Fix a buffer overread when parsing a regular expression with an unknown character name
This commit is contained in:
parent
7d3f0728cf
commit
d959a0725c
|
@ -0,0 +1,69 @@
|
||||||
|
From d434dd3ec16dc1202626e9868f177203e2a86da5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karl Williamson <khw@cpan.org>
|
||||||
|
Date: Thu, 21 Mar 2019 09:35:49 -0600
|
||||||
|
Subject: [PATCH] PATCH: [perl #133880] assertion failure
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This was caused by attempting to continue parsing after an error is
|
||||||
|
found, and later assuming that what came before was valid. The fix is
|
||||||
|
to put in something valid that's usable until the parse eventually dies
|
||||||
|
from what caused this, or some other error.
|
||||||
|
|
||||||
|
Signed-off-by: Ported to 5.28.1 from
|
||||||
|
ef65a74af186beb93566cf827c5f543f4aa14645.
|
||||||
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||||
|
---
|
||||||
|
t/op/tr.t | 8 +++++++-
|
||||||
|
toke.c | 8 ++++++--
|
||||||
|
2 files changed, 13 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/t/op/tr.t b/t/op/tr.t
|
||||||
|
index 0f74936..47d603d 100644
|
||||||
|
--- a/t/op/tr.t
|
||||||
|
+++ b/t/op/tr.t
|
||||||
|
@@ -13,7 +13,7 @@ BEGIN {
|
||||||
|
|
||||||
|
use utf8;
|
||||||
|
|
||||||
|
-plan tests => 300;
|
||||||
|
+plan tests => 301;
|
||||||
|
|
||||||
|
# Test this first before we extend the stack with other operations.
|
||||||
|
# This caused an asan failure due to a bad write past the end of the stack.
|
||||||
|
@@ -1137,6 +1137,12 @@ for ("", nullrocow) {
|
||||||
|
[\x{E5CD}-\x{E5DF}\x{EA80}-\x{EAFA}\x{EB0E}-\x{EB8E}\x{EAFB}-\x{EB0D}\x{E5B5}-\x{E5CC}];
|
||||||
|
|
||||||
|
is $x, "\x{E5CE}", '[perl #130656]';
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+{
|
||||||
|
+ fresh_perl_like('y/\x{a00}0-\N{}//', qr/Unknown charname/, { },
|
||||||
|
+ 'RT #133880 illegal \N{}');
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
||||||
|
diff --git a/toke.c b/toke.c
|
||||||
|
index 3164df5..4747ef5 100644
|
||||||
|
--- a/toke.c
|
||||||
|
+++ b/toke.c
|
||||||
|
@@ -3770,8 +3770,12 @@ S_scan_const(pTHX_ char *start)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else /* Here is \N{NAME} but not \N{U+...}. */
|
||||||
|
- if ((res = get_and_check_backslash_N_name(s, e)))
|
||||||
|
- {
|
||||||
|
+ if (! (res = get_and_check_backslash_N_name(s, e)))
|
||||||
|
+ { /* Failed. We should die eventually, but for now use a NUL
|
||||||
|
+ to keep parsing */
|
||||||
|
+ *d++ = '\0';
|
||||||
|
+ }
|
||||||
|
+ else { /* Successfully evaluated the name */
|
||||||
|
STRLEN len;
|
||||||
|
const char *str = SvPV_const(res, len);
|
||||||
|
if (PL_lex_inpat) {
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
|
@ -268,6 +268,10 @@ Patch57: perl-5.29.8-fix-blead-on-non-threaded-builds.patch
|
||||||
# in upstream after 5.29.8
|
# in upstream after 5.29.8
|
||||||
Patch58: perl-5.29.8-handle-scope-error-in-qr.patch
|
Patch58: perl-5.29.8-handle-scope-error-in-qr.patch
|
||||||
|
|
||||||
|
# Fix a buffer overread when parsing a regular expression with an unknown
|
||||||
|
# character name, RT#133880, in upstream after 5.29.9
|
||||||
|
Patch59: perl-5.28.1-PATCH-perl-133880-assertion-failure.patch
|
||||||
|
|
||||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||||
|
|
||||||
|
@ -2882,6 +2886,7 @@ Perl extension for Version Objects
|
||||||
%patch56 -p1
|
%patch56 -p1
|
||||||
%patch57 -p1
|
%patch57 -p1
|
||||||
%patch58 -p1
|
%patch58 -p1
|
||||||
|
%patch59 -p1
|
||||||
%patch200 -p1
|
%patch200 -p1
|
||||||
%patch201 -p1
|
%patch201 -p1
|
||||||
|
|
||||||
|
@ -2932,6 +2937,7 @@ perl -x patchlevel.h \
|
||||||
'Fedora Patch55: Fix extending a stack in Perl parser (RT#133778)' \
|
'Fedora Patch55: Fix extending a stack in Perl parser (RT#133778)' \
|
||||||
'Fedora Patch56: Fix a leak when compiling a typed hash dereference' \
|
'Fedora Patch56: Fix a leak when compiling a typed hash dereference' \
|
||||||
'Fedora Patch58: Fix a buffer overread when handling a scope error in qr/\(?{/ (RT#133879)' \
|
'Fedora Patch58: Fix a buffer overread when handling a scope error in qr/\(?{/ (RT#133879)' \
|
||||||
|
'Fedora Patch59: Fix a buffer overread when parsing a regular expression with an unknown character name (RT#133880)' \
|
||||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
@ -5223,6 +5229,8 @@ popd
|
||||||
* Fri Apr 05 2019 Petr Pisar <ppisar@redhat.com> - 4:5.28.1-435
|
* Fri Apr 05 2019 Petr Pisar <ppisar@redhat.com> - 4:5.28.1-435
|
||||||
- Fix a leak when compiling a typed hash dereference
|
- Fix a leak when compiling a typed hash dereference
|
||||||
- Fix a buffer overread when handling a scope error in qr/\(?{/ (RT#133879)
|
- Fix a buffer overread when handling a scope error in qr/\(?{/ (RT#133879)
|
||||||
|
- Fix a buffer overread when parsing a regular expression with an unknown
|
||||||
|
character name (RT#133880)
|
||||||
|
|
||||||
* Tue Mar 05 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-434
|
* Tue Mar 05 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-434
|
||||||
- Add explicit Requires: libxcrypt-devel to devel sub-package (bug #1666098)
|
- Add explicit Requires: libxcrypt-devel to devel sub-package (bug #1666098)
|
||||||
|
|
Loading…
Reference in New Issue