Prevent long jumps from clobbering local variables

This commit is contained in:
Petr Písař 2019-01-15 09:09:56 +01:00
parent 7f49d3b6d7
commit f526e67959
2 changed files with 118 additions and 0 deletions

View File

@ -0,0 +1,111 @@
From 35ad0133df9b65a4e32f2f07a2a05b387bd79591 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Thu, 3 Jan 2019 10:48:05 +1100
Subject: [PATCH] (perl #133575) prevent set/longjmp clobbering locals in
S_fold_constants
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
My original approach moved the whole switch into the new function,
but that was a lot messier, and I don't think it's necessary.
pad_swipe() can throw, but only for panics, and in DESTROY if
refadjust is true, which isn't the case here.
CLEAR_ERRSV() might throw if the code called by CALLRUNOPS()
puts an object that dies in DESTROY in $@, but I think that
might cause an infinite loop in the original code.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
op.c | 32 ++++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/op.c b/op.c
index 146407ba70..0b46b348cb 100644
--- a/op.c
+++ b/op.c
@@ -5464,15 +5464,34 @@ S_op_integerize(pTHX_ OP *o)
return o;
}
+/* This function exists solely to provide a scope to limit
+ setjmp/longjmp() messing with auto variables.
+ */
+PERL_STATIC_INLINE int
+S_fold_constants_eval(pTHX) {
+ int ret = 0;
+ dJMPENV;
+
+ JMPENV_PUSH(ret);
+
+ if (ret == 0) {
+ CALLRUNOPS(aTHX);
+ }
+
+ JMPENV_POP;
+
+ return ret;
+}
+
static OP *
S_fold_constants(pTHX_ OP *const o)
{
dVAR;
- OP * volatile curop;
+ OP *curop;
OP *newop;
- volatile I32 type = o->op_type;
+ I32 type = o->op_type;
bool is_stringify;
- SV * volatile sv = NULL;
+ SV *sv = NULL;
int ret = 0;
OP *old_next;
SV * const oldwarnhook = PL_warnhook;
@@ -5480,7 +5499,6 @@ S_fold_constants(pTHX_ OP *const o)
COP not_compiling;
U8 oldwarn = PL_dowarn;
I32 old_cxix;
- dJMPENV;
PERL_ARGS_ASSERT_FOLD_CONSTANTS;
@@ -5582,15 +5600,15 @@ S_fold_constants(pTHX_ OP *const o)
assert(IN_PERL_RUNTIME);
PL_warnhook = PERL_WARNHOOK_FATAL;
PL_diehook = NULL;
- JMPENV_PUSH(ret);
/* Effective $^W=1. */
if ( ! (PL_dowarn & G_WARN_ALL_MASK))
PL_dowarn |= G_WARN_ON;
+ ret = S_fold_constants_eval(aTHX);
+
switch (ret) {
case 0:
- CALLRUNOPS(aTHX);
sv = *(PL_stack_sp--);
if (o->op_targ && sv == PAD_SV(o->op_targ)) { /* grab pad temp? */
pad_swipe(o->op_targ, FALSE);
@@ -5608,7 +5626,6 @@ S_fold_constants(pTHX_ OP *const o)
o->op_next = old_next;
break;
default:
- JMPENV_POP;
/* Don't expect 1 (setjmp failed) or 2 (something called my_exit) */
PL_warnhook = oldwarnhook;
PL_diehook = olddiehook;
@@ -5616,7 +5633,6 @@ S_fold_constants(pTHX_ OP *const o)
* the stack - eg any nested evals */
Perl_croak(aTHX_ "panic: fold_constants JMPENV_PUSH returned %d", ret);
}
- JMPENV_POP;
PL_dowarn = oldwarn;
PL_warnhook = oldwarnhook;
PL_diehook = olddiehook;
--
2.17.2

View File

@ -239,6 +239,10 @@ Patch47: perl-5.29.6-perl-132158-abort-compilation-if-we-see-an-error-com
# in upstream after 5.29.6 # in upstream after 5.29.6
Patch48: perl-5.29.6-regen-warnings.pl-Fix-undefined-C-behavior.patch Patch48: perl-5.29.6-regen-warnings.pl-Fix-undefined-C-behavior.patch
# Prevent long jumps from clobbering local variables, RT#133575,
# in upstream after 5.29.6
Patch49: perl-5.29.6-perl-133575-prevent-set-longjmp-clobbering-locals-in.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2841,6 +2845,7 @@ Perl extension for Version Objects
%patch46 -p1 %patch46 -p1
%patch47 -p1 %patch47 -p1
%patch48 -p1 %patch48 -p1
%patch49 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
@ -2883,6 +2888,7 @@ perl -x patchlevel.h \
'Fedora Patch45: Fix first eof() return value (RT#133721)' \ 'Fedora Patch45: Fix first eof() return value (RT#133721)' \
'Fedora Patch47: Fix a crash when compiling a malformed form (RT#132158)' \ 'Fedora Patch47: Fix a crash when compiling a malformed form (RT#132158)' \
'Fedora Patch48: Fix un undefined C behavior in NULL pointer arithmetics (RT#133223)' \ 'Fedora Patch48: Fix un undefined C behavior in NULL pointer arithmetics (RT#133223)' \
'Fedora Patch49: Prevent long jumps from clobbering local variables (RT#133575)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil} %{nil}
@ -5178,6 +5184,7 @@ popd
- Fix first eof() return value (RT#133721) - Fix first eof() return value (RT#133721)
- Fix a crash when compiling a malformed form (RT#132158) - Fix a crash when compiling a malformed form (RT#132158)
- Fix un undefined C behavior in NULL pointer arithmetics (RT#133223) - Fix un undefined C behavior in NULL pointer arithmetics (RT#133223)
- Prevent long jumps from clobbering local variables (RT#133575)
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-429 * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4:5.28.1-429
- Rebuilt for libcrypt.so.2 (#1666033) - Rebuilt for libcrypt.so.2 (#1666033)