diff --git a/perl-5.24.1-perl-129342-ensure-range-start-is-set-after-error-in.patch b/perl-5.24.1-perl-129342-ensure-range-start-is-set-after-error-in.patch new file mode 100644 index 0000000..6543e4f --- /dev/null +++ b/perl-5.24.1-perl-129342-ensure-range-start-is-set-after-error-in.patch @@ -0,0 +1,73 @@ +From a26907949ed561dccd661fc8600889eddc6664ea Mon Sep 17 00:00:00 2001 +From: Hugo van der Sanden +Date: Wed, 5 Oct 2016 14:53:27 +0100 +Subject: [PATCH] [perl #129342] ensure range-start is set after error in tr/// +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.24.1: + +t 59143e29a717d67a61b869a6c5bb49574f1ef43f +Author: Tony Cook +Date: Tue Jan 17 11:52:53 2017 +1100 + + (perl #129342) test for buffer overflow + +commit 3dd4eaeb8ac39e08179145b86aedda36584a3509 +Author: Hugo van der Sanden +Date: Wed Oct 5 14:53:27 2016 +0100 + + [perl #129342] ensure range-start is set after error in tr/// + + A parse error due to invalid octal or hex escape in the range of a + transliteration must still ensure some kind of start and end values + are captured, since we don't stop on the first such error. Failure + to do so can cause invalid reads after "Here we have parsed a range". + +Signed-off-by: Petr Písař +--- + t/lib/croak/toke | 7 +++++++ + toke.c | 4 ++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/t/lib/croak/toke b/t/lib/croak/toke +index 18dfa24..578a6da 100644 +--- a/t/lib/croak/toke ++++ b/t/lib/croak/toke +@@ -302,3 +302,10 @@ Execution of - aborted due to compilation errors. + BEGIN <> + EXPECT + Illegal declaration of subroutine BEGIN at - line 1. ++######## ++# NAME tr/// handling of mis-formatted \o characters ++# may only fail with ASAN ++tr/\o-0//; ++EXPECT ++Missing braces on \o{} at - line 2, within string ++Execution of - aborted due to compilation errors. +diff --git a/toke.c b/toke.c +index 288f372..576ce72 100644 +--- a/toke.c ++++ b/toke.c +@@ -3338,7 +3338,7 @@ S_scan_const(pTHX_ char *start) + UTF); + if (! valid) { + yyerror(error); +- continue; ++ uv = 0; /* drop through to ensure range ends are set */ + } + goto NUM_ESCAPE_INSERT; + } +@@ -3356,7 +3356,7 @@ S_scan_const(pTHX_ char *start) + UTF); + if (! valid) { + yyerror(error); +- continue; ++ uv = 0; /* drop through to ensure range ends are set */ + } + } + +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index d5f8ac7..2e26b91 100644 --- a/perl.spec +++ b/perl.spec @@ -248,6 +248,10 @@ Patch68: perl-5.25.8-perl-129149-fix-the-test-so-skip-has-a-SKIP-to-work- # in upstream after 5.25.8 Patch69: perl-5.24.1-perl-129125-copy-form-data-if-it-might-be-freed.patch +# Fix a heap overflow if invalid octal or hexadecimal number is used in +# transliteration expression, RT#129342, in upstream after 5.25.8 +Patch70: perl-5.24.1-perl-129342-ensure-range-start-is-set-after-error-in.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2941,6 +2945,7 @@ Perl extension for Version Objects %patch67 -p1 %patch68 -p1 %patch69 -p1 +%patch70 -p1 %patch200 -p1 %patch201 -p1 @@ -2998,6 +3003,7 @@ perl -x patchlevel.h \ 'Fedora Patch66: Fix a buffer overflow in split in scalar context (RT#130262)' \ 'Fedora Patch67: Fix a heap overflow with pack "W" (RT129149)' \ 'Fedora Patch69: Fix a use-after-free when processing scalar variables in forms (RT#129125)' \ + 'Fedora Patch70: Fix a heap overflow if invalid octal or hexadecimal number is used in transliteration expression (RT#129342)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5278,6 +5284,8 @@ popd - Fix a buffer overflow in split in scalar context (RT#130262) - Fix a heap overflow with pack "W" (RT129149) - Fix a use-after-free when processing scalar variables in forms (RT#129125) +- Fix a heap overflow if invalid octal or hexadecimal number is used in + transliteration expression (RT#129342) * Mon Jan 16 2017 Jitka Plesnikova - 4:5.24.1-385 - 5.24.1 bump (see