74 lines
2.5 KiB
Diff
74 lines
2.5 KiB
Diff
From 657ed7c1c190e7fad1bac2979944d07245bbeea4 Mon Sep 17 00:00:00 2001
|
|
From: David Mitchell <davem@iabyn.com>
|
|
Date: Tue, 26 Mar 2019 08:56:55 +0000
|
|
Subject: [PATCH] fix leak in package name lookup
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
S_parse_gv_stash_name() mallocs a temporary buffer when scanning package
|
|
names longer than 64 bytes. Depending on how it exits the function, it
|
|
doesn't always free the buffer afterwards. Change the function so that
|
|
there are only two exit points (which free the buffer) and make other bits
|
|
of code goto those two points.
|
|
|
|
Can be reproduced with e.g.
|
|
|
|
&{"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'x"}
|
|
|
|
Similar code is already present in t/op/stash_parse_gv.t
|
|
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
gv.c | 13 +++++++++----
|
|
1 file changed, 9 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/gv.c b/gv.c
|
|
index ae7f2aa422..61085f5c53 100644
|
|
--- a/gv.c
|
|
+++ b/gv.c
|
|
@@ -1636,7 +1636,7 @@ S_parse_gv_stash_name(pTHX_ HV **stash, GV **gv, const char **name,
|
|
if (!*stash)
|
|
*stash = PL_defstash;
|
|
if (!*stash || !SvREFCNT(*stash)) /* symbol table under destruction */
|
|
- return FALSE;
|
|
+ goto notok;
|
|
|
|
*len = name_cursor - *name;
|
|
if (name_cursor > nambeg) { /* Skip for initial :: or ' */
|
|
@@ -1666,7 +1666,7 @@ S_parse_gv_stash_name(pTHX_ HV **stash, GV **gv, const char **name,
|
|
*gv = gvp ? *gvp : NULL;
|
|
if (!*gv || *gv == (const GV *)&PL_sv_undef) {
|
|
Safefree(tmpfullbuf); /* free our tmpfullbuf if it was used */
|
|
- return FALSE;
|
|
+ goto notok;
|
|
}
|
|
/* here we know that *gv && *gv != &PL_sv_undef */
|
|
if (SvTYPE(*gv) != SVt_PVGV)
|
|
@@ -1707,15 +1707,20 @@ S_parse_gv_stash_name(pTHX_ HV **stash, GV **gv, const char **name,
|
|
MUTABLE_HV(SvREFCNT_inc_simple(PL_defstash));
|
|
}
|
|
}
|
|
- Safefree(tmpfullbuf); /* free our tmpfullbuf if it was used */
|
|
- return TRUE;
|
|
+ goto ok;
|
|
}
|
|
}
|
|
}
|
|
*len = name_cursor - *name;
|
|
+ ok:
|
|
+ Safefree(tmpfullbuf); /* free our tmpfullbuf if it was used */
|
|
return TRUE;
|
|
+ notok:
|
|
+ Safefree(tmpfullbuf); /* free our tmpfullbuf if it was used */
|
|
+ return FALSE;
|
|
}
|
|
|
|
+
|
|
/* Checks if an unqualified name is in the main stash */
|
|
PERL_STATIC_INLINE bool
|
|
S_gv_is_in_main(pTHX_ const char *name, STRLEN len, const U32 is_utf8)
|
|
--
|
|
2.20.1
|
|
|