Prevent long jumps from clobbering local variables
This commit is contained in:
		
							parent
							
								
									7f49d3b6d7
								
							
						
					
					
						commit
						f526e67959
					
				| @ -0,0 +1,111 @@ | ||||
| From 35ad0133df9b65a4e32f2f07a2a05b387bd79591 Mon Sep 17 00:00:00 2001 | ||||
| From: Tony Cook <tony@develop-help.com> | ||||
| Date: Thu, 3 Jan 2019 10:48:05 +1100 | ||||
| Subject: [PATCH] (perl #133575) prevent set/longjmp clobbering locals in | ||||
|  S_fold_constants | ||||
| MIME-Version: 1.0 | ||||
| Content-Type: text/plain; charset=UTF-8 | ||||
| Content-Transfer-Encoding: 8bit | ||||
| 
 | ||||
| My original approach moved the whole switch into the new function, | ||||
| but that was a lot messier, and I don't think it's necessary. | ||||
| 
 | ||||
| pad_swipe() can throw, but only for panics, and in DESTROY if | ||||
| refadjust is true, which isn't the case here. | ||||
| 
 | ||||
| CLEAR_ERRSV() might throw if the code called by CALLRUNOPS() | ||||
| puts an object that dies in DESTROY in $@, but I think that | ||||
| might cause an infinite loop in the original code. | ||||
| 
 | ||||
| Signed-off-by: Petr Písař <ppisar@redhat.com> | ||||
| ---
 | ||||
|  op.c | 32 ++++++++++++++++++++++++-------- | ||||
|  1 file changed, 24 insertions(+), 8 deletions(-) | ||||
| 
 | ||||
| diff --git a/op.c b/op.c
 | ||||
| index 146407ba70..0b46b348cb 100644
 | ||||
| --- a/op.c
 | ||||
| +++ b/op.c
 | ||||
| @@ -5464,15 +5464,34 @@ S_op_integerize(pTHX_ OP *o)
 | ||||
|      return o; | ||||
|  } | ||||
|   | ||||
| +/* This function exists solely to provide a scope to limit
 | ||||
| +   setjmp/longjmp() messing with auto variables.
 | ||||
| + */
 | ||||
| +PERL_STATIC_INLINE int
 | ||||
| +S_fold_constants_eval(pTHX) {
 | ||||
| +    int ret = 0;
 | ||||
| +    dJMPENV;
 | ||||
| +
 | ||||
| +    JMPENV_PUSH(ret);
 | ||||
| +
 | ||||
| +    if (ret == 0) {
 | ||||
| +	CALLRUNOPS(aTHX);
 | ||||
| +    }
 | ||||
| +
 | ||||
| +    JMPENV_POP;
 | ||||
| +
 | ||||
| +    return ret;
 | ||||
| +}
 | ||||
| +
 | ||||
|  static OP * | ||||
|  S_fold_constants(pTHX_ OP *const o) | ||||
|  { | ||||
|      dVAR; | ||||
| -    OP * volatile curop;
 | ||||
| +    OP *curop;
 | ||||
|      OP *newop; | ||||
| -    volatile I32 type = o->op_type;
 | ||||
| +    I32 type = o->op_type;
 | ||||
|      bool is_stringify; | ||||
| -    SV * volatile sv = NULL;
 | ||||
| +    SV *sv = NULL;
 | ||||
|      int ret = 0; | ||||
|      OP *old_next; | ||||
|      SV * const oldwarnhook = PL_warnhook; | ||||
| @@ -5480,7 +5499,6 @@ S_fold_constants(pTHX_ OP *const o)
 | ||||
|      COP not_compiling; | ||||
|      U8 oldwarn = PL_dowarn; | ||||
|      I32 old_cxix; | ||||
| -    dJMPENV;
 | ||||
|   | ||||
|      PERL_ARGS_ASSERT_FOLD_CONSTANTS; | ||||
|   | ||||
| @@ -5582,15 +5600,15 @@ S_fold_constants(pTHX_ OP *const o)
 | ||||
|      assert(IN_PERL_RUNTIME); | ||||
|      PL_warnhook = PERL_WARNHOOK_FATAL; | ||||
|      PL_diehook  = NULL; | ||||
| -    JMPENV_PUSH(ret);
 | ||||
|   | ||||
|      /* Effective $^W=1.  */ | ||||
|      if ( ! (PL_dowarn & G_WARN_ALL_MASK)) | ||||
|  	PL_dowarn |= G_WARN_ON; | ||||
|   | ||||
| +    ret = S_fold_constants_eval(aTHX);
 | ||||
| +
 | ||||
|      switch (ret) { | ||||
|      case 0: | ||||
| -	CALLRUNOPS(aTHX);
 | ||||
|  	sv = *(PL_stack_sp--); | ||||
|  	if (o->op_targ && sv == PAD_SV(o->op_targ)) {	/* grab pad temp? */ | ||||
|  	    pad_swipe(o->op_targ,  FALSE); | ||||
| @@ -5608,7 +5626,6 @@ S_fold_constants(pTHX_ OP *const o)
 | ||||
|  	o->op_next = old_next; | ||||
|  	break; | ||||
|      default: | ||||
| -	JMPENV_POP;
 | ||||
|  	/* Don't expect 1 (setjmp failed) or 2 (something called my_exit)  */ | ||||
|  	PL_warnhook = oldwarnhook; | ||||
|  	PL_diehook  = olddiehook; | ||||
| @@ -5616,7 +5633,6 @@ S_fold_constants(pTHX_ OP *const o)
 | ||||
|  	 * the stack - eg any nested evals */ | ||||
|  	Perl_croak(aTHX_ "panic: fold_constants JMPENV_PUSH returned %d", ret); | ||||
|      } | ||||
| -    JMPENV_POP;
 | ||||
|      PL_dowarn   = oldwarn; | ||||
|      PL_warnhook = oldwarnhook; | ||||
|      PL_diehook  = olddiehook; | ||||
| -- 
 | ||||
| 2.17.2 | ||||
| 
 | ||||
| @ -239,6 +239,10 @@ Patch47:        perl-5.29.6-perl-132158-abort-compilation-if-we-see-an-error-com | ||||
| # in upstream after 5.29.6 | ||||
| Patch48:        perl-5.29.6-regen-warnings.pl-Fix-undefined-C-behavior.patch | ||||
| 
 | ||||
| # Prevent long jumps from clobbering local variables, RT#133575, | ||||
| # in upstream after 5.29.6 | ||||
| Patch49:        perl-5.29.6-perl-133575-prevent-set-longjmp-clobbering-locals-in.patch | ||||
| 
 | ||||
| # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 | ||||
| Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch | ||||
| 
 | ||||
| @ -2841,6 +2845,7 @@ Perl extension for Version Objects | ||||
| %patch46 -p1 | ||||
| %patch47 -p1 | ||||
| %patch48 -p1 | ||||
| %patch49 -p1 | ||||
| %patch200 -p1 | ||||
| %patch201 -p1 | ||||
| 
 | ||||
| @ -2883,6 +2888,7 @@ perl -x patchlevel.h \ | ||||
|     'Fedora Patch45: Fix first eof() return value (RT#133721)' \ | ||||
|     'Fedora Patch47: Fix a crash when compiling a malformed form (RT#132158)' \ | ||||
|     'Fedora Patch48: Fix un undefined C behavior in NULL pointer arithmetics (RT#133223)' \ | ||||
|     'Fedora Patch49: Prevent long jumps from clobbering local variables (RT#133575)' \ | ||||
|     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ | ||||
|     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ | ||||
|     %{nil} | ||||
| @ -5178,6 +5184,7 @@ popd | ||||
| - Fix first eof() return value (RT#133721) | ||||
| - Fix a crash when compiling a malformed form (RT#132158) | ||||
| - Fix un undefined C behavior in NULL pointer arithmetics (RT#133223) | ||||
| - Prevent long jumps from clobbering local variables (RT#133575) | ||||
| 
 | ||||
| * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-429 | ||||
| - Rebuilt for libcrypt.so.2 (#1666033) | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user