Fix a memory leak when cloning a regular expression

perl-5.29.9-fix-leak-in-cloned-regexes.patch

@@ -0,0 +1,59 @@
+From 75bb5aa48dfcf930533cd069393fc8a45e4ece18 Mon Sep 17 00:00:00 2001
+From: David Mitchell <davem@iabyn.com>
+Date: Fri, 22 Mar 2019 12:31:57 +0000
+Subject: [PATCH] fix leak in cloned regexes.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When a regex is cloned for a new thread, the string buffer (which holds
+the text of the original pattern) wasn't being freed because SvLEN was
+being set to 0.
+
+For example:
+
+    use threads;
+    my $r = qr/abc/;
+    threads->new( sub { 1; })->join;
+
+In the new thread, $r is cloned  but when the thread exits, the string
+buffer holding "(?^:abc)" was leaking.
+
+This was broken by v5.27.2-30-gdf6b4bd565.
+
+The problem was that in the cloned SV, the buffer was copied, but the
+SvLEN(sv) was left set at zero, which along with the SVf_FAKE, mader it
+look like the buffer was alien and so not freed.
+
+SvLEN was 0 in the parent thread's $r, since $r and its compile-time
+prototype share the same string buffer (so only the original SV has
+SvLEN > 0 - all the copies - within the same thread - have mother_re
+pointing to the original).
+
+When REs are cloned into another thread, mother_re isn't preserved,
+so each RE has its own copy of the buffer.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ regcomp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 547b9113e3..15783541a4 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -20956,6 +20956,11 @@ Perl_re_dup_guts(pTHX_ const REGEXP *sstr, REGEXP *dstr, CLONE_PARAMS *param)
+ 	       2: something we no longer hold a reference on
+ 	       so we need to copy it locally.  */
+     RX_WRAPPED(dstr) = SAVEPVN(RX_WRAPPED_const(sstr), SvCUR(sstr)+1);
++    /* set malloced length to a non-zero value so it will be freed
++     * (otherwise in combination with SVf_FAKE it looks like an alien
++     * buffer). It doesn't have to be the actual malloced size, since it
++     * should never be grown */
++    SvLEN_set(dstr, SvCUR(sstr)+1);
+     ret->mother_re   = NULL;
+ }
+ #endif /* PERL_IN_XSUB_RE */
+-- 
+2.20.1
+

perl.spec

@@ -276,6 +276,9 @@ Patch59:        perl-5.28.1-PATCH-perl-133880-assertion-failure.patch
 # in upstream after 5.29.9
 Patch60:        perl-5.28.1-Fix-POSIX-mblen-mbstate_t-initialization-on-threaded.patch
 
+# Fix a memory leak when cloning a regular expression, in upstream after 5.29.9
+Patch61:        perl-5.29.9-fix-leak-in-cloned-regexes.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2892,6 +2895,7 @@ Perl extension for Version Objects
 %patch58 -p1
 %patch59 -p1
 %patch60 -p1
+%patch61 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2944,6 +2948,7 @@ perl -x patchlevel.h \
     'Fedora Patch58: Fix a buffer overread when handling a scope error in qr/\(?{/ (RT#133879)' \
     'Fedora Patch59: Fix a buffer overread when parsing a regular expression with an unknown character name (RT#133880)' \
     'Fedora Patch60: Fix mbstate_t initialization in POSIX::mblen (RT#133928)' \
+    'Fedora Patch61: Fix a memory leak when cloning a regular expression' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5238,6 +5243,7 @@ popd
 - Fix a buffer overread when parsing a regular expression with an unknown
   character name (RT#133880)
 - Fix mbstate_t initialization in POSIX::mblen (RT#133928)
+- Fix a memory leak when cloning a regular expression
 
 * Tue Mar 05 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-434
 - Add explicit Requires: libxcrypt-devel to devel sub-package (bug #1666098)