Fix crash caused by undefined behaviour between two sequence points#72
Merged
dankogai merged 1 commit intodankogai:masterfrom Oct 27, 2016
Merged
Fix crash caused by undefined behaviour between two sequence points#72dankogai merged 1 commit intodankogai:masterfrom
dankogai merged 1 commit intodankogai:masterfrom
Conversation
Construction like this: ST(0) = encode_method(aTHX_ enc, enc->f_utf8, src, check, NULL, Nullsv, NULL, fallback_cb); with src = ST(1) and fallback_cb as subroutine which reallocate perl stack leads to undefined behaviour when pointers to perl stack variables are modified more times between two sequence points. When that code is compiled under gcc 4.6 then at first is evaluated pointer for ST(0), second is evaluation of encode_method() function and third is assignment of return value. But encode_method() modified pointers to perl stack variables and old pointer for ST(0) from first step does not have to be correct... With this patch ST(0) is not directly modified between two sequence points but via temporary variable RETVAL. Tested under valgrind that memory corruption disappeared. Fixes bug: https://rt.cpan.org/Public/Bug/Display.html?id=113164
Owner
|
Thank you! |
jsonn
pushed a commit
to jsonn/pkgsrc
that referenced
this pull request
Nov 28, 2016
Upstream changes: $Revision: 2.87 $ $Date: 2016/10/28 05:03:52 $ ! Encode.xs t/taint.t Pulled: Disable _utf8_on and _utf8_off for tainted values dankogai/p5-encode#74 ! Encode.xs MANIFEST t/rt65541.t t/rt76824.t t/rt86327.t Pulled: Fix crash 'panic: sv_setpvn called with negative strlen' dankogai/p5-encode#73 ! Encode.xs MANIFEST t/rt113164.t Pulled: Fix crash caused by undefined behaviour between two sequence points dankogai/p5-encode#72 ! Encode.xs MANIFEST lib/Encode/CN/HZ.pm lib/Encode/Encoder.pm t/decode.t t/magic.t t/rt85489.t t/utf8ref.t Pulled: Fix handling of undef, ref, typeglob, UTF8, COW and magic scalar argument in all XS functions dankogai/p5-encode#70 ! Encode/_T.e2x t/at-cn.t t/at-tw.t t/enc_data.t t/enc_module.t t/encoding-locale.t t/encoding.t t/jperl.t t/mime-name.t t/undef.t Pulled: Fix unit tests dankogai/p5-encode#69 ! Encode.pm lib/Encode/MIME/Header.pm lib/Encode/MIME/Name.pm t/mime-header.t t/mime-name.t t/taint.t Pulled: Encode::MIME::Header clean up dankogai/p5-encode#68 ! Encode.xs Pulled: Generate CHECK value functions with newCONSTSUB() instead with direct XS dankogai/p5-encode#67 ! Encode.xs Pulled: Encode::utf8: Fix count of replacement characters for overflowed and overlong UTF-8 sequences dankogai/p5-encode#65 ! Encode.xs t/fallback.t t/utf8strict.t Pulled: Encode::utf8: Fix processing invalid UTF-8 subsequences dankogai/p5-encode#63 ! Encode.pm t/utf8ref.t Pulled: Fix return value of Encode::encode_utf8(undef) https://rt.cpan.org/Ticket/Display.html?id=116904 dankogai/p5-encode#62
halstead
pushed a commit
to openembedded/meta-openembedded
that referenced
this pull request
Feb 11, 2018
* Fix RDEPENDS * RCONFLICTS with perl-misc * LIC_FILES_CHKSUM is based on META.json, which has changed but license remains the same Changes: 2.94 2018/01/09 05:53:00 ! lib/Encode/Alias.pm Fixed: deep recursion in Encode::find_encoding when decoding bad MIME header dankogai/p5-encode#127 ! Encode.pm Pulled: Include more information about Encode::is_utf8() that it should not be normally used dankogai/p5-encode#126 Pulled: Remove misleading documentation about UTF8 flag dankogai/p5-encode#125 2.93 2017/10/06 22:21:53 ! lib/Encode/MIME/Name.pm t/mime-name.t Pulled: Add "euc-cn" => "EUC-CN" alias to Encode::MIME::Name dankogai/p5-encode#124 ! encoding.pm Pulled: Propagate fatal errors from the encoding pragma back to the caller Resolves rt #100427 dankogai/p5-encode#123 https://rt.cpan.org/Ticket/Display.html?id=100427 ! lib/Encode/CN/HZ.pm lib/Encode/JP/JIS7.pm lib/Encode/MIME/Header.pm t/decode.t Pulled: Uninitialized value fixes #122 dankogai/p5-encode#122 ! Makefile.PL Pulled: Fix -Werror=declaration-after-statement for gcc 4.1.2 dankogai/p5-encode#121 2.92 2017/07/18 07:15:29 ! Encode.pm MANIFEST lib/Encode/Alias.pm + t/use-Encode-Alias.t Pulled: Fix loading Encode::Alias before Encode dankogai/p5-encode#118 ! Makefile.PL Pulled: Fix gccversion Argument "630 20170516" isn't numeric dankogai/p5-encode#118 ! lib/Encode/MIME/Header.pm t/mime-header.t Pulled: Encode::MIME::Header: Fix parsing quoted-printable text in strict mode dankogai/p5-encode#115 ! Encode.pm use define_encoding() instead of tweaking $Encode::Encoding{utf8}. dankogai/p5-encode@208d094#commitcomment-22698036 2.91 2017/06/22 08:11:05 ! Encode.pm Addressed: RT#122167: use parent q{Encode::Encoding}; fails: Can't locate object https://rt.cpan.org/Ticket/Display.html?id=122167 ! Makefile.PL Pulled: fix gcc warnings for older gcc < 4.0 dankogai/p5-encode#114 2.90 2017/06/10 17:23:50 ! Makefile.PL Pulled: Include all contributors into META dankogai/p5-encode#111 ! bin/enc2xs bin/ucmlint encoding.pm lib/Encode/Encoding.pm lib/Encode/GSM0338.pm t/CJKT.t Pulled: Where possible do not depend on value of $@, instead use return value of eval dankogai/p5-encode#110 ! Encode.xs Pulled: Fix more XS problems in Encode.xs file dankogai/p5-encode#109 ! encoding.pm lib/Encode/Encoding.pm t/guess.t Pulled: Small fixes dankogai/p5-encode#108 ! Encode.pm Makefile.PL Pulled: Load modules Encode::MIME::Name and Storable normally dankogai/p5-encode#107 ! Unicode/Unicode.pm lib/Encode/Alias.pm lib/Encode/Encoding.pm lib/Encode/Unicode/UTF7.pm Pulled: Remove no warnings 'redefine'; and correctly loaddependences dankogai/p5-encode#106 ! Encode.pm Encode.xs Unicode/Unicode.pm Unicode/Unicode.xs Pulled: Remove PP stubs and reformat predefine_encodings() dankogai/p5-encode#104 ! Encode.pm Encode.xs Pulled: Run Encode XS BOOT code at compile time dankogai/p5-encode#103 ! Encode.pm Unicode/Unicode.pm lib/Encode/Encoding.pm lib/Encode/Guess.pm lib/Encode/JP/JIS7.pm lib/Encode/MIME/Header.pm lib/Encode/MIME/Header/ISO_2022_JP.pm Pulled: Use Encode::define_encoding and propagate carp/croak message dankogai/p5-encode#102 ! t/truncated_utf8.t t/utf8messages.t Pulled: Fixes for older perl versions dankogai/p5-encode#101 ! Encode.xs encoding.pm t/enc_eucjp.t t/enc_utf8.t Pulled: cperl fixes: encoding undeprecated, no strict hashpairs dankogai/p5-encode#100 ! MANIFEST Pulled: Add missing tests into MANIFEST file dankogai/p5-encode#99 ! Encode.xs t/fallback.t Pulled: Cleanup code for handling fallback/replacement characters dankogai/p5-encode#98 2.89 2017/04/21 05:20:14 ! Encode.pm Encode.xs MANIFEST t/enc_eucjp.t t/enc_utf8.t + t/utf8messages.t Pulled: Fixes for Encode::utf8 dankogai/p5-encode#97 ! Encode.pm Pulled: Fix documentation about CHECK coderef dankogai/p5-encode#96 ! Encode.xs Pulled: For efficiency use newSVpvn() instead of newSVpv() in do_fallback_cb() dankogai/p5-encode#95 ! Encode.xs Pulled Call Encode callback function with integer argument correctly dankogai/p5-encode#94 ! lib/Encode/CN/HZ.pm lib/Encode/GSM0338.pm lib/Encode/JP/JIS7.pm lib/Encode/KR/2022_KR.pm lib/Encode/MIME/Header.pm lib/Encode/MIME/Header/ISO_2022_JP.pm lib/Encode/Unicode/UTF7.pm t/undef.t Pulled: Fix all Encode modules so their encode(undef) and decode(undef) calls returns undef dankogai/p5-encode#93 + t/whatwg-aliases.json t/whatwg-aliases.t Pulled: New (failing) tests for aliases defined in WHATWG Encoding spec #92 