From 948d6b9dafc424ef84c38448b984de6086c604da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Tue, 9 Jan 2018 14:07:06 +0100 Subject: [PATCH] Fix an overflow when parsing a character range with no preceding character --- ...t-try-to-process-a-char-range-with-n.patch | 54 +++++++++++++++++++ perl.spec | 8 +++ 2 files changed, 62 insertions(+) create mode 100644 perl-5.26.1-perl-132245-don-t-try-to-process-a-char-range-with-n.patch diff --git a/perl-5.26.1-perl-132245-don-t-try-to-process-a-char-range-with-n.patch b/perl-5.26.1-perl-132245-don-t-try-to-process-a-char-range-with-n.patch new file mode 100644 index 0000000..2bde428 --- /dev/null +++ b/perl-5.26.1-perl-132245-don-t-try-to-process-a-char-range-with-n.patch @@ -0,0 +1,54 @@ +From dc5c68130b7c8b727e9e792506183c255fc2bc70 Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Thu, 19 Oct 2017 10:46:04 +1100 +Subject: [PATCH] (perl #132245) don't try to process a char range with no + preceding char +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A range like \N{}-0 eventually results in compilation failing, but +before that, get_and_check_backslash_N_name() attempts to treat +the memory before the empty output of \N{} as a character. + +Petr Písař: Ported to 5.26.1. + +Signed-off-by: Petr Písař +--- + t/lib/warnings/toke | 5 +++++ + toke.c | 6 +++--- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/t/lib/warnings/toke b/t/lib/warnings/toke +index fc51d9f..398ee22 100644 +--- a/t/lib/warnings/toke ++++ b/t/lib/warnings/toke +@@ -1651,3 +1651,8 @@ Execution of - aborted due to compilation errors. + use utf8; + qw∘foo ∞ ♥ bar∘ + EXPECT ++######## ++# NAME tr/// range with empty \N{} at the start ++tr//\N{}-0/; ++EXPECT ++Unknown charname '' is deprecated. Its use will be fatal in Perl 5.28 at - line 1. +diff --git a/toke.c b/toke.c +index 6f84d2d..6ee7a68 100644 +--- a/toke.c ++++ b/toke.c +@@ -2958,9 +2958,9 @@ S_scan_const(pTHX_ char *start) + + /* Here, we don't think we're in a range. If the new character + * is not a hyphen; or if it is a hyphen, but it's too close to +- * either edge to indicate a range, then it's a regular +- * character. */ +- if (*s != '-' || s >= send - 1 || s == start) { ++ * either edge to indicate a range, or if we haven't output any ++ * characters yet then it's a regular character. */ ++ if (*s != '-' || s >= send - 1 || s == start || d == SvPVX(sv)) { + + /* A regular character. Process like any other, but first + * clear any flags */ +-- +2.13.6 + diff --git a/perl.spec b/perl.spec index ffe36c4..8575459 100644 --- a/perl.spec +++ b/perl.spec @@ -211,6 +211,10 @@ Patch62: perl-5.27.3-perl-132008-make-sure-the-test-behaves-without-a-tty # in upstream after 5.27.3 Patch63: perl-5.26.1-fix-132017-OPFAIL-insert-needs-to-set-flags-to-0.patch +# Fix an overflow when parsing a character range with no preceding character, +# RT#132245, in upstream after 5.27.5 +Patch64: perl-5.26.1-perl-132245-don-t-try-to-process-a-char-range-with-n.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2789,6 +2793,7 @@ Perl extension for Version Objects %patch61 -p1 %patch62 -p1 %patch63 -p1 +%patch64 -p1 %patch200 -p1 %patch201 -p1 @@ -2826,6 +2831,7 @@ perl -x patchlevel.h \ 'Fedora Patch59: Fix an overflow in the lexer when reading a new line (RT#131793)' \ 'Fedora Patch60: Fix Term::ReadLine not to create spurious &STDERR files (RT#132008)' \ 'Fedora Patch63: Fix a crash when a match for inversely repeated group fails (RT#132017)' \ + 'Fedora Patch64: Fix an overflow when parsing a character range with no preceding character (RT#132245)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5114,6 +5120,8 @@ popd - Fix an overflow in the lexer when reading a new line (RT#131793) - Fix Term::ReadLine not to create spurious &STDERR files (RT#132008) - Fix a crash when a match for inversely repeated group fails (RT#132017) +- Fix an overflow when parsing a character range with no preceding character + (RT#132245) * Mon Sep 25 2017 Jitka Plesnikova - 4:5.26.1-401 - Update perl(:MODULE_COMPAT)