Fix leak with non-matching named captures

2011-12-14 15:28:03 +01:00 · 2011-12-14 15:28:03 +01:00 · dbe8201b14
commit dbe8201b14
parent 05dde32abe
2 changed files with 62 additions and 1 deletions
--- a/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
+++ b/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
@ -0,0 +1,52 @@
+From 7402016d87474403eea5c52dc2c071f68cbbe25c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= <avar@cpan.org>
+Date: Tue, 13 Dec 2011 14:43:12 +0000
+Subject: [PATCH] [RT #78266] Don't leak memory when accessing named captures
+ that didn't match
+
+Since 5.10 (probably 44a2ac759e) named captures have been leaking
+memory when they're used, don't actually match, but are later
+accessed. E.g.:
+
+    $ perl -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?<capture>bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"'
+      RSS
+    238524
+
+Here we match the "foo" branch of our regex, but since we've used a
+name capture we'll end up running the code in
+Perl_reg_named_buff_fetch, which allocates a newSVsv(&PL_sv_undef) but
+never uses it unless it's trying to return an array.
+
+Just change that code not to allocate scalars we don't plan to
+return. With this fix we don't leak any memory since there's nothing
+to leak anymore.
+
+    $ ./perl -Ilib -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?<capture>bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"'
+      RSS
+     3528
+
+This reverts commit b28f4af8cf94eb18c0cfde71e9625081912499a8 ("Fix
+allocating something in the first place is a better solution than
+allocating it, not using it, and then freeing it.
+
+Petr Pisar: perldelta and wrong fix (commit b28f4af8cf) removed.
+---
+ regcomp.c         |    7 ++-----
+
+diff --git a/regcomp.c b/regcomp.c
+index 9e9fac4..56b2b9c 100644
+--- a/regcomp.c
+++ b/regcomp.c
+@@ -5409,7 +5409,8 @@ Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv,
+                     if (!retarray)
+                         return ret;
+                 } else {
+-                    ret = newSVsv(&PL_sv_undef);
+                    if (retarray)
+                        ret = newSVsv(&PL_sv_undef);
+                 }
+                 if (retarray)
+                     av_push(retarray, ret);
+-- 
+1.7.7.4
+
--- a/perl.spec
+++ b/perl.spec
@ -24,7 +24,7 @@
 Name:           perl
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        205%{?dist}
+Release:        206%{?dist}
 Epoch:          %{perl_epoch}
 Summary:        Practical Extraction and Report Language
 Group:          Development/Languages
@ -77,6 +77,10 @@ Patch9:         perl-5.14.2-digest_eval.patch
 # rhbz #720610, Perl RT#94560, accepted as v5.15.4-24-g26e1303.
 Patch10:        perl-5.14.2-large-repeat-heap-abuse.patch

+# Fix leak with non-matching named captures. rhbz#767597, RT#78266, fixed
+# after 5.14.2.
+Patch11:        perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
+
 # Update some of the bundled modules
 # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions

@ -1238,6 +1242,7 @@ tarball from perl.org.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1

 #copy the example script
 cp -a %{SOURCE5} .
@ -1438,6 +1443,7 @@ pushd %{build_archlib}/CORE/
    'Fedora Patch7: Dont run one io test due to random builder failures' \
    'Fedora Patch9: Fix code injection in Digest->new()' \
    'Fedora Patch10: Change Perl_repeatcpy() to allow count above 2^31' \
+    'Fedora Patch11: Fix leak with non-matching named captures' \
    %{nil}

 rm patchlevel.bak
@ -2395,6 +2401,9 @@ sed \

 # Old changelog entries are preserved in CVS.
 %changelog
+* Wed Dec 14 2011 Petr Pisar <ppisar@redhat.com> - 4:5.14.2-206
+- Fix leak with non-matching named captures (bug #767597)
+
 * Tue Nov 29 2011 Petr Pisar <ppisar@redhat.com> - 4:5.14.2-205
 - Sub-package ExtUtils::Install
 - Sub-package ExtUtils::Manifest