dankogai/p5-encode#92 ! Encode.pm Pulled: Update documentation for UTF-8 dankogai/p5-encode#91 ! Encode.xs t/truncated_utf8.t Pulled: Consume correct number of bytes on malformed ! Encode.pm Unicode/Unicode.pm Pulled: document str2bytes and bytes2str dankogai/p5-encode#86 ! Encode.xs t/fallback.t t/truncated_utf8.t Pulled: Fix appending correct number of Unicode replacement characters dankogai/p5-encode#84 2.88 2016/11/29 23:29:23 ! t/taint.t Pulled: Fix test t/taint.t to pass when Encode::ConfigLocal is present dankogai/p5-encode#83 ! Makefile.PL Unicode/Makefile.PL bin/enc2xs lib/Encode/Alias.pm t/Aliases.t t/enc_data.t t/enc_module.t t/encoding.t t/jperl.t Pulled: various fixes dankogai/p5-encode#82 ! t/mime-header.t Pulled: Fix test t/mime-header.t to pass on HP-UX 11.23/64 U with perl v5.8.3 dankogai/p5-encode#81 ! t/Encode.t Pulled: Extend COW tests for UTF-8 and Latin1 dankogai/p5-encode#80 ! Encode.xs Unicode/Unicode.xs Pulled: Rmv impediment to compiling under C++11 dankogai/p5-encode#78 ! Encode.xs Unicode/Unicode.xs Pulled: Do not use expressions in macros SvTRUE, SvPV, SvIV, attr and attr_true dankogai/p5-encode#77 ! Unicode/Unicode.xs t/magic.t Pulled: Fix handling of undef, COW and magic scalar argument in Unicode.xs dankogai/p5-encode#76 ! Encode.xs encoding.pm Fix 2 of 3 problems Steve Hay found. 1. C89 compiler failures (patch attached). 2. encoding.pm has changed slightly but has no $VERSION++ Message-Id: <CADED=K6ve_DAzRXPX=EsjtUDnZppAaw+BP1Ziw_fU5f32k+Wyg@mail.gmail.com> 2.87 2016/10/28 05:03:52 ! Encode.xs t/taint.t Pulled: Disable _utf8_on and _utf8_off for tainted values dankogai/p5-encode#74 ! Encode.xs MANIFEST t/rt65541.t t/rt76824.t t/rt86327.t Pulled: Fix crash 'panic: sv_setpvn called with negative strlen' dankogai/p5-encode#73 ! Encode.xs MANIFEST t/rt113164.t Pulled: Fix crash caused by undefined behaviour between two sequence points dankogai/p5-encode#72 ! Encode.xs MANIFEST lib/Encode/CN/HZ.pm lib/Encode/Encoder.pm t/decode.t t/magic.t t/rt85489.t t/utf8ref.t Pulled: Fix handling of undef, ref, typeglob, UTF8, COW and magic scalar argument in all XS functions dankogai/p5-encode#70 ! Encode/_T.e2x t/at-cn.t t/at-tw.t t/enc_data.t t/enc_module.t t/encoding-locale.t t/encoding.t t/jperl.t t/mime-name.t t/undef.t Pulled: Fix unit tests dankogai/p5-encode#69 ! Encode.pm lib/Encode/MIME/Header.pm lib/Encode/MIME/Name.pm t/mime-header.t t/mime-name.t t/taint.t Pulled: Encode::MIME::Header clean up dankogai/p5-encode#68 ! Encode.xs Pulled: Generate CHECK value functions with newCONSTSUB() instead with direct XS dankogai/p5-encode#67 ! Encode.xs Pulled: Encode::utf8: Fix count of replacement characters for overflowed and overlong UTF-8 sequences dankogai/p5-encode#65 ! Encode.xs t/fallback.t t/utf8strict.t Pulled: Encode::utf8: Fix processing invalid UTF-8 subsequences dankogai/p5-encode#63 ! Encode.pm t/utf8ref.t Pulled: Fix return value of Encode::encode_utf8(undef) https://rt.cpan.org/Ticket/Display.html?id=116904 dankogai/p5-encode#62 2.86 2016/08/10 18:08:45 ! encoding.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t t/encoding.t t/jperl.t Fixed: #116196: [PATCH] Synchronize encoding.pm with blead https://rt.cpan.org/Ticket/Display.html?id=116196 ! Byte/Makefile.PL Patched: #111421: Won't build with statically built perls https://rt.cpan.org/Public/Bug/Display.html?id=111421 ! Encode.xs encoding.pm Pulled: Fixes for 5.8.x compilation failures dankogai/p5-encode#60 ! Encode.xs Patched: RT#116817 [PATCH] Avoid a C++ comment https://rt.cpan.org/Ticket/Display.html?id=116817 2.85 2016/08/04 03:15:58 ! Encode.pm bin/enc2xs bin/encguess bin/piconv bin/ucmlint bin/unidump Pulled: CVE-2016-1238: avoid loading optional modules from . dankogai/p5-encode#58 ! Encode.pm t/utf8warnings.t Pulled: Rethrow 'utf8' warnings in from_to as well #57 dankogai/p5-encode#57 ! Encode.xs Pulled and fixed: Encode::utf8: Performance optimization for strict UTF-8 encoder #56 dankogai/p5-encode#56 ! t/Encode.t s/use Test/use Test::More/ ! t/Encode.t t/decode.t Skip tests that pass typeglobs to decode if perl < v5.16 ! Encode.xs t/cow.t Patched: #115540 (from_to affecting COW strings) https://rt.cpan.org/Ticket/Display.html?id=115540 ! Encode.xs t/Encode.t t/decode.t Merged: RT#115168: [PATCH] Passing regex globals to decode() results in wrong result https://rt.cpan.org/Ticket/Display.html?id=115168 ! Makefile.pl Pulled: t/encoding-locale.t fails with Test::More@0.80 or before. dankogai/p5-encode#55 ! Encode.pm Pulled: In-place modifications made explicit in docs for encode(), decode() and decode_utf8() dankogai/p5-encode#54 2.84 2016/04/11 07:17:02 ! lib/Encode/MIME/Header.pm Pulled: Encode::MIME::Header: Update description that this module is only for unstructured header dankogai/p5-encode#53 ! lib/Encode/MIME/Header.pm t/mime-header.t Pulled: Encode::MIME::Header: Fix valid_q_chars, '-' needs to be escaped dankogai/p5-encode#52 Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
pali
added a commit
to pali/dbi
that referenced
this pull request
Jul 31, 2019
Macro ST(*) returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST(*) macro is invalid. Construction like this: ST(0) = dbd_db_login6_sv(dbh, imp_dbh, dbname, username, password, attribs) ? &PL_sv_yes : &PL_sv_no; where dbd_db_login6_sv() driver function calls eval may lead to reallocating Perl stack and therefore invalidating ST(0) pointer. So that construction would cause memory corruption as left part of assignment is resolved prior executing dbd_db_login6_sv() function. Correct way how to handle this problem: First call dbd_db_login6_sv() function and then call ST(0) to retrieve stack pointer. In this patch are fixes all occurrences of such constructions. When running perl under valgrind I got memory corruption in DBD::ODBC driver in that dbd_db_login6_sv() function due to above problem. Exactly same problem was present in Encode module which was fixed in pull request: dankogai/p5-encode#72
pali
added a commit
to pali/p5-encode
that referenced
this pull request
Oct 7, 2021
Pull request dankogai#72 fixed memory corruption but introduced a new memory leak as dst scalar is not mortal anymore and not every possible exit from every XS function properly release scalar's memory. Fix this memory leak by making dst scalar mortal again. To not re-introduce that memory corruption, first store dst scalar into temporary variable and then save it into stack via ST(0) macro.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Construction like this:
ST(0) = encode_method(aTHX_ enc, enc->f_utf8, src, check, NULL, Nullsv, NULL, fallback_cb);
with src = ST(1) and fallback_cb as subroutine which reallocate perl stack
leads to undefined behaviour when pointers to perl stack variables are
modified more times between two sequence points.
When that code is compiled under gcc 4.6 then at first is evaluated pointer
for ST(0), second is evaluation of encode_method() function and third is
assignment of return value. But encode_method() modified pointers to perl
stack variables and old pointer for ST(0) from first step does not have to
be correct...
With this patch ST(0) is not directly modified between two sequence points
but via temporary variable RETVAL. Tested under valgrind that memory
corruption disappeared.
Fixes bug: https://rt.cpan.org/Public/Bug/Display.html?id=113164