rpms
/
perl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a buffer overflow in split in scalar context

This commit is contained in:
Petr Písař 2017-01-20 09:33:57 +01:00
parent 2d983c0871
commit c33285d987
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch Normal file
View File

@ -0,0 +1,62 @@
From 2bcb4a5888b1c26ee11bc447cc02b42290c707af Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Mon, 5 Dec 2016 11:48:14 +1100
Subject: [PATCH] (perl #130262) split scalar context stack overflow fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ported to 5.14.1:
commit 02c161ef974f8f1efbb5632f741c1164adb6ca75
Author: Tony Cook <tony@develop-help.com>
Date: Mon Dec 5 11:48:14 2016 +1100
(perl #130262) split scalar context stack overflow fix
pp_split didn't ensure there was space for its return value
in scalar context.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pp.c | 2 +-
t/op/split.t | 6 +++++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/pp.c b/pp.c
index 70345ce..334b353 100644
--- a/pp.c
+++ b/pp.c
@@ -6259,7 +6259,7 @@ PP(pp_split)
}
GETTARGET;
- PUSHi(iters);
+ XPUSHi(iters);
RETURN;
}
diff --git a/t/op/split.t b/t/op/split.t
index b7846a1..3e08841 100644
--- a/t/op/split.t
+++ b/t/op/split.t
@@ -7,7 +7,7 @@ BEGIN {
set_up_inc('../lib');
}
-plan tests => 133;
+plan tests => 134;
$FS = ':';
@@ -534,3 +534,7 @@ is "@a", '1 2 3', 'assignment to split-to-array (stacked)';
ok eval { $a[0] = 'a'; 1; }, "array split filling AvARRAY: assign 0";
is "@a", "a b", "array split filling AvARRAY: result";
}
+
+fresh_perl_is(<<'CODE', '', {}, "scalar split stack overflow");
+map{int"";split//.0>60for"0000000000000000"}split// for"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+CODE
--
2.7.4

11
perl.spec
View File

@ -28,7 +28,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise
Release: 385%{?dist}
Release: 386%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@ -236,6 +236,10 @@ Patch64: perl-5.24.0-perl-129788-IO-Poll-fix-memory-leak.patch
# Fix regular expression matching, RT#130307, in upstream after 5.25.7
Patch65: perl-5.25.7-perl-130307-Correctly-unwind-on-cache-hit.patch
# Fix a buffer overflow in split in scalar context, RT#130262,
# in upstream after 5.25.8
Patch66: perl-5.24.1-perl-130262-split-scalar-context-stack-overflow-fix.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2925,6 +2929,7 @@ Perl extension for Version Objects
%patch63 -p1
%patch64 -p1
%patch65 -p1
%patch66 -p1
%patch200 -p1
%patch201 -p1
@ -2979,6 +2984,7 @@ perl -x patchlevel.h \
'Fedora Patch63: Fix a crash in optimized evaluation of "or ((0) x 0))" (RT#130247)' \
'Fedora Patch64: Fix a memory leak in IO::Poll (RT#129788)' \
'Fedora Patch65: Fix regular expression matching (RT#130307)' \
'Fedora Patch66: Fix a buffer overflow in split in scalar context (RT#130262)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@ -5255,6 +5261,9 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
* Fri Jan 20 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-386
- Fix a buffer overflow in split in scalar context (RT#130262)
* Mon Jan 16 2017 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.24.1-385
- 5.24.1 bump (see <http://search.cpan.org/dist/perl-5.24.1/pod/perldelta.pod>
for release notes)