From dbe8201b14e05b1e2d8566f90747fb2d6aff4ae5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Wed, 14 Dec 2011 15:28:03 +0100 Subject: [PATCH] Fix leak with non-matching named captures --- ...eak-memory-when-accessing-named-capt.patch | 52 +++++++++++++++++++ perl.spec | 11 +++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch diff --git a/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch b/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch new file mode 100644 index 0000000..a3aabb2 --- /dev/null +++ b/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch @@ -0,0 +1,52 @@ +From 7402016d87474403eea5c52dc2c071f68cbbe25c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= +Date: Tue, 13 Dec 2011 14:43:12 +0000 +Subject: [PATCH] [RT #78266] Don't leak memory when accessing named captures + that didn't match + +Since 5.10 (probably 44a2ac759e) named captures have been leaking +memory when they're used, don't actually match, but are later +accessed. E.g.: + + $ perl -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"' + RSS + 238524 + +Here we match the "foo" branch of our regex, but since we've used a +name capture we'll end up running the code in +Perl_reg_named_buff_fetch, which allocates a newSVsv(&PL_sv_undef) but +never uses it unless it's trying to return an array. + +Just change that code not to allocate scalars we don't plan to +return. With this fix we don't leak any memory since there's nothing +to leak anymore. + + $ ./perl -Ilib -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"' + RSS + 3528 + +This reverts commit b28f4af8cf94eb18c0cfde71e9625081912499a8 ("Fix +allocating something in the first place is a better solution than +allocating it, not using it, and then freeing it. + +Petr Pisar: perldelta and wrong fix (commit b28f4af8cf) removed. +--- + regcomp.c | 7 ++----- + +diff --git a/regcomp.c b/regcomp.c +index 9e9fac4..56b2b9c 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -5409,7 +5409,8 @@ Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv, + if (!retarray) + return ret; + } else { +- ret = newSVsv(&PL_sv_undef); ++ if (retarray) ++ ret = newSVsv(&PL_sv_undef); + } + if (retarray) + av_push(retarray, ret); +-- +1.7.7.4 + diff --git a/perl.spec b/perl.spec index e71266a..0a9c497 100644 --- a/perl.spec +++ b/perl.spec @@ -24,7 +24,7 @@ Name: perl Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 205%{?dist} +Release: 206%{?dist} Epoch: %{perl_epoch} Summary: Practical Extraction and Report Language Group: Development/Languages @@ -77,6 +77,10 @@ Patch9: perl-5.14.2-digest_eval.patch # rhbz #720610, Perl RT#94560, accepted as v5.15.4-24-g26e1303. Patch10: perl-5.14.2-large-repeat-heap-abuse.patch +# Fix leak with non-matching named captures. rhbz#767597, RT#78266, fixed +# after 5.14.2. +Patch11: perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch + # Update some of the bundled modules # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions @@ -1238,6 +1242,7 @@ tarball from perl.org. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 #copy the example script cp -a %{SOURCE5} . @@ -1438,6 +1443,7 @@ pushd %{build_archlib}/CORE/ 'Fedora Patch7: Dont run one io test due to random builder failures' \ 'Fedora Patch9: Fix code injection in Digest->new()' \ 'Fedora Patch10: Change Perl_repeatcpy() to allow count above 2^31' \ + 'Fedora Patch11: Fix leak with non-matching named captures' \ %{nil} rm patchlevel.bak @@ -2395,6 +2401,9 @@ sed \ # Old changelog entries are preserved in CVS. %changelog +* Wed Dec 14 2011 Petr Pisar - 4:5.14.2-206 +- Fix leak with non-matching named captures (bug #767597) + * Tue Nov 29 2011 Petr Pisar - 4:5.14.2-205 - Sub-package ExtUtils::Install - Sub-package ExtUtils::Manifest