From 2a293b37996e3ccd2fdfcbafa0d1a9460b5bd599 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar(a)redhat.com>
Date: Mon, 28 Nov 2016 13:42:21 +0100
Subject: Fix crash in Storable when deserializing malformed code reference
---
perl-5.25.7-Fix-Storable-segfaults.patch | 61 ++++++++++++++++++++++++++++++++
perl.spec | 12 ++++++-
2 files changed, 72 insertions(+), 1 deletion(-)
create mode 100644 perl-5.25.7-Fix-Storable-segfaults.patch
diff --git a/perl-5.25.7-Fix-Storable-segfaults.patch
b/perl-5.25.7-Fix-Storable-segfaults.patch
new file mode 100644
index 0000000..8934a13
--- /dev/null
+++ b/perl-5.25.7-Fix-Storable-segfaults.patch
@@ -0,0 +1,61 @@
+From fecd3be8dbdb747b9cbf4cbb9299ce40faabc8e6 Mon Sep 17 00:00:00 2001
+From: John Lightsey <lightsey(a)debian.org>
+Date: Mon, 14 Nov 2016 11:56:15 +0100
+Subject: [PATCH] Fix Storable segfaults.
+
+Fix a null pointed dereference segfault in storable when the
+retrieve_code logic was unable to read the string that contained
+the code.
+
+Also fix several locations where retrieve_other was called with a
+null context pointer. This also resulted in a null pointer
+dereference.
+---
+ dist/Storable/Storable.xs | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
+index 053951c..caa489c 100644
+--- a/dist/Storable/Storable.xs
++++ b/dist/Storable/Storable.xs
+@@ -5647,6 +5647,10 @@ static SV *retrieve_code(pTHX_ stcxt_t *cxt, const char *cname)
+ CROAK(("Unexpected type %d in retrieve_code\n", type));
+ }
+
++ if (!text) {
++ CROAK(("Unable to retrieve code\n"));
++ }
++
+ /*
+ * prepend "sub " to the source
+ */
+@@ -5767,7 +5771,7 @@ static SV *old_retrieve_array(pTHX_ stcxt_t *cxt, const char
*cname)
+ continue; /* av_extend() already filled us with undef */
+ }
+ if (c != SX_ITEM)
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
+ TRACEME(("(#%d) item", i));
+ sv = retrieve(aTHX_ cxt, 0); /* Retrieve item */
+ if (!sv)
+@@ -5844,7 +5848,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char
*cname)
+ if (!sv)
+ return (SV *) 0;
+ } else
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
+
+ /*
+ * Get key.
+@@ -5855,7 +5859,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char
*cname)
+
+ GETMARK(c);
+ if (c != SX_KEY)
+- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
++ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
+ RLEN(size); /* Get key size */
+ KBUFCHK((STRLEN)size); /* Grow hash key read pool if needed */
+ if (size)
+--
+2.10.2
+
diff --git a/perl.spec b/perl.spec
index faad7f7..93fc725 100644
--- a/perl.spec
+++ b/perl.spec
@@ -28,7 +28,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken
otherwise
-Release: 380%{?dist}
+Release: 381%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -219,6 +219,10 @@ Patch57:
perl-5.25.6-perl-130001-h2xs-avoid-infinite-loop-for-enums.patch
# in upstream after 5.25.6
Patch58: perl-5.24.0-perl-129130-make-chdir-allocate-the-stack-it-needs.patch
+# Fix crash in Storable when deserializing malformed code reference, RT#68348,
+# RT130098
+Patch59: perl-5.25.7-Fix-Storable-segfaults.patch
+
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -2903,6 +2907,7 @@ Perl extension for Version Objects
%patch56 -p1
%patch57 -p1
%patch58 -p1
+%patch59 -p1
%patch200 -p1
%patch201 -p1
@@ -2952,6 +2957,7 @@ perl -x patchlevel.h \
'Fedora Patch56: Fix firstchar bitmap under UTF-8 with prefix optimization
(RT#129950)' \
'Fedora Patch57: Avoid infinite loop in h2xs tool if enum and type have the same
name (RT130001)' \
'Fedora Patch58: Fix stack handling when calling chdir without an argument
(RT#129130)' \
+ 'Fedora Patch59: Fix crash in Storable when deserializing malformed code
reference (RT#68348, RT#130098)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux'
\
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil}
@@ -5230,6 +5236,10 @@ popd
# Old changelog entries are preserved in CVS.
%changelog
+* Mon Nov 28 2016 Petr Pisar <ppisar(a)redhat.com> - 4:5.24.0-381
+- Fix crash in Storable when deserializing malformed code reference
+ (RT#68348, RT#130098)
+
* Wed Nov 09 2016 Petr Pisar <ppisar(a)redhat.com> - 4:5.24.0-380
- Tie perl-Errno release to interpreter build because of kernel version check
(bug #1393421)
--
cgit v0.12
http://pkgs.fedoraproject.org/cgit/perl.git/commit/?h=master&id=2a293...