packages/perl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-48522

Browse Source 
(cherry picked from commit 6bd423e3f8bed2723e95666d70d885cafbea8044)
This commit is contained in:
yangmingtai 2023-08-25 15:11:21 +08:00 committed by openeuler-sync-bot
parent 71c7b37917
commit 44d9bf5bca
2 changed files with 83 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
backport-CVE-2022-48522.patch Normal file
View File

@ -0,0 +1,78 @@
From 43cbd598f60a85afcfc3de71e89e8a48330158f5 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Wed, 22 Sep 2021 11:47:55 +1000
Subject: [PATCH] Don't try to Sv[PI]V() on an undef index SV in
find_uninit_var()
When trying to evaluate:
$x{$y}
or
$x[$y]
where both the index and the hash or array entry was undefined,
when trying to report the entry as uninitialised, find_uninit_var()
would try to get the string or numeric value of the index,
recursively trying to produce a warning.
This would end up overflowing the stack, producing a segmentation fault.
Fixes #19147.
(cherry picked from commit 23cca2d1f4544cb47f1124d98c308ce1f31f09a6)
Conflict:NA
Reference:https://github.com/Perl/perl5/commit/43cbd598f60a85afcfc3de71e89e8a48330158f5
---
sv.c | 7 ++++---
t/lib/warnings/sv | 13 +++++++++++++
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/sv.c b/sv.c
index 27c425a54e6f..46bf9815cd15 100644
--- a/sv.c
+++ b/sv.c
@@ -16782,14 +16782,15 @@ S_find_uninit_var(pTHX_ const OP *const obase, const SV *const uninit_sv,
}
if (index_sv && !SvMAGICAL(index_sv) && !SvROK(index_sv)) {
if (is_hv) {
- HE *he = hv_fetch_ent(MUTABLE_HV(sv), index_sv, 0, 0);
+ SV *report_index_sv = SvOK(index_sv) ? index_sv : &PL_sv_no;
+ HE *he = hv_fetch_ent(MUTABLE_HV(sv), report_index_sv, 0, 0);
if (!he) {
return varname(agg_gv, '%', agg_targ,
- index_sv, 0, FUV_SUBSCRIPT_HASH);
+ report_index_sv, 0, FUV_SUBSCRIPT_HASH);
}
}
else {
- SSize_t index = SvIV(index_sv);
+ SSize_t index = SvOK(index_sv) ? SvIV(index_sv) : 0;
SV * const * const svp =
av_fetch(MUTABLE_AV(sv), index, FALSE);
if (!svp) {
diff --git a/t/lib/warnings/sv b/t/lib/warnings/sv
index be04b8457e3a..8524c2c25a1d 100644
--- a/t/lib/warnings/sv
+++ b/t/lib/warnings/sv
@@ -211,6 +211,19 @@ Use of uninitialized value $a in join or string at - line 4.
Use of uninitialized value $a in concatenation (.) or string at - line 5.
Use of uninitialized value $a in concatenation (.) or string at - line 6.
########
+# NAME https://github.com/Perl/perl5/issues/19147
+use warnings 'uninitialized';
+my %x;
+my @z;
+my $y;
+-$x{$y};
+-$z[$y];
+EXPECT
+Use of uninitialized value $y in hash element at - line 5.
+Use of uninitialized value $x{""} in negation (-) at - line 5.
+Use of uninitialized value $y in array element at - line 6.
+Use of uninitialized value $z[0] in negation (-) at - line 6.
+########
# sv.c
use warnings 'numeric' ;
sub TIESCALAR{bless[]} ;

6
perl.spec
View File

@ -22,7 +22,7 @@ Name: perl
License: (GPL+ or Artistic) and (GPLv2+ or Artistic) and MIT and UCD and Public Domain and BSD
Epoch: 4
Version: %{perl_version}
Release: 8
Release: 9
Summary: A highly capable, feature-rich programming language
Url: https://www.perl.org/
Source0: https://www.cpan.org/src/5.0/%{name}-%{version}.tar.xz
@ -39,6 +39,7 @@ Patch8: disable-rpath-by-default.patch
Patch6000: backport-CVE-2021-36770.patch
Patch6001: backport-CVE-2023-31484.patch
Patch6002: backport-CVE-2023-31486.patch
Patch6003: backport-CVE-2022-48522.patch
BuildRequires: gcc bash findutils coreutils make tar procps bzip2-devel gdbm-devel perl-File-Compare perl-File-Find
BuildRequires: zlib-devel systemtap-sdt-devel perl-interpreter perl-generators
@ -489,6 +490,9 @@ make test_harness
%{_mandir}/man3/*
%changelog
* Fri Aug 25 2023 yangmingtai <yangmingtai@huawei.com> - 4:5.34.0-9
- fix CVE-2022-48522
* Mon Jun 26 2023 yangmingtai <yangmingtai@huawei.com> - 4:5.34.0-8
- fix CVE-2023-31486