rpms
/
perl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix a stack underflow in readline() if passed an empty array as an argument

This commit is contained in:
Petr Písař 2019-06-25 17:08:33 +02:00
parent a47c957eb2
commit f41c4accda
2 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
perl-5.31.0-perl-133989-scalar-the-argument-to-readline-if-any.patch Normal file
View File

@ -0,0 +1,47 @@
From a8e0c1fd5ade7c30aa0782f1aea274ef89190f6d Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Wed, 12 Jun 2019 15:21:47 +1000
Subject: [PATCH] (perl #133989) scalar() the argument to readline, if any
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
C< readline @foo > would treat @foo as array. If the array was empty
this would push zero items and readline() would then pop one item,
possibly underflowing the stack.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
op.c | 1 +
t/lib/croak/pp_sys | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/op.c b/op.c
index 6ad192307f..7aa002cadd 100644
--- a/op.c
+++ b/op.c
@@ -12142,6 +12142,7 @@ Perl_ck_readline(pTHX_ OP *o)
if (o->op_flags & OPf_KIDS) {
OP *kid = cLISTOPo->op_first;
if (kid->op_type == OP_RV2GV) kid->op_private |= OPpALLOW_FAKE;
+ scalar(kid);
}
else {
OP * const newop
diff --git a/t/lib/croak/pp_sys b/t/lib/croak/pp_sys
index be100da27a..cf9e4ef0ed 100644
--- a/t/lib/croak/pp_sys
+++ b/t/lib/croak/pp_sys
@@ -93,3 +93,9 @@ close $fh;
END { unlink $file; }
EXPECT
syswrite() isn't allowed on :utf8 handles at - line 5.
+########
+# NAME readline() didn't scalar() its argument
+# this would assert rather than failing on the method call
+E{0;readline@0}
+EXPECT
+Can't call method "E" without a package or object reference at - line 2.
--
2.20.1

8
perl.spec
View File

@ -197,6 +197,10 @@ Patch30: perl-5.31.0-perl-133936-ensure-TO-is-honoured-for-UDP-sock-send.
Patch31: perl-5.31.0-perl-133936-document-differences-between-IO-Socket-a.patch
Patch32: perl-5.31.0-perl-133936-make-send-a-bit-saner.patch
# Fix a stack underflow in readline() if passed an empty array as an argument,
# RT133989, fixed after 5.31.0
Patch33: perl-5.31.0-perl-133989-scalar-the-argument-to-readline-if-any.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2747,6 +2751,7 @@ Perl extension for Version Objects
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch200 -p1
%patch201 -p1
@ -2786,6 +2791,7 @@ perl -x patchlevel.h \
'Fedora Patch30: Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)' \
'Fedora Patch31: Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)' \
'Fedora Patch32: Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)' \
'Fedora Patch33: Fix a stack underflow in readline() if passed an empty array as an argument (#RT133989)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@ -5046,6 +5052,8 @@ popd
- Improve retrieving a scalar value of a variable modified in a signal handler
(RT#134035)
- Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)
- Fix a stack underflow in readline() if passed an empty array as an argument
(#RT133989)
* Tue Jun 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.30.0-439
- Define %%perl_vendor*, %%perl_archlib, %%perl_privlib, because in rpm