rpms
/
perl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a NULL pointer dereference in PerlIOVia_pushed()

This commit is contained in:
Petr Písař 2019-08-22 10:46:53 +02:00
parent 0e4d26837f
commit e24a3ce0f2
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
perl-5.31.2-PerlIO-Via-check-arg-is-non-NULL-before-using-it.patch Normal file
View File

@ -0,0 +1,38 @@
From 12e1284a67e5e3404c704c3f864749fd9f04c7c4 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Wed, 7 Aug 2019 14:58:14 +1000
Subject: [PATCH] PerlIO::Via: check arg is non-NULL before using it.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
I can't find any code in core that ends up calling the _pushed handler
with arg == NULL, but PerlIO_push() is API, and there might be
CPAN or DarkPAN code out there that does, escpecially since there's
a check for arg being non-NULL further down.
CID 169261.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
ext/PerlIO-via/via.xs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ext/PerlIO-via/via.xs b/ext/PerlIO-via/via.xs
index d91c6855fc..8456242bc0 100644
--- a/ext/PerlIO-via/via.xs
+++ b/ext/PerlIO-via/via.xs
@@ -134,8 +134,8 @@ PerlIOVia_pushed(pTHX_ PerlIO * f, const char *mode, SV * arg,
{
IV code = PerlIOBase_pushed(aTHX_ f, mode, Nullsv, tab);
- if (SvTYPE(arg) >= SVt_PVMG
- && mg_findext(arg, PERL_MAGIC_ext, &PerlIOVia_tag)) {
+ if (arg && SvTYPE(arg) >= SVt_PVMG
+ && mg_findext(arg, PERL_MAGIC_ext, &PerlIOVia_tag)) {
return code;
}
--
2.21.0

10
perl.spec
View File

@ -85,7 +85,7 @@ License: GPL+ or Artistic
Epoch: %{perl_epoch}
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise
Release: 443%{?dist}
Release: 444%{?dist}
Summary: Practical Extraction and Report Language
Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz
@ -246,6 +246,9 @@ Patch47: perl-5.31.2-avoid-use-after-free-in.patch
# in upstream after 5.31.2
Patch48: perl-5.31.2-locale.c-Stop-Coverity-warning.patch
# Fix a NULL pointer dereference in PerlIOVia_pushed(), fixed after 5.31.2
Patch49: perl-5.31.2-PerlIO-Via-check-arg-is-non-NULL-before-using-it.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2816,6 +2819,7 @@ Perl extension for Version Objects
%patch46 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch200 -p1
%patch201 -p1
@ -2871,6 +2875,7 @@ perl -x patchlevel.h \
'Fedora Patch46: Include trailing zero in scalars holding trie data (RT#134207)' \
'Fedora Patch47: Fix a use after free in /(?{...})/ (RT#134208)' \
'Fedora Patch48: Fix a use after free in debugging output of a collation' \
'Fedora Patch49: Fix a NULL pointer dereference in PerlIOVia_pushed()' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@ -5116,6 +5121,9 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
* Thu Aug 22 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.0-444
- Fix a NULL pointer dereference in PerlIOVia_pushed()
* Wed Aug 07 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.0-443
- Fix propagating non-string variables in an exception value (RT#134291)
- Include trailing zero in scalars holding trie data (RT#134207)