
+ 
+@@ -1141,6 +1141,15 @@ EOP
+         ok($s=~/(foo){1,0}|(?1)/,
+             "RT #130561 - allowing impossible quantifier should not break recursion");
+     }
+	{
+		# RT #133892 Coredump in Perl_re_intuit_start
+		# Second match flips to checking floating substring before fixed
+		# substring, which triggers a pathway that failed to check there
+		# was a non-utf8 version of the string before trying to use it
+		# resulting in a SEGV.
+		my $result = grep /b\x{1c0}ss0/i, qw{ xxxx xxxx0 };
+		ok($result == 0);
+	}
+ 
+ } # End of sub run_tests
+ 
+-- 
+2.20.1
+
--- a/perl.spec
+++ b/perl.spec
@ -302,6 +302,10 @@ Patch67:        perl-5.29.9-Fix-recent-double-free-in-S_parse_gv_stash_name.patc
 # Fix a memory leak when deletion in a tied hash dies, in upstream after 5.29.9
 Patch68:        perl-5.29.9-avoid-leak-with-local-h-foo-a-n.patch

+# Fix a crash when matching case insensitively, RT#133892,
+# in upstream after 5.29.9
+Patch69:        perl-5.28.1-perl-133892-coredump-in-Perl_re_intuit_start.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch

@ -2926,6 +2930,7 @@ Perl extension for Version Objects
 %patch66 -p1
 %patch67 -p1
 %patch68 -p1
+%patch69 -p1
 %patch200 -p1
 %patch201 -p1

@ -2985,6 +2990,7 @@ perl -x patchlevel.h \
    'Fedora Patch65: Fix a memory leak when parsing misindented here-documents' \
    'Fedora Patch66: Fix a memory leak in package name lookup (RT#133977)' \
    'Fedora Patch68: Fix a memory leak when deletion in a tied hash dies' \
+    'Fedora Patch69: Fix a crash when matching case insensitively (RT#133892)' \
    'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
    'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
    %{nil}
@ -5286,6 +5292,7 @@ popd
 - Fix a memory leak when parsing misindented here-documents
 - Fix a memory leak in package name lookup (RT#133977)
 - Fix a memory leak when deletion in a tied hash dies
+- Fix a crash when matching case insensitively (RT#133892)

 * Tue Mar 05 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-434
 - Add explicit Requires: libxcrypt-devel to devel sub-package (bug #1666098)