From ff39d4935a5d7941d7edf72ae9407e613f7f4c95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Mon, 2 Sep 2019 09:40:10 +0200 Subject: [PATCH] Do not interpret 0x and 0b prefixes when numifying strings --- ...t-interpret-0x-0b-when-numifying-str.patch | 57 +++++++++++++++++++ perl.spec | 7 +++ 2 files changed, 64 insertions(+) create mode 100644 perl-5.31.3-perl-134230-don-t-interpret-0x-0b-when-numifying-str.patch diff --git a/perl-5.31.3-perl-134230-don-t-interpret-0x-0b-when-numifying-str.patch b/perl-5.31.3-perl-134230-don-t-interpret-0x-0b-when-numifying-str.patch new file mode 100644 index 0000000..b7cd756 --- /dev/null +++ b/perl-5.31.3-perl-134230-don-t-interpret-0x-0b-when-numifying-str.patch @@ -0,0 +1,57 @@ +From 14d26b44a1d7eee67837ec0ea8fb0368ac6fe33e Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Tue, 20 Aug 2019 15:43:05 +1000 +Subject: [PATCH] (perl #134230) don't interpret 0x, 0b when numifying strings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Petr Písař +--- + numeric.c | 9 +++++++++ + t/op/int.t | 5 ++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/numeric.c b/numeric.c +index f5eadc8173..fae2eb3c6d 100644 +--- a/numeric.c ++++ b/numeric.c +@@ -1551,6 +1551,15 @@ Perl_my_atof3(pTHX_ const char* orig, NV* value, const STRLEN len) + if ((endp = S_my_atof_infnan(aTHX_ s, negative, send, value))) + return endp; + ++ /* strtold() accepts 0x-prefixed hex and in POSIX implementations, ++ 0b-prefixed binary numbers, which is backward incompatible ++ */ ++ if ((len == 0 || len >= 2) && *s == '0' && ++ (isALPHA_FOLD_EQ(s[1], 'x') || isALPHA_FOLD_EQ(s[1], 'b'))) { ++ *value = 0; ++ return (char *)s+1; ++ } ++ + /* If the length is passed in, the input string isn't NUL-terminated, + * and in it turns out the function below assumes it is; therefore we + * create a copy and NUL-terminate that */ +diff --git a/t/op/int.t b/t/op/int.t +index 7e936da68d..b730ab2672 100644 +--- a/t/op/int.t ++++ b/t/op/int.t +@@ -7,7 +7,7 @@ BEGIN { + require Config; + } + +-plan 17; ++plan 19; + + # compile time evaluation + +@@ -83,3 +83,6 @@ SKIP: + cmp_ok($x, "==", int($x), "check $x == int($x)"); + } + } ++ ++is(1+"0x10", 1, "check string '0x' prefix not treated as hex"); ++is(1+"0b10", 1, "check string '0b' prefix not treated as binary"); +-- +2.21.0 + diff --git a/perl.spec b/perl.spec index a9da8ff..f51ff2a 100644 --- a/perl.spec +++ b/perl.spec @@ -271,6 +271,10 @@ Patch54: perl-5.31.3-regcomp.c-Fix-wrong-limit-test.patch # a regular expression, RT#134133, fixed after 5.31.3 Patch55: perl-5.31.3-PATCH-perl-134133-read-beyond-end-of-buffer.patch +# Do not interpret 0x and 0b prefixes when numifying strings, RT#134230, +# fixed after 5.31.3 +Patch56: perl-5.31.3-perl-134230-don-t-interpret-0x-0b-when-numifying-str.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2848,6 +2852,7 @@ Perl extension for Version Objects %patch53 -p1 %patch54 -p1 %patch55 -p1 +%patch56 -p1 %patch200 -p1 %patch201 -p1 @@ -2910,6 +2915,7 @@ perl -x patchlevel.h \ 'Fedora Patch53: Do not run File-Find tests in parallel' \ 'Fedora Patch54: Fix parsing a Unicode property name when compiling a regular expression' \ 'Fedora Patch55: Fix a buffer overread when parsing a Unicode property while compiling a regular expression (RT#134133)' \ + 'Fedora Patch56: Do not interpret 0x and 0b prefixes when numifying strings (RT#134230)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5160,6 +5166,7 @@ popd - Fix parsing a Unicode property name when compiling a regular expression - Fix a buffer overread when parsing a Unicode property while compiling a regular expression (RT#134133) +- Do not interpret 0x and 0b prefixes when numifying strings (RT#134230) * Thu Aug 22 2019 Petr Pisar - 4:5.30.0-444 - Fix a NULL pointer dereference in PerlIOVia_pushed()