[perl/f18] Make regular expression engine safe in a signal handler
Petr Pisar
ppisar at fedoraproject.org
Mon Nov 11 12:44:01 UTC 2013
commit 05126679f1b41eec504b8a07787e67fcaaab696d
Author: Petr Písař <ppisar at redhat.com>
Date: Fri May 10 14:16:32 2013 +0200
Make regular expression engine safe in a signal handler
...ve-PERL_ASYNC_CHECK-from-Perl_leave_scope.patch | 148 ++++++++++++++++++++
perl.spec | 11 ++-
2 files changed, 158 insertions(+), 1 deletions(-)
---
diff --git a/perl-5.16.3-Remove-PERL_ASYNC_CHECK-from-Perl_leave_scope.patch b/perl-5.16.3-Remove-PERL_ASYNC_CHECK-from-Perl_leave_scope.patch
new file mode 100644
index 0000000..0e6ee22
--- /dev/null
+++ b/perl-5.16.3-Remove-PERL_ASYNC_CHECK-from-Perl_leave_scope.patch
@@ -0,0 +1,148 @@
+From 13716dc35cd0869b98bd30cebbdeb8d48ab07a8b Mon Sep 17 00:00:00 2001
+From: Nicholas Clark <nick at ccl4.org>
+Date: Sat, 14 Apr 2012 15:51:33 +0200
+Subject: [PATCH] Remove PERL_ASYNC_CHECK() from Perl_leave_scope().
+
+PERL_ASYNC_CHECK() was added to Perl_leave_scope() as part of commit
+f410a2119920dd04, which moved signal dispatch from the runloop to
+control flow ops, to mitigate nearly all of the speed cost of safe
+signals.
+
+The assumption was that scope exit was a safe place to dispatch signals.
+However, this is not true, as parts of the regex engine call
+leave_scope(), the regex engine stores some state in per-interpreter
+variables, and code called within signal handlers can change these
+values.
+
+Hence remove the call to PERL_ASYNC_CHECK() from Perl_leave_scope(), and
+add it explicitly in the various OPs which were relying on their call to
+leave_scope() to dispatch any pending signals. Also add a
+PERL_ASYNC_CHECK() to the exit of the runloop, which ensures signals
+still dispatch from S_sortcv() and S_sortcv_stacked(), as well as
+addressing one of the concerns in the commit message of
+f410a2119920dd04:
+
+ Subtle bugs might remain - there might be constructions that enter
+ the runloop (where signals used to be dispatched) but don't contain
+ any PERL_ASYNC_CHECK() calls themselves.
+
+Finally, move the PERL_ASYNC_CHECK(); added by that commit to pp_goto to
+the end of the function, to be consistent with the positioning of all
+other PERL_ASYNC_CHECK() calls - at the beginning or end of OP
+functions, hence just before the return to or just after the call from
+the runloop, and hence effectively at the same point as the previous
+location of PERL_ASYNC_CHECK() in the runloop.
+---
+ dump.c | 1 +
+ pp_ctl.c | 11 ++++++++++-
+ run.c | 1 +
+ scope.c | 2 --
+ 4 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/dump.c b/dump.c
+index b238ee0..d770a65 100644
+--- a/dump.c
++++ b/dump.c
+@@ -2118,6 +2118,7 @@ Perl_runops_debug(pTHX)
+ }
+ } while ((PL_op = PL_op->op_ppaddr(aTHX)));
+ DEBUG_l(Perl_deb(aTHX_ "leaving RUNOPS level\n"));
++ PERL_ASYNC_CHECK();
+
+ TAINT_NOT;
+ return 0;
+diff --git a/pp_ctl.c b/pp_ctl.c
+index fd92efa..6206a25 100644
+--- a/pp_ctl.c
++++ b/pp_ctl.c
+@@ -377,6 +377,7 @@ PP(pp_substcont)
+ TAINT_NOT;
+ LEAVE_SCOPE(cx->sb_oldsave);
+ POPSUBST(cx);
++ PERL_ASYNC_CHECK();
+ RETURNOP(pm->op_next);
+ /* NOTREACHED */
+ }
