From 308be74b0f09716e299e6f78ff7f7e1767c384b4 Mon Sep 17 00:00:00 2001
From: Petr Písař <ppisar@redhat.com>
Date: Jul 18 2019 14:58:46 +0000
Subject: Fix a crash with a negative precision in sprintf function


---

diff --git a/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch b/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch
new file mode 100644
index 0000000..0985db6
--- /dev/null
+++ b/perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch
@@ -0,0 +1,63 @@
+From b0f5b1daacb21ab7e46a772a6ff0f70ca627cb58 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Tue, 9 Apr 2019 14:27:41 +0100
+Subject: [PATCH 1/2] [#134008] More carefully ignore negative precision in
+ sprintf
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check has_precis more consistently; ensure precis is left as 0 if provided
+as a negative number.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ sv.c            | 7 +++++--
+ t/op/sprintf2.t | 3 +++
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/sv.c b/sv.c
+index de67b7657e..8fbca52eb2 100644
+--- a/sv.c
++++ b/sv.c
+@@ -11765,11 +11765,11 @@ S_format_hexfp(pTHX_ char * const buf, const STRLEN bufsize, const char c,
+     else {
+         *p++ = '0';
+         exponent = 0;
+-        zerotail = precis;
++        zerotail = has_precis ? precis : 0;
+     }
+ 
+     /* The radix is always output if precis, or if alt. */
+-    if (precis > 0 || alt) {
++    if ((has_precis && precis > 0) || alt) {
+       hexradix = TRUE;
+     }
+ 
+@@ -12223,6 +12223,9 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p
+                     }
+                     precis = S_sprintf_arg_num_val(aTHX_ args, i, sv, &neg);
+                     has_precis = !neg;
++                    /* ignore negative precision */
++                    if (!has_precis)
++                        precis = 0;
+                 }
+ 	    }
+ 	    else {
+diff --git a/t/op/sprintf2.t b/t/op/sprintf2.t
+index dc87821152..569bd8053d 100644
+--- a/t/op/sprintf2.t
++++ b/t/op/sprintf2.t
+@@ -838,6 +838,9 @@ SKIP: {
+     # [rt.perl.org #128889]
+     is(sprintf("%.*a", -1, 1.03125), "0x1.08p+0", "[rt.perl.org #128889]");
+ 
++    # [rt.perl.org #134008]
++    is(sprintf("%.*a", -99999, 1.03125), "0x1.08p+0", "[rt.perl.org #134008]");
++
+     # [rt.perl.org #128890]
+     is(sprintf("%a", 0x1.18p+0), "0x1.18p+0");
+     is(sprintf("%.1a", 0x1.08p+0), "0x1.0p+0");
+-- 
+2.20.1
+
diff --git a/perl-5.31.0-perl-134008-an-alternative-test.patch b/perl-5.31.0-perl-134008-an-alternative-test.patch
new file mode 100644
index 0000000..7990681
--- /dev/null
+++ b/perl-5.31.0-perl-134008-an-alternative-test.patch
@@ -0,0 +1,28 @@
+From 9dfe0a3438ae69872b71b98e4fb4f4bef084983d Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Mon, 3 Jun 2019 14:34:17 +1000
+Subject: [PATCH 2/2] (perl #134008) an alternative test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ t/op/sprintf2.t | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/t/op/sprintf2.t b/t/op/sprintf2.t
+index 569bd8053d..84259a4afd 100644
+--- a/t/op/sprintf2.t
++++ b/t/op/sprintf2.t
+@@ -840,6 +840,7 @@ SKIP: {
+ 
+     # [rt.perl.org #134008]
+     is(sprintf("%.*a", -99999, 1.03125), "0x1.08p+0", "[rt.perl.org #134008]");
++    is(sprintf("%.*a", -100000,0), "0x0p+0", "negative precision ignored by format_hexfp");
+ 
+     # [rt.perl.org #128890]
+     is(sprintf("%a", 0x1.18p+0), "0x1.18p+0");
+-- 
+2.20.1
+
diff --git a/perl.spec b/perl.spec
index 5063cf9..2bb2f6b 100644
--- a/perl.spec
+++ b/perl.spec
@@ -287,6 +287,11 @@ Patch73:        perl-5.31.0-perl-122112-test-for-signal-handler-death-in-pclose.
 Patch74:        perl-5.31.0-perl-122112-a-simpler-fix-for-pclose-aborted-by-a-si.patch
 Patch75:        perl-5.31.0-perl-122112-remove-some-interfering-debug-output.patch
 
+# Fix a crash with a negative precision in sprintf function, RT#134008,
+# fixed after 5.31.0
+Patch76:        perl-5.31.0-134008-More-carefully-ignore-negative-precision-in-s.patch
+Patch77:        perl-5.31.0-perl-134008-an-alternative-test.patch
+
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
 
@@ -2907,6 +2912,8 @@ Perl extension for Version Objects
 %patch73 -p1
 %patch74 -p1
 %patch75 -p1
+%patch76 -p1
+%patch77 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2966,6 +2973,8 @@ perl -x patchlevel.h \
     'Fedora Patch73: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \
     'Fedora Patch74: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \
     'Fedora Patch75: Fix a crash in SIGALARM handler when waiting on a child process to be closed (RT#122112)' \
+    'Fedora Patch76: Fix a crash with a negative precision in sprintf function (RT#134008)' \
+    'Fedora Patch77: Fix a crash with a negative precision in sprintf function (RT#134008)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5258,6 +5267,7 @@ popd
 - Do not panic when evaluating non-ASCII bare words (RT#134061)
 - Fix a crash in SIGALARM handler when waiting on a child process to be closed
   (RT#122112)
+- Fix a crash with a negative precision in sprintf function (RT#134008)
 
 * Tue Apr 23 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.28.2-431
 - 5.28.2 bump (see <https://metacpan.org/pod/release/SHAY/perl-5.28.2/pod/perldelta.pod>