perl/perl-5.29.9-Fix-recent-doub...

55 lines
1.8 KiB
Diff

From 06cbc317229e882f379e75eb3adf7cf9c071febd Mon Sep 17 00:00:00 2001
From: David Mitchell <davem@iabyn.com>
Date: Wed, 3 Apr 2019 11:06:22 +0100
Subject: [PATCH] Fix recent double free in S_parse_gv_stash_name()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RT #133977
My recent commit v5.29.9-29-g657ed7c1c1 moved all buffer freeing to
the end of the function, but missed removing one of the existing frees.
The problem was spotted by James E Keenan and diagnosed by Tony Cook; I just
added a test.
A simple reproducer is
my $def = defined *{"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'x"};
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
gv.c | 1 -
t/op/stash_parse_gv.t | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/gv.c b/gv.c
index 61085f5c53..3b8759e88a 100644
--- a/gv.c
+++ b/gv.c
@@ -1665,7 +1665,6 @@ S_parse_gv_stash_name(pTHX_ HV **stash, GV **gv, const char **name,
gvp = (GV**)hv_fetch(*stash, key, is_utf8 ? -((I32)*len) : (I32)*len, add);
*gv = gvp ? *gvp : NULL;
if (!*gv || *gv == (const GV *)&PL_sv_undef) {
- Safefree(tmpfullbuf); /* free our tmpfullbuf if it was used */
goto notok;
}
/* here we know that *gv && *gv != &PL_sv_undef */
diff --git a/t/op/stash_parse_gv.t b/t/op/stash_parse_gv.t
index 05694ca8ce..bd9e95cf37 100644
--- a/t/op/stash_parse_gv.t
+++ b/t/op/stash_parse_gv.t
@@ -23,7 +23,7 @@ foreach my $t (@tests) {
my ( $sub, $name ) = @$t;
fresh_perl_is(
- qq[sub $sub { print qq[ok\n]} &{"$sub"} ],
+ qq[sub $sub { print qq[ok\n]} &{"$sub"}; my \$d = defined *{"foo$sub"} ],
q[ok],
{ switches => ['-w'] },
$name
--
2.20.1