+@@ -2732,6 +2733,7 @@ PP(pp_next)
+ if (PL_scopestack_ix < inner)
+ leave_scope(PL_scopestack[PL_scopestack_ix]);
+ PL_curcop = cx->blk_oldcop;
++ PERL_ASYNC_CHECK();
+ return (cx)->blk_loop.my_op->op_nextop;
+ }
+
+@@ -2774,6 +2776,7 @@ PP(pp_redo)
+ LEAVE_SCOPE(oldsave);
+ FREETMPS;
+ PL_curcop = cx->blk_oldcop;
++ PERL_ASYNC_CHECK();
+ return redo_op;
+ }
+
+@@ -2978,6 +2981,7 @@ PP(pp_goto)
+ PUTBACK;
+ (void)(*CvXSUB(cv))(aTHX_ cv);
+ LEAVE;
++ PERL_ASYNC_CHECK();
+ return retop;
+ }
+ else {
+@@ -3049,6 +3053,7 @@ PP(pp_goto)
+ }
+ }
+ }
++ PERL_ASYNC_CHECK();
+ RETURNOP(CvSTART(cv));
+ }
+ }
+@@ -3209,6 +3214,7 @@ PP(pp_goto)
+ PL_do_undump = FALSE;
+ }
+
++ PERL_ASYNC_CHECK();
+ RETURNOP(retop);
+ }
+
+@@ -5129,10 +5135,13 @@ PP(pp_leavewhen)
+ leave_scope(PL_scopestack[PL_scopestack_ix]);
+ PL_curcop = cx->blk_oldcop;
+
++ PERL_ASYNC_CHECK();
+ return cx->blk_loop.my_op->op_nextop;
+ }
+- else
++ else {
++ PERL_ASYNC_CHECK();
+ RETURNOP(cx->blk_givwhen.leave_op);
++ }
+ }
+
+ PP(pp_continue)
+diff --git a/run.c b/run.c
+index 7c1d0aa..774852d 100644
+--- a/run.c
++++ b/run.c
+@@ -40,6 +40,7 @@ Perl_runops_standard(pTHX)
+ register OP *op = PL_op;
+ while ((PL_op = op = op->op_ppaddr(aTHX))) {
+ }
++ PERL_ASYNC_CHECK();
+
+ TAINT_NOT;
+ return 0;
+diff --git a/scope.c b/scope.c
+index ffd0552..121d1f7 100644
+--- a/scope.c
++++ b/scope.c
+@@ -1168,8 +1168,6 @@ Perl_leave_scope(pTHX_ I32 base)
+ }
+
+ PL_tainted = was;
+-
+- PERL_ASYNC_CHECK();
+ }
+
+ void
+--
+1.8.1.4
+
diff --git a/perl.spec b/perl.spec
index 88292b5..d5b7f2d 100644
--- a/perl.spec
+++ b/perl.spec
@@ -31,7 +31,7 @@
Name: perl
Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise
-Release: 244%{?dist}
+Release: 245%{?dist}
Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language
Group: Development/Languages
@@ -122,6 +122,10 @@ Patch24: perl-5.16.3-Don-t-leak-if-hh-copying-dies.patch
# Fix dead lock in PerlIO after fork from thread, rhbz#947444, RT#106212
Patch25: perl-5.17.9-106212-Add-PL_perlio_mutex-to-atfork_lock.patch
+# Make regular expression engine safe in a signal handler, rhbz#849703,
+# RT#114878, fixed after 5.17.11
+Patch26: perl-5.16.3-Remove-PERL_ASYNC_CHECK-from-Perl_leave_scope.patch
+
# Update some of the bundled modules
# see http://fedoraproject.org/wiki/Perl/perl.spec for instructions
@@ -1388,6 +1392,7 @@ tarball from perl.org.
%patch23 -p1
%patch24 -p1
%patch25 -p1
+%patch26 -p1
#copy the example script
cp -a %{SOURCE5} .
@@ -1603,6 +1608,7 @@ pushd %{build_archlib}/CORE/
'Fedora Patch23: Fix leaking tied hashes (RT#107000) [2]' \
'Fedora Patch24: Fix leaking tied hashes (RT#107000) [3]' \
'Fedora Patch25: Fix dead lock in PerlIO after fork from thread (RT106212)' \
+ 'Fedora Patch26: Make regexp safe in a signal handler (RT#114878)' \
%{nil}
rm patchlevel.bak
@@ -2699,6 +2705,9 @@ sed \
# Old changelog entries are preserved in CVS.
%changelog
+* Mon Nov 11 2013 Petr Pisar <ppisar at redhat.com> - 4:5.16.3-245
+- Make regular expression engine safe in a signal handler (bug #849703)
+
* Fri May 03 2013 Petr Pisar <ppisar at redhat.com> - 4:5.16.3-244
- Remove bundled Digest (bug #957931)
More information about the scm-commits
mailing list