[perl/f15] Fix leak with non-matching named captures

Petr Pisar ppisar at fedoraproject.org
Wed Dec 14 15:38:05 UTC 2011 

commit 16955dc39187805ab1480c6466d76448e65f16b6
Author: Petr Písař <ppisar at redhat.com>
Date:   Wed Dec 14 15:28:03 2011 +0100

    Fix leak with non-matching named captures

 ...n-t-leak-memory-when-accessing-named-capt.patch |   52 ++++++++++++++++++++
 perl.spec                                          |   11 ++++-
 2 files changed, 62 insertions(+), 1 deletions(-)
---
diff --git a/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch b/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
new file mode 100644
index 0000000..a3aabb2
--- /dev/null
+++ b/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
@@ -0,0 +1,52 @@
+From 7402016d87474403eea5c52dc2c071f68cbbe25c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= <avar at cpan.org>
+Date: Tue, 13 Dec 2011 14:43:12 +0000
+Subject: [PATCH] [RT #78266] Don't leak memory when accessing named captures
+ that didn't match
+
+Since 5.10 (probably 44a2ac759e) named captures have been leaking
+memory when they're used, don't actually match, but are later
+accessed. E.g.:
+
+    $ perl -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?<capture>bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"'
+      RSS
+    238524
+
+Here we match the "foo" branch of our regex, but since we've used a
+name capture we'll end up running the code in
+Perl_reg_named_buff_fetch, which allocates a newSVsv(&PL_sv_undef) but
+never uses it unless it's trying to return an array.
+
+Just change that code not to allocate scalars we don't plan to
+return. With this fix we don't leak any memory since there's nothing
+to leak anymore.
+
+    $ ./perl -Ilib -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?<capture>bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"'
+      RSS
+     3528
+
+This reverts commit b28f4af8cf94eb18c0cfde71e9625081912499a8 ("Fix
+allocating something in the first place is a better solution than
+allocating it, not using it, and then freeing it.
+
+Petr Pisar: perldelta and wrong fix (commit b28f4af8cf) removed.
+---
+ regcomp.c         |    7 ++-----
+
+diff --git a/regcomp.c b/regcomp.c
+index 9e9fac4..56b2b9c 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -5409,7 +5409,8 @@ Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv,
+                     if (!retarray)
+                         return ret;
+                 } else {
+-                    ret = newSVsv(&PL_sv_undef);
++                    if (retarray)
++                        ret = newSVsv(&PL_sv_undef);
+                 }
+                 if (retarray)
+                     av_push(retarray, ret);
+-- 
+1.7.7.4
+
diff --git a/perl.spec b/perl.spec
index 736070c..bc5c7bb 100644
--- a/perl.spec
+++ b/perl.spec
@@ -20,7 +20,7 @@
 Name:           perl
 Version:        %{perl_version}
 # release number must be even higher, becase dual-lived modules will be broken otherwise
-Release:        163%{?dist}
+Release:        164%{?dist}
 Epoch:          %{perl_epoch}
 Summary:        Practical Extraction and Report Language
 Group:          Development/Languages
@@ -93,6 +93,10 @@ Patch13:        perl-5.14.2-large-repeat-heap-abuse.patch
 # Fix CVE-2011-2728, rhbz#742987, fixed in Perl 5.14.2.
 Patch14:        perl-5.12.4-CVE-2011-2728.patch
 
+# Fix leak with non-matching named captures. rhbz#767597, RT#78266, fixed
+# after 5.14.2.
+Patch15:        perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
+
 # Update some of the bundled modules
 # see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
 
@@ -972,6 +976,7 @@ tarball from perl.org.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
 
 #copy the example script
 cp -a %{SOURCE5} .
@@ -1191,6 +1196,7 @@ pushd %{build_archlib}/CORE/
     'Fedora Patch12: Fix CVE-2011-2939' \
     'Fedora Patch13: Change Perl_repeatcpy() to allow count above 2^31' \
     'Fedora Patch14: Fix CVE-2011-2728' \
+    'Fedora Patch15: Fix leak with non-matching named captures' \
     %{nil}
 
 rm patchlevel.bak
@@ -1990,6 +1996,9 @@ rm -rf $RPM_BUILD_ROOT
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Wed Dec 14 2011 Petr Pisar <ppisar at redhat.com> - 4:5.12.4-164
+- Fix leak with non-matching named captures (bug #767597)
+
 * Fri Nov 04 2011 Petr Pisar <ppisar at redhat.com> - 4:5.12.4-163
 - Change Perl_repeatcpy() prototype to allow repeat count above 2^31
   (bug #720610)

More information about the scm-commits mailing list