From f8b2e6830cbf7e0935fb74e96ddbd7d82e4fd8a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 7 Aug 2019 14:18:37 +0200
Subject: [PATCH] Fix a use after free in debugging output of a collation

---
 ....31.2-locale.c-Stop-Coverity-warning.patch | 48 +++++++++++++++++++
 perl.spec                                     |  7 +++
 2 files changed, 55 insertions(+)
 create mode 100644 perl-5.31.2-locale.c-Stop-Coverity-warning.patch

diff --git a/perl-5.31.2-locale.c-Stop-Coverity-warning.patch b/perl-5.31.2-locale.c-Stop-Coverity-warning.patch
new file mode 100644
index 0000000..352f586
--- /dev/null
+++ b/perl-5.31.2-locale.c-Stop-Coverity-warning.patch
@@ -0,0 +1,48 @@
+From 21dce8f4eb9136875a886371016aa25788f5144f Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Tue, 6 Aug 2019 21:29:22 -0600
+Subject: [PATCH] locale.c: Stop Coverity warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Coverity is right, so re-order these clauses.  This code is executed
+only if some very strange error occurs.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ locale.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/locale.c b/locale.c
+index db83d993de..af7af60038 100644
+--- a/locale.c
++++ b/locale.c
+@@ -4349,11 +4349,6 @@ Perl__mem_collxfrm(pTHX_ const char *input_string,
+     return xbuf;
+ 
+   bad:
+-    Safefree(xbuf);
+-    if (s != input_string) {
+-        Safefree(s);
+-    }
+-    *xlen = 0;
+ 
+ #  ifdef DEBUGGING
+ 
+@@ -4363,6 +4358,12 @@ Perl__mem_collxfrm(pTHX_ const char *input_string,
+ 
+ #  endif
+ 
++    Safefree(xbuf);
++    if (s != input_string) {
++        Safefree(s);
++    }
++    *xlen = 0;
++
+     return NULL;
+ }
+ 
+-- 
+2.20.1
+
diff --git a/perl.spec b/perl.spec
index ed315e6..0d8cf60 100644
--- a/perl.spec
+++ b/perl.spec
@@ -242,6 +242,10 @@ Patch46:        perl-5.31.2-include-a-trailing-0-in-SVs-holding-trie-info.patch
 # Fix a use after free in /(?{...})/, RT#134208, fixed after 5.31.2
 Patch47:        perl-5.31.2-avoid-use-after-free-in.patch
 
+# Fix a use after free in debugging output of a collation,
+# in upstream after 5.31.2
+Patch48:        perl-5.31.2-locale.c-Stop-Coverity-warning.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2811,6 +2815,7 @@ Perl extension for Version Objects
 %patch45 -p1
 %patch46 -p1
 %patch47 -p1
+%patch48 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2865,6 +2870,7 @@ perl -x patchlevel.h \
     'Fedora Patch45: Fix propagating non-string variables in an exception value (RT#134291)' \
     'Fedora Patch46: Include trailing zero in scalars holding trie data (RT#134207)' \
     'Fedora Patch47: Fix a use after free in /(?{...})/ (RT#134208)' \
+    'Fedora Patch48: Fix a use after free in debugging output of a collation' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5114,6 +5120,7 @@ popd
 - Fix propagating non-string variables in an exception value (RT#134291)
 - Include trailing zero in scalars holding trie data (RT#134207)
 - Fix a use after free in /(?{...})/ (RT#134208)
+- Fix a use after free in debugging output of a collation
 
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4:5.30.0-442
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild