[perl/f15] Fix leak with non-matching named captures
Petr Pisar
ppisar at fedoraproject.org
Wed Dec 14 15:38:05 UTC 2011
commit 16955dc39187805ab1480c6466d76448e65f16b6
Author: Petr Písař <ppisar at redhat.com>
Date: Wed Dec 14 15:28:03 2011 +0100
Fix leak with non-matching named captures
...n-t-leak-memory-when-accessing-named-capt.patch | 52 ++++++++++++++++++++
perl.spec | 11 ++++-
2 files changed, 62 insertions(+), 1 deletions(-)
---
diff --git a/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch b/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
new file mode 100644
index 0000000..a3aabb2
--- /dev/null
+++ b/perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
@@ -0,0 +1,52 @@
+From 7402016d87474403eea5c52dc2c071f68cbbe25c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= <avar at cpan.org>
+Date: Tue, 13 Dec 2011 14:43:12 +0000
+Subject: [PATCH] [RT #78266] Don't leak memory when accessing named captures
+ that didn't match
+
+Since 5.10 (probably 44a2ac759e) named captures have been leaking
+memory when they're used, don't actually match, but are later
+accessed. E.g.:
+
+ $ perl -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?<capture>bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"'
+ RSS
+ 238524
+
+Here we match the "foo" branch of our regex, but since we've used a
+name capture we'll end up running the code in
+Perl_reg_named_buff_fetch, which allocates a newSVsv(&PL_sv_undef) but
+never uses it unless it's trying to return an array.
+
+Just change that code not to allocate scalars we don't plan to
+return. With this fix we don't leak any memory since there's nothing
+to leak anymore.
+
+ $ ./perl -Ilib -wle 'for (1..10_000_000) { if ("foo" =~ /(foo|(?<capture>bar))?/) { my $capture = $+{capture} } } system "ps -o rss $$"'
+ RSS
+ 3528
+
+This reverts commit b28f4af8cf94eb18c0cfde71e9625081912499a8 ("Fix
+allocating something in the first place is a better solution than
+allocating it, not using it, and then freeing it.
+
+Petr Pisar: perldelta and wrong fix (commit b28f4af8cf) removed.
+---
+ regcomp.c | 7 ++-----
+
+diff --git a/regcomp.c b/regcomp.c
+index 9e9fac4..56b2b9c 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -5409,7 +5409,8 @@ Perl_reg_named_buff_fetch(pTHX_ REGEXP * const r, SV * const namesv,
+ if (!retarray)
+ return ret;
+ } else {
+- ret = newSVsv(&PL_sv_undef);
++ if (retarray)
++ ret = newSVsv(&PL_sv_undef);
+ }
+ if (retarray)
+ av_push(retarray, ret);
+--
+1.7.7.4
+
diff --git a/perl.spec b/perl.spec
index 736070c..bc5c7bb 100644
--- a/perl.spec
+++ b/perl.spec
@@ -20,7 +20,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, becase dual-lived modules will be broken otherwise
-Release: 163%{?dist}
+Release: 164%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -93,6 +93,10 @@ Patch13: perl-5.14.2-large-repeat-heap-abuse.patch
# Fix CVE-2011-2728, rhbz#742987, fixed in Perl 5.14.2.
Patch14: perl-5.12.4-CVE-2011-2728.patch
+# Fix leak with non-matching named captures. rhbz#767597, RT#78266, fixed
+# after 5.14.2.
+Patch15: perl-5.14.2-Don-t-leak-memory-when-accessing-named-capt.patch
+
# Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@@ -972,6 +976,7 @@ tarball from perl.org.
%patch12 -p1
%patch13 -p1
%patch14 -p1
+%patch15 -p1
#copy the example script
cp -a %{SOURCE5} .
@@ -1191,6 +1196,7 @@ pushd %{build_archlib}/CORE/
'Fedora Patch12: Fix CVE-2011-2939' \
'Fedora Patch13: Change Perl_repeatcpy() to allow count above 2^31' \
'Fedora Patch14: Fix CVE-2011-2728' \
+ 'Fedora Patch15: Fix leak with non-matching named captures' \
%{nil}
rm patchlevel.bak
@@ -1990,6 +1996,9 @@ rm -rf $RPM_BUILD_ROOT
# Old changelog entries are preserved in CVS.
%changelog
+* Wed Dec 14 2011 Petr Pisar <ppisar at redhat.com> - 4:5.12.4-164
+- Fix leak with non-matching named captures (bug #767597)
+
* Fri Nov 04 2011 Petr Pisar <ppisar at redhat.com> - 4:5.12.4-163
- Change Perl_repeatcpy() prototype to allow repeat count above 2^31
(bug #720610)
More information about the scm-commits
mailing list