Fix an overflow in the lexer when reading a new line

2018-01-09 13:07:54 +01:00 · 2018-01-09 13:07:54 +01:00 · 88dd9e56b3
commit 88dd9e56b3
parent fca4148414
2 changed files with 87 additions and 0 deletions
--- a/perl-5.27.2-perl-131793-sanely-handle-PL_linestart-PL_bufptr.patch
+++ b/perl-5.27.2-perl-131793-sanely-handle-PL_linestart-PL_bufptr.patch
@ -0,0 +1,80 @@
+From 36000cd1c47863d8412b285701db7232dd450239 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Wed, 26 Jul 2017 12:04:18 +1000
+Subject: [PATCH] (perl #131793) sanely handle PL_linestart > PL_bufptr
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In the test case, scan_ident() ends up fetching another line
+(updating PL_linestart), and since in this case we don't
+successfully parse ${identifier} s (and PL_bufptr) end up being
+before PL_linestart.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ t/comp/parser_run.t |  9 ++++++++-
+ toke.c              | 19 +++++++++++++++----
+ 2 files changed, 23 insertions(+), 5 deletions(-)
+
+diff --git a/t/comp/parser_run.t b/t/comp/parser_run.t
+index e74644d3fb..0fca5b2800 100644
+--- a/t/comp/parser_run.t
+++ b/t/comp/parser_run.t
+@@ -10,7 +10,7 @@ BEGIN {
+ }
+ 
+ require './test.pl';
+-plan(1);
+plan(2);
+ 
+ # [perl #130814] can reallocate lineptr while looking ahead for
+ # "Missing $ on loop variable" diagnostic.
+@@ -24,5 +24,12 @@ syntax error at - line 3, near "foreach m0
+ Identifier too long at - line 3.
+ EXPECT
+ 
+fresh_perl_is(<<EOS, <<'EXPECT', {}, "linestart before bufptr");
+\${ \xD5eeeeeeeeeeee
+'x
+EOS
+Unrecognized character \xD5; marked by <-- HERE after ${ <-- HERE near column 4 at - line 1.
+EXPECT
+
+ __END__
+ # ex: set ts=8 sts=4 sw=4 et:
+diff --git a/toke.c b/toke.c
+index 6de7d09ea4..3899b729af 100644
+--- a/toke.c
+++ b/toke.c
+@@ -5158,12 +5158,23 @@ Perl_yylex(pTHX)
+         else {
+             c = Perl_form(aTHX_ "\\x%02X", (unsigned char)*s);
+         }
+-        len = UTF ? Perl_utf8_length(aTHX_ (U8 *) PL_linestart, (U8 *) s) : (STRLEN) (s - PL_linestart);
+-        if (len > UNRECOGNIZED_PRECEDE_COUNT) {
+-            d = UTF ? (char *) utf8_hop_back((U8 *) s, -UNRECOGNIZED_PRECEDE_COUNT, (U8 *)PL_linestart) : s - UNRECOGNIZED_PRECEDE_COUNT;
+-        } else {
+
+        if (s >= PL_linestart) {
+             d = PL_linestart;
+         }
+        else {
+            /* somehow (probably due to a parse failure), PL_linestart has advanced
+             * pass PL_bufptr, get a reasonable beginning of line
+             */
+            d = s;
+            while (d > SvPVX(PL_linestr) && d[-1] && d[-1] != '\n')
+                --d;
+        }
+        len = UTF ? Perl_utf8_length(aTHX_ (U8 *) d, (U8 *) s) : (STRLEN) (s - d);
+        if (len > UNRECOGNIZED_PRECEDE_COUNT) {
+            d = UTF ? (char *) utf8_hop_back((U8 *) s, -UNRECOGNIZED_PRECEDE_COUNT, (U8 *)d) : s - UNRECOGNIZED_PRECEDE_COUNT;
+        }
+
+         Perl_croak(aTHX_  "Unrecognized character %s; marked by <-- HERE after %" UTF8f "<-- HERE near column %d", c,
+                           UTF8fARG(UTF, (s - d), d),
+                          (int) len + 1);
+-- 
+2.13.6
+
--- a/perl.spec
+++ b/perl.spec
@ -197,6 +197,10 @@ Patch56:        perl-5.27.2-EU-Constant-avoid-uninit-warning.patch
 # Fix unreliable Time-HiRes tests, CPAN RT#122819, in Time-HiRes-1.9746
 Patch58:        perl-5.26.0-Time-HiRes-Fix-unreliable-t-usleep.t-and-t-utime.t.patch

+# Fix an overflow in the lexer when reading a new line, RT#131793,
+# in upstream after 5.27.2
+Patch59:        perl-5.27.2-perl-131793-sanely-handle-PL_linestart-PL_bufptr.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch

@ -2770,6 +2774,7 @@ Perl extension for Version Objects
 %patch55 -p1
 %patch56 -p1
 %patch58 -p1
+%patch59 -p1
 %patch200 -p1
 %patch201 -p1

@ -2804,6 +2809,7 @@ perl -x patchlevel.h \
    'Fedora Patch55: Fix compiler warnings in code generated by ExtUtils::Constant (CPAN RT#63832)' \
    'Fedora Patch56: Fix compiler warnings in code generated by ExtUtils::Constant (CPAN RT#101487)' \
    'Fedora Patch58: Fix unreliable Time-HiRes tests (CPAN RT#122819)' \
+    'Fedora Patch59: Fix an overflow in the lexer when reading a new line (RT#131793)' \
    'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
    'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
    %{nil}
@ -5089,6 +5095,7 @@ popd
 %changelog
 * Tue Jan 09 2018 Petr Pisar <ppisar@redhat.com> - 4:5.26.1-402
 - Remove invalid macro definitions from macros.perl (bug #1532539)
+- Fix an overflow in the lexer when reading a new line (RT#131793)

 * Mon Sep 25 2017 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.26.1-401
 - Update perl(:MODULE_COMPAT)