rpms
/
perl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a buffer overread when parsing a regular expression with an unknown character name

This commit is contained in:
Petr Písař 2019-04-05 16:07:10 +02:00
parent 7d3f0728cf
commit d959a0725c
2 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
perl-5.28.1-PATCH-perl-133880-assertion-failure.patch Normal file
View File

@ -0,0 +1,69 @@
From d434dd3ec16dc1202626e9868f177203e2a86da5 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Thu, 21 Mar 2019 09:35:49 -0600
Subject: [PATCH] PATCH: [perl #133880] assertion failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This was caused by attempting to continue parsing after an error is
found, and later assuming that what came before was valid. The fix is
to put in something valid that's usable until the parse eventually dies
from what caused this, or some other error.
Signed-off-by: Ported to 5.28.1 from
ef65a74af186beb93566cf827c5f543f4aa14645.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/op/tr.t | 8 +++++++-
toke.c | 8 ++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/t/op/tr.t b/t/op/tr.t
index 0f74936..47d603d 100644
--- a/t/op/tr.t
+++ b/t/op/tr.t
@@ -13,7 +13,7 @@ BEGIN {
use utf8;
-plan tests => 300;
+plan tests => 301;
# Test this first before we extend the stack with other operations.
# This caused an asan failure due to a bad write past the end of the stack.
@@ -1137,6 +1137,12 @@ for ("", nullrocow) {
[\x{E5CD}-\x{E5DF}\x{EA80}-\x{EAFA}\x{EB0E}-\x{EB8E}\x{EAFB}-\x{EB0D}\x{E5B5}-\x{E5CC}];
is $x, "\x{E5CE}", '[perl #130656]';
+
+}
+
+{
+ fresh_perl_like('y/\x{a00}0-\N{}//', qr/Unknown charname/, { },
+ 'RT #133880 illegal \N{}');
}
1;
diff --git a/toke.c b/toke.c
index 3164df5..4747ef5 100644
--- a/toke.c
+++ b/toke.c
@@ -3770,8 +3770,12 @@ S_scan_const(pTHX_ char *start)
}
}
else /* Here is \N{NAME} but not \N{U+...}. */
- if ((res = get_and_check_backslash_N_name(s, e)))
- {
+ if (! (res = get_and_check_backslash_N_name(s, e)))
+ { /* Failed. We should die eventually, but for now use a NUL
+ to keep parsing */
+ *d++ = '\0';
+ }
+ else { /* Successfully evaluated the name */
STRLEN len;
const char *str = SvPV_const(res, len);
if (PL_lex_inpat) {
--
2.20.1

8
perl.spec
View File

@ -268,6 +268,10 @@ Patch57: perl-5.29.8-fix-blead-on-non-threaded-builds.patch
# in upstream after 5.29.8
Patch58: perl-5.29.8-handle-scope-error-in-qr.patch
# Fix a buffer overread when parsing a regular expression with an unknown
# character name, RT#133880, in upstream after 5.29.9
Patch59: perl-5.28.1-PATCH-perl-133880-assertion-failure.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2882,6 +2886,7 @@ Perl extension for Version Objects
%patch56 -p1
%patch57 -p1
%patch58 -p1
%patch59 -p1
%patch200 -p1
%patch201 -p1
@ -2932,6 +2937,7 @@ perl -x patchlevel.h \
'Fedora Patch55: Fix extending a stack in Perl parser (RT#133778)' \
'Fedora Patch56: Fix a leak when compiling a typed hash dereference' \
'Fedora Patch58: Fix a buffer overread when handling a scope error in qr/\(?{/ (RT#133879)' \
'Fedora Patch59: Fix a buffer overread when parsing a regular expression with an unknown character name (RT#133880)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@ -5223,6 +5229,8 @@ popd
* Fri Apr 05 2019 Petr Pisar <ppisar@redhat.com> - 4:5.28.1-435
- Fix a leak when compiling a typed hash dereference
- Fix a buffer overread when handling a scope error in qr/\(?{/ (RT#133879)
- Fix a buffer overread when parsing a regular expression with an unknown
character name (RT#133880)
* Tue Mar 05 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-434
- Add explicit Requires: libxcrypt-devel to devel sub-package (bug #1666098)