rpms/perl
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix a crash on an uninitialized warning when processing a multideref node

Browse Source
This commit is contained in:
Petr Písař 2019-07-17 14:08:59 +02:00
parent 8fa8019ea7
commit 9040dc1ebc
2 changed files with 73 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
perl-5.31.1-avoid-SEGV-with-uninit-warning-with-multideref.patch Normal file
View File

@ -0,0 +1,65 @@
From 28eabf1185634216ca335b3a24e1131b0f392ca1 Mon Sep 17 00:00:00 2001
From: David Mitchell <davem@iabyn.com>
Date: Wed, 10 Jul 2019 12:59:06 +0100
Subject: [PATCH] avoid SEGV with uninit warning with multideref
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RT #134275
When the 'uninitialized warning' code in S_find_uninit_var() comes
across an OP_MULTIDEREF node, it scans it to see if any part of that op
(e.g. the indices or the returned value) could have been the source of
the uninitialized value which triggered the warning. Unfortunately when
getting an AV or HV from a GV, it wasn't checking whether gp_av/gp_hv
contained a NULL value. If so, it would SEGV.
The test code is a bit contrived; you have to "pull the rug" from under
the GV at just the right moment with *foo = *bar, then trigger an uninit
warning on an op whose subtree includes an OP_MULTIDEREF.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
sv.c | 5 ++++-
t/lib/warnings/9uninit | 10 ++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/sv.c b/sv.c
index 83de536ad7..4315fe9b64 100644
--- a/sv.c
+++ b/sv.c
@@ -16662,8 +16662,11 @@ S_find_uninit_var(pTHX_ const OP *const obase, const SV *const uninit_sv,
if (agg_targ)
sv = PAD_SV(agg_targ);
- else if (agg_gv)
+ else if (agg_gv) {
sv = is_hv ? MUTABLE_SV(GvHV(agg_gv)) : MUTABLE_SV(GvAV(agg_gv));
+ if (!sv)
+ break;
+ }
else
break;
diff --git a/t/lib/warnings/9uninit b/t/lib/warnings/9uninit
index 774c6ee432..5c173fdb2a 100644
--- a/t/lib/warnings/9uninit
+++ b/t/lib/warnings/9uninit
@@ -2206,3 +2206,13 @@ use warnings 'uninitialized';
undef $0;
EXPECT
Use of uninitialized value in undef operator at - line 5.
+########
+# RT #134275
+# This was SEGVing due to the multideref code in S_find_uninit_var not
+# handling a GV with a null gp_hv slot.
+use warnings 'uninitialized';
+"" =~ /$foo{a}${*foo=*bar}$x/;
+EXPECT
+Use of uninitialized value in regexp compilation at - line 5.
+Use of uninitialized value in regexp compilation at - line 5.
+Use of uninitialized value $x in regexp compilation at - line 5.
--
2.20.1

8
perl.spec
View File

@ -219,6 +219,10 @@ Patch39: perl-5.31.0-perl-134193-make-the-varname-match-the-names.patch
# be closed, RT#122112, fixed after 5.31.1 # be closed, RT#122112, fixed after 5.31.1
Patch40: perl-5.31.1-perl-122112-make-sure-SIGPIPE-is-delivered-if-we-tes.patch Patch40: perl-5.31.1-perl-122112-make-sure-SIGPIPE-is-delivered-if-we-tes.patch
# Fix a crash on an uninitialized warning when processing a multideref node,
# RT#134275, fixed after 5.31.1
Patch41: perl-5.31.1-avoid-SEGV-with-uninit-warning-with-multideref.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2777,6 +2781,7 @@ Perl extension for Version Objects
%patch38 -p1 %patch38 -p1
%patch39 -p1 %patch39 -p1
%patch40 -p1 %patch40 -p1
%patch41 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
@ -2824,6 +2829,7 @@ perl -x patchlevel.h \
'Fedora Patch38: Fix %%{^CAPTURE} value when used after @{^CAPTURE} (RT#134193)' \ 'Fedora Patch38: Fix %%{^CAPTURE} value when used after @{^CAPTURE} (RT#134193)' \
'Fedora Patch39: Fix %%{^CAPTURE} value when used after @{^CAPTURE} (RT#134193)' \ 'Fedora Patch39: Fix %%{^CAPTURE} value when used after @{^CAPTURE} (RT#134193)' \
'Fedora Patch40: Fix a test for a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \ 'Fedora Patch40: Fix a test for a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \
'Fedora Patch41: Fix a crash on an uninitialized warning when processing a multideref node (RT#134275)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil} %{nil}
@ -5072,6 +5078,8 @@ popd
* Wed Jul 17 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.0-441 * Wed Jul 17 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.0-441
- Fix a test for a crash in SIGALARM handler when waiting on a child process to - Fix a test for a crash in SIGALARM handler when waiting on a child process to
be closed (RT#122112) be closed (RT#122112)
- Fix a crash on an uninitialized warning when processing a multideref node
(RT#134275)
* Tue Jun 25 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.0-440 * Tue Jun 25 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.0-440
- Fix an out-of-buffer read while parsing a Unicode property name (RT#134134) - Fix an out-of-buffer read while parsing a Unicode property name (RT#134134)