From f41c4accda05faa285e8b52b68fadc3cb35a1a15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Tue, 25 Jun 2019 17:08:33 +0200 Subject: [PATCH] Fix a stack underflow in readline() if passed an empty array as an argument --- ...alar-the-argument-to-readline-if-any.patch | 47 +++++++++++++++++++ perl.spec | 8 ++++ 2 files changed, 55 insertions(+) create mode 100644 perl-5.31.0-perl-133989-scalar-the-argument-to-readline-if-any.patch diff --git a/perl-5.31.0-perl-133989-scalar-the-argument-to-readline-if-any.patch b/perl-5.31.0-perl-133989-scalar-the-argument-to-readline-if-any.patch new file mode 100644 index 0000000..902068b --- /dev/null +++ b/perl-5.31.0-perl-133989-scalar-the-argument-to-readline-if-any.patch @@ -0,0 +1,47 @@ +From a8e0c1fd5ade7c30aa0782f1aea274ef89190f6d Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Wed, 12 Jun 2019 15:21:47 +1000 +Subject: [PATCH] (perl #133989) scalar() the argument to readline, if any +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +C< readline @foo > would treat @foo as array. If the array was empty +this would push zero items and readline() would then pop one item, +possibly underflowing the stack. + +Signed-off-by: Petr Písař +--- + op.c | 1 + + t/lib/croak/pp_sys | 6 ++++++ + 2 files changed, 7 insertions(+) + +diff --git a/op.c b/op.c +index 6ad192307f..7aa002cadd 100644 +--- a/op.c ++++ b/op.c +@@ -12142,6 +12142,7 @@ Perl_ck_readline(pTHX_ OP *o) + if (o->op_flags & OPf_KIDS) { + OP *kid = cLISTOPo->op_first; + if (kid->op_type == OP_RV2GV) kid->op_private |= OPpALLOW_FAKE; ++ scalar(kid); + } + else { + OP * const newop +diff --git a/t/lib/croak/pp_sys b/t/lib/croak/pp_sys +index be100da27a..cf9e4ef0ed 100644 +--- a/t/lib/croak/pp_sys ++++ b/t/lib/croak/pp_sys +@@ -93,3 +93,9 @@ close $fh; + END { unlink $file; } + EXPECT + syswrite() isn't allowed on :utf8 handles at - line 5. ++######## ++# NAME readline() didn't scalar() its argument ++# this would assert rather than failing on the method call ++E{0;readline@0} ++EXPECT ++Can't call method "E" without a package or object reference at - line 2. +-- +2.20.1 + diff --git a/perl.spec b/perl.spec index 498caf9..0cd8d16 100644 --- a/perl.spec +++ b/perl.spec @@ -197,6 +197,10 @@ Patch30: perl-5.31.0-perl-133936-ensure-TO-is-honoured-for-UDP-sock-send. Patch31: perl-5.31.0-perl-133936-document-differences-between-IO-Socket-a.patch Patch32: perl-5.31.0-perl-133936-make-send-a-bit-saner.patch +# Fix a stack underflow in readline() if passed an empty array as an argument, +# RT133989, fixed after 5.31.0 +Patch33: perl-5.31.0-perl-133989-scalar-the-argument-to-readline-if-any.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2747,6 +2751,7 @@ Perl extension for Version Objects %patch30 -p1 %patch31 -p1 %patch32 -p1 +%patch33 -p1 %patch200 -p1 %patch201 -p1 @@ -2786,6 +2791,7 @@ perl -x patchlevel.h \ 'Fedora Patch30: Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)' \ 'Fedora Patch31: Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)' \ 'Fedora Patch32: Fix changing packet destination sent from a UDP IO::Socket object (RT#133936)' \ + 'Fedora Patch33: Fix a stack underflow in readline() if passed an empty array as an argument (#RT133989)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5046,6 +5052,8 @@ popd - Improve retrieving a scalar value of a variable modified in a signal handler (RT#134035) - Fix changing packet destination sent from a UDP IO::Socket object (RT#133936) +- Fix a stack underflow in readline() if passed an empty array as an argument + (#RT133989) * Tue Jun 11 2019 Jitka Plesnikova - 4:5.30.0-439 - Define %%perl_vendor*, %%perl_archlib, %%perl_privlib, because in rpm