From 7424509585e364eb44966acc39edfa4171a02eeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 8 Aug 2019 12:19:03 +0200 Subject: [PATCH] Fix array length check in a store hook --- ....16-Storable-make-count-large-enough.patch | 53 +++++++++++++++++++ perl-Storable.spec | 8 ++- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 Storable-3.16-Storable-make-count-large-enough.patch diff --git a/Storable-3.16-Storable-make-count-large-enough.patch b/Storable-3.16-Storable-make-count-large-enough.patch new file mode 100644 index 0000000..b2b5b40 --- /dev/null +++ b/Storable-3.16-Storable-make-count-large-enough.patch @@ -0,0 +1,53 @@ +From f7724052d1b8b75339f5ec2cc3d5b35ca5d130b5 Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Wed, 7 Aug 2019 11:13:53 +1000 +Subject: [PATCH] Storable: make count large enough +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +AvARRAY() could be very large, and we check for that at line 3807, +but int was (potentially) too small to make that comparison +meaningful. + +CID 174681. + +Signed-off-by: Petr Písař +--- + dist/Storable/Storable.xs | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs +index 6a45d8adf2..d75125b839 100644 +--- a/dist/Storable/Storable.xs ++++ b/dist/Storable/Storable.xs +@@ -3662,7 +3662,7 @@ static int store_hook( + SV *ref; + AV *av; + SV **ary; +- int count; /* really len3 + 1 */ ++ IV count; /* really len3 + 1 */ + unsigned char flags; + char *pv; + int i; +@@ -3752,7 +3752,7 @@ static int store_hook( + SvREFCNT_dec(ref); /* Reclaim temporary reference */ + + count = AvFILLp(av) + 1; +- TRACEME(("store_hook, array holds %d items", count)); ++ TRACEME(("store_hook, array holds %" IVdf " items", count)); + + /* + * If they return an empty list, it means they wish to ignore the +@@ -3986,7 +3986,7 @@ static int store_hook( + */ + + TRACEME(("SX_HOOK (recursed=%d) flags=0x%x " +- "class=%" IVdf " len=%" IVdf " len2=%" IVdf " len3=%d", ++ "class=%" IVdf " len=%" IVdf " len2=%" IVdf " len3=%" IVdf, + recursed, flags, (IV)classnum, (IV)len, (IV)len2, count-1)); + + /* SX_HOOK [] */ +-- +2.20.1 + diff --git a/perl-Storable.spec b/perl-Storable.spec index 9528370..589dd28 100644 --- a/perl-Storable.spec +++ b/perl-Storable.spec @@ -1,7 +1,7 @@ Name: perl-Storable Epoch: 1 Version: 3.15 -Release: 440%{?dist} +Release: 441%{?dist} Summary: Persistence for Perl data structures # __Storable__.pm: GPL+ or Artistic License: GPL+ or Artistic @@ -10,6 +10,8 @@ Source0: https://cpan.metacpan.org/authors/id/X/XS/XSAWYERX/Storable-%{ve # Fix deep cloning regular expression objects, RT#134179, # in Perl upstream after 5.31.0 Patch0: Storable-3.15-perl-134179-include-regexps-in-the-seen-objects-tabl.patch +# Fix array length check in a store hook, in Perl upstream after 5.31.2 +Patch1: Storable-3.16-Storable-make-count-large-enough.patch BuildRequires: gcc BuildRequires: make BuildRequires: perl-devel @@ -70,6 +72,7 @@ can be conveniently stored to disk and retrieved at a later time. %prep %setup -q -n Storable-%{version} %patch0 -p3 +%patch1 -p3 %build perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1 OPTIMIZE="$RPM_OPT_FLAGS" @@ -92,6 +95,9 @@ make test %{_mandir}/man3/* %changelog +* Thu Aug 08 2019 Petr Pisar - 1:3.15-441 +- Fix array length check in a store hook + * Fri Jul 26 2019 Fedora Release Engineering - 1:3.15-440 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild