diff --git a/perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch b/perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch new file mode 100644 index 0000000..0ebda55 --- /dev/null +++ b/perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch @@ -0,0 +1,81 @@ +From 0cefeca1fd2405ad1b5544a3919e0000377fde5e Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Tue, 21 Feb 2017 16:38:36 +1100 +Subject: [PATCH] (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ported to 5.24.1: + +commit 853eb961c1a3b014b5a9510740abc15ccd4383b6 +Author: Tony Cook +Date: Tue Feb 21 16:38:36 2017 +1100 + + (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch + + Originally noted as a scoping issue by Andy Lester. + +Signed-off-by: Petr Písař +--- + regcomp.c | 5 +---- + t/op/svleak.t | 12 +++++++++++- + 2 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/regcomp.c b/regcomp.c +index 6329f6c..989c528 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -7849,21 +7849,18 @@ SV* + Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv, + const U32 flags) + { +- AV *retarray = NULL; + SV *ret; + struct regexp *const rx = ReANY(r); + + PERL_ARGS_ASSERT_REG_NAMED_BUFF_FETCH; + +- if (flags & RXapif_ALL) +- retarray=newAV(); +- + if (rx && RXp_PAREN_NAMES(rx)) { + HE *he_str = hv_fetch_ent( RXp_PAREN_NAMES(rx), namesv, 0, 0 ); + if (he_str) { + IV i; + SV* sv_dat=HeVAL(he_str); + I32 *nums=(I32*)SvPVX(sv_dat); ++ AV * const retarray = (flags & RXapif_ALL) ? newAV() : NULL; + for ( i=0; inparens) >= nums[i] + && rx->offs[nums[i]].start != -1 +diff --git a/t/op/svleak.t b/t/op/svleak.t +index b0692ff..eeea7c1 100644 +--- a/t/op/svleak.t ++++ b/t/op/svleak.t +@@ -15,7 +15,7 @@ BEGIN { + + use Config; + +-plan tests => 133; ++plan tests => 134; + + # run some code N times. If the number of SVs at the end of loop N is + # greater than (N-1)*delta at the end of loop 1, we've got a leak +@@ -557,3 +557,13 @@ EOF + sub lk { { my $d = $op->hints_hash->HASH } } + ::leak(3, 0, \&lk, q!B::RHE->HASH shoudln't leak!); + } ++ ++{ ++ # Perl_reg_named_buff_fetch() leaks an AV when called with an RE ++ # with no named captures ++ sub named { ++ "x" =~ /x/; ++ re::regname("foo", 1); ++ } ++ ::leak(2, 0, \&named, "Perl_reg_named_buff_fetch() on no-name RE"); ++} +-- +2.7.4 + diff --git a/perl.spec b/perl.spec index 88a8a2a..e01514a 100644 --- a/perl.spec +++ b/perl.spec @@ -309,6 +309,10 @@ Patch87: perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf # in upstream after 5.25.9 Patch88: perl-5.24.1-perl-129340-copy-the-source-when-inside-the-dest-in-.patch +# Fix a memory leak leak in Perl_reg_named_buff_fetch(), RT#130822, +# in upstream after 5.25.10 +Patch89: perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -3023,6 +3027,7 @@ popd %patch86 -p1 %patch87 -p1 %patch88 -p1 +%patch89 -p1 %patch200 -p1 %patch201 -p1 @@ -3096,6 +3101,7 @@ perl -x patchlevel.h \ 'Fedora Patch86: Fix a memory leak in list assignment from or to magic values, (RT#130766)' \ 'Fedora Patch87: Fix a null-pointer dereference on malformed code (RT#130815)' \ 'Fedora Patch88: Fix an use-after-free in substr() that modifies a magic variable (RT#129340)' \ + 'Fedora Patch89: Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5375,6 +5381,7 @@ popd * Wed Mar 08 2017 Petr Pisar - 4:5.24.1-390 - Fix a null-pointer dereference on malformed code (RT#130815) - Fix an use-after-free in substr() that modifies a magic variable (RT#129340) +- Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822) * Fri Feb 17 2017 Petr Pisar - 4:5.24.1-389 - Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326)