diff --git a/perl-5.29.7-perl-131562-correct-large-line-numbers-copying-eval-.patch b/perl-5.29.7-perl-131562-correct-large-line-numbers-copying-eval-.patch new file mode 100644 index 0000000..f69fe65 --- /dev/null +++ b/perl-5.29.7-perl-131562-correct-large-line-numbers-copying-eval-.patch @@ -0,0 +1,49 @@ +From 515c395bcca24c55c85b5aeea239e5e836c36059 Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Wed, 23 Aug 2017 14:18:26 +1000 +Subject: [PATCH] (perl #131562) correct large line numbers copying eval lines + on #line +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Previously this used I32 for line numbers, which takes half the range +of line_t and folds it into negative numbers, leading to trying to store +the lines at negative indexes. + +The while loop was also modified to stop storing if/when the line number +no longer fits into cop_line, or no longer fits into SSize_t (as a +positive number) since the index parameter to av_store() is a SSize_t. + +Signed-off-by: Petr Písař +--- + toke.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/toke.c b/toke.c +index de4ab2e652..5a3fe78472 100644 +--- a/toke.c ++++ b/toke.c +@@ -1829,14 +1829,14 @@ S_incline(pTHX_ const char *s, const char *end) + } + else if (GvAV(cfgv)) { + AV * const av = GvAV(cfgv); +- const I32 start = CopLINE(PL_curcop)+1; +- I32 items = AvFILLp(av) - start; ++ const line_t start = CopLINE(PL_curcop)+1; ++ SSize_t items = AvFILLp(av) - start; + if (items > 0) { + AV * const av2 = GvAVn(gv2); + SV **svp = AvARRAY(av) + start; +- I32 l = (I32)line_num+1; +- while (items--) +- av_store(av2, l++, SvREFCNT_inc(*svp++)); ++ Size_t l = line_num+1; ++ while (items-- && l < SSize_t_MAX && l == (line_t)l) ++ av_store(av2, (SSize_t)l++, SvREFCNT_inc(*svp++)); + } + } + } +-- +2.20.1 + diff --git a/perl.spec b/perl.spec index b1b477d..c8fdcb8 100644 --- a/perl.spec +++ b/perl.spec @@ -83,7 +83,7 @@ License: GPL+ or Artistic Epoch: %{perl_epoch} Version: %{perl_version} # release number must be even higher, because dual-lived modules will be broken otherwise -Release: 432%{?dist} +Release: 433%{?dist} Summary: Practical Extraction and Report Language Url: https://www.perl.org/ Source0: https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz @@ -247,6 +247,10 @@ Patch50: perl-5.29.6-PATCH-perl-133756-Failure-to-match-properly.patch # in upstream after 5.29.3 Patch51: perl-5.29.3-RT-133573-X-fallback-when-platform-specific-techniqu.patch +# Fix a crash when parsing #line directives with large numbers in eval, RT#131562, +# in upstream after 5.29.7 +Patch52: perl-5.29.7-perl-131562-correct-large-line-numbers-copying-eval-.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -2851,6 +2855,7 @@ Perl extension for Version Objects %patch49 -p1 %patch50 -p1 %patch51 -p1 +%patch52 -p1 %patch200 -p1 %patch201 -p1 @@ -2895,6 +2900,7 @@ perl -x patchlevel.h \ 'Fedora Patch49: Prevent long jumps from clobbering local variables (RT#133575)' \ 'Fedora Patch50: Fix a mismatch with a case-insesitive regular expression on a text with ligatures (RT#133756)' \ 'Fedora Patch51: Fix the interpreter path if procfs is not mounted (RT#133573)' \ + 'Fedora Patch52: Fix a crash when parsing #line directives with large numbers in eval (RT#131562)' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -5183,6 +5189,10 @@ popd # Old changelog entries are preserved in CVS. %changelog +* Fri Feb 22 2019 Petr Pisar - 4:5.28.1-433 +- Fix a crash when parsing #line directives with large numbers in eval + (RT#131562) + * Fri Feb 01 2019 Fedora Release Engineering - 4:5.28.1-432 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild