rpms/perl
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a memory leak leak in Perl_reg_named_buff_fetch()

Browse Source
This commit is contained in:
Petr Písař 2017-03-08 12:17:41 +01:00
parent 32d6785b6d
commit d61d60edb3
2 changed files with 88 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch Normal file
View File

@ -0,0 +1,81 @@
From 0cefeca1fd2405ad1b5544a3919e0000377fde5e Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Tue, 21 Feb 2017 16:38:36 +1100
Subject: [PATCH] (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ported to 5.24.1:
commit 853eb961c1a3b014b5a9510740abc15ccd4383b6
Author: Tony Cook <tony@develop-help.com>
Date: Tue Feb 21 16:38:36 2017 +1100
(perl #130822) fix an AV leak in Perl_reg_named_buff_fetch
Originally noted as a scoping issue by Andy Lester.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
regcomp.c | 5 +----
t/op/svleak.t | 12 +++++++++++-
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/regcomp.c b/regcomp.c
index 6329f6c..989c528 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -7849,21 +7849,18 @@ SV*
Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv,
const U32 flags)
{
- AV *retarray = NULL;
SV *ret;
struct regexp *const rx = ReANY(r);
PERL_ARGS_ASSERT_REG_NAMED_BUFF_FETCH;
- if (flags & RXapif_ALL)
- retarray=newAV();
-
if (rx && RXp_PAREN_NAMES(rx)) {
HE *he_str = hv_fetch_ent( RXp_PAREN_NAMES(rx), namesv, 0, 0 );
if (he_str) {
IV i;
SV* sv_dat=HeVAL(he_str);
I32 *nums=(I32*)SvPVX(sv_dat);
+ AV * const retarray = (flags & RXapif_ALL) ? newAV() : NULL;
for ( i=0; i<SvIVX(sv_dat); i++ ) {
if ((I32)(rx->nparens) >= nums[i]
&& rx->offs[nums[i]].start != -1
diff --git a/t/op/svleak.t b/t/op/svleak.t
index b0692ff..eeea7c1 100644
--- a/t/op/svleak.t
+++ b/t/op/svleak.t
@@ -15,7 +15,7 @@ BEGIN {
use Config;
-plan tests => 133;
+plan tests => 134;
# run some code N times. If the number of SVs at the end of loop N is
# greater than (N-1)*delta at the end of loop 1, we've got a leak
@@ -557,3 +557,13 @@ EOF
sub lk { { my $d = $op->hints_hash->HASH } }
::leak(3, 0, \&lk, q!B::RHE->HASH shoudln't leak!);
}
+
+{
+ # Perl_reg_named_buff_fetch() leaks an AV when called with an RE
+ # with no named captures
+ sub named {
+ "x" =~ /x/;
+ re::regname("foo", 1);
+ }
+ ::leak(2, 0, \&named, "Perl_reg_named_buff_fetch() on no-name RE");
+}
--
2.7.4

7
perl.spec
View File

@ -309,6 +309,10 @@ Patch87: perl-5.24.1-perl-130815-fix-ck_return-null-pointer-deref-on-malf
# in upstream after 5.25.9 # in upstream after 5.25.9
Patch88: perl-5.24.1-perl-129340-copy-the-source-when-inside-the-dest-in-.patch Patch88: perl-5.24.1-perl-129340-copy-the-source-when-inside-the-dest-in-.patch
# Fix a memory leak leak in Perl_reg_named_buff_fetch(), RT#130822,
# in upstream after 5.25.10
Patch89: perl-5.24.1-perl-130822-fix-an-AV-leak-in-Perl_reg_named_buff_fe.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -3023,6 +3027,7 @@ popd
%patch86 -p1 %patch86 -p1
%patch87 -p1 %patch87 -p1
%patch88 -p1 %patch88 -p1
%patch89 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
@ -3096,6 +3101,7 @@ perl -x patchlevel.h \
'Fedora Patch86: Fix a memory leak in list assignment from or to magic values, (RT#130766)' \ 'Fedora Patch86: Fix a memory leak in list assignment from or to magic values, (RT#130766)' \
'Fedora Patch87: Fix a null-pointer dereference on malformed code (RT#130815)' \ 'Fedora Patch87: Fix a null-pointer dereference on malformed code (RT#130815)' \
'Fedora Patch88: Fix an use-after-free in substr() that modifies a magic variable (RT#129340)' \ 'Fedora Patch88: Fix an use-after-free in substr() that modifies a magic variable (RT#129340)' \
'Fedora Patch89: Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil} %{nil}
@ -5375,6 +5381,7 @@ popd
* Wed Mar 08 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-390 * Wed Mar 08 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-390
- Fix a null-pointer dereference on malformed code (RT#130815) - Fix a null-pointer dereference on malformed code (RT#130815)
- Fix an use-after-free in substr() that modifies a magic variable (RT#129340) - Fix an use-after-free in substr() that modifies a magic variable (RT#129340)
- Fix a memory leak leak in Perl_reg_named_buff_fetch() (RT#130822)
* Fri Feb 17 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-389 * Fri Feb 17 2017 Petr Pisar <ppisar@redhat.com> - 4:5.24.1-389
- Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326) - Adapt Compress::Raw::Zlib to zlib-1.2.11 (bug #1420326)