From 0cefeca1fd2405ad1b5544a3919e0000377fde5e Mon Sep 17 00:00:00 2001 From: Tony Cook Date: Tue, 21 Feb 2017 16:38:36 +1100 Subject: [PATCH] (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ported to 5.24.1: commit 853eb961c1a3b014b5a9510740abc15ccd4383b6 Author: Tony Cook Date: Tue Feb 21 16:38:36 2017 +1100 (perl #130822) fix an AV leak in Perl_reg_named_buff_fetch Originally noted as a scoping issue by Andy Lester. Signed-off-by: Petr Písař --- regcomp.c | 5 +---- t/op/svleak.t | 12 +++++++++++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/regcomp.c b/regcomp.c index 6329f6c..989c528 100644 --- a/regcomp.c +++ b/regcomp.c @@ -7849,21 +7849,18 @@ SV* Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv, const U32 flags) { - AV *retarray = NULL; SV *ret; struct regexp *const rx = ReANY(r); PERL_ARGS_ASSERT_REG_NAMED_BUFF_FETCH; - if (flags & RXapif_ALL) - retarray=newAV(); - if (rx && RXp_PAREN_NAMES(rx)) { HE *he_str = hv_fetch_ent( RXp_PAREN_NAMES(rx), namesv, 0, 0 ); if (he_str) { IV i; SV* sv_dat=HeVAL(he_str); I32 *nums=(I32*)SvPVX(sv_dat); + AV * const retarray = (flags & RXapif_ALL) ? newAV() : NULL; for ( i=0; inparens) >= nums[i] && rx->offs[nums[i]].start != -1 diff --git a/t/op/svleak.t b/t/op/svleak.t index b0692ff..eeea7c1 100644 --- a/t/op/svleak.t +++ b/t/op/svleak.t @@ -15,7 +15,7 @@ BEGIN { use Config; -plan tests => 133; +plan tests => 134; # run some code N times. If the number of SVs at the end of loop N is # greater than (N-1)*delta at the end of loop 1, we've got a leak @@ -557,3 +557,13 @@ EOF sub lk { { my $d = $op->hints_hash->HASH } } ::leak(3, 0, \&lk, q!B::RHE->HASH shoudln't leak!); } + +{ + # Perl_reg_named_buff_fetch() leaks an AV when called with an RE + # with no named captures + sub named { + "x" =~ /x/; + re::regname("foo", 1); + } + ::leak(2, 0, \&named, "Perl_reg_named_buff_fetch() on no-name RE"); +} -- 2.7.4