SOURCES: perl-5.8.7-bz172739_obz36521.patch (NEW), perl-5.8.7-bz17...
arekm
arekm at pld-linux.org
Fri Jan 20 15:08:57 CET 2006
Author: arekm Date: Fri Jan 20 14:08:57 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- new from FC5 dev
---- Files affected:
SOURCES:
perl-5.8.7-bz172739_obz36521.patch (NONE -> 1.1) (NEW), perl-5.8.7-bz172587.patch (NONE -> 1.1) (NEW), perl-5.8.7-bz172236.patch (NONE -> 1.1) (NEW), perl-5.8.7-CVE-2005-3962-bz174684.patch (NONE -> 1.1) (NEW), perl-5.8.7-CAN-2004-0976.patch (NONE -> 1.1) (NEW), perl-5.8.7-172396.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/perl-5.8.7-bz172739_obz36521.patch
diff -u /dev/null SOURCES/perl-5.8.7-bz172739_obz36521.patch:1.1
--- /dev/null Fri Jan 20 15:08:57 2006
+++ SOURCES/perl-5.8.7-bz172739_obz36521.patch Fri Jan 20 15:08:52 2006
@@ -0,0 +1,11 @@
+--- perl-5.8.7/util.c.25160 2005-05-30 08:44:15.000000000 -0400
++++ perl-5.8.7/util.c 2005-11-08 18:58:36.000000000 -0500
+@@ -1290,6 +1290,8 @@
+ SV *msg;
+
+ ENTER;
++ SAVESPTR(PL_warnhook);
++ PL_warnhook = Nullsv;
+ save_re_context();
+ msg = newSVpvn(message, msglen);
+ SvFLAGS(msg) |= utf8;
================================================================
Index: SOURCES/perl-5.8.7-bz172587.patch
diff -u /dev/null SOURCES/perl-5.8.7-bz172587.patch:1.1
--- /dev/null Fri Jan 20 15:08:57 2006
+++ SOURCES/perl-5.8.7-bz172587.patch Fri Jan 20 15:08:52 2006
@@ -0,0 +1,114 @@
+--- perl-5.8.7/pp_sort.c.bz172587 2005-04-08 05:31:47.000000000 -0400
++++ perl-5.8.7/pp_sort.c 2005-11-07 12:57:07.000000000 -0500
+@@ -1510,6 +1510,7 @@
+
+ if (gimme != G_ARRAY) {
+ SP = MARK;
++ EXTEND(SP,1);
+ RETPUSHUNDEF;
+ }
+
+--- perl-5.8.7/pp_hot.c.bz172587 2005-04-22 10:12:27.000000000 -0400
++++ perl-5.8.7/pp_hot.c 2005-11-07 12:55:16.000000000 -0500
+@@ -639,12 +639,12 @@
+ }
+ }
+ SP = ORIGMARK;
+- PUSHs(&PL_sv_yes);
++ XPUSHs(&PL_sv_yes);
+ RETURN;
+
+ just_say_no:
+ SP = ORIGMARK;
+- PUSHs(&PL_sv_undef);
++ XPUSHs(&PL_sv_undef);
+ RETURN;
+ }
+
+--- perl-5.8.7/pp_sys.c.bz172587 2005-04-27 18:12:46.000000000 -0400
++++ perl-5.8.7/pp_sys.c 2005-11-07 13:03:39.000000000 -0500
+@@ -429,13 +429,16 @@
+ SV *tmpsv;
+ char *tmps;
+ STRLEN len;
+- if (SP - MARK != 1) {
++ if (SP - MARK > 1) {
+ dTARGET;
+ do_join(TARG, &PL_sv_no, MARK, SP);
+ tmpsv = TARG;
+ SP = MARK + 1;
+- }
+- else {
++ }
++ else if (SP == MARK ) {
++ tmpsv = &PL_sv_no;
++ EXTEND(SP, 1);
++ } else {
+ tmpsv = TOPs;
+ }
+ tmps = SvPV(tmpsv, len);
+@@ -3517,7 +3520,7 @@
+ I32 value = (I32)apply(PL_op->op_type, MARK, SP);
+
+ SP = MARK;
+- PUSHi(value);
++ XPUSHi(value);
+ RETURN;
+ #else
+ DIE(aTHX_ PL_no_func, "chown");
+@@ -4127,7 +4130,7 @@
+ if (errno != EAGAIN) {
+ value = -1;
+ SP = ORIGMARK;
+- PUSHi(value);
++ XPUSHi(value);
+ if (did_pipes) {
+ PerlLIO_close(pp[0]);
+ PerlLIO_close(pp[1]);
+@@ -4176,7 +4179,7 @@
+ STATUS_CURRENT = -1;
+ }
+ }
+- PUSHi(STATUS_CURRENT);
++ XPUSHi(STATUS_CURRENT);
+ RETURN;
+ }
+ if (did_pipes) {
+@@ -4222,7 +4225,7 @@
+ STATUS_NATIVE_SET(value);
+ do_execfree();
+ SP = ORIGMARK;
+- PUSHi(result ? value : STATUS_CURRENT);
++ XPUSHi(result ? value : STATUS_CURRENT);
+ #endif /* !FORK or VMS */
+ RETURN;
+ }
+@@ -4275,7 +4278,7 @@
+ }
+
+ SP = ORIGMARK;
+- PUSHi(value);
++ XPUSHi(value);
+ RETURN;
+ }
+
+--- perl-5.8.7/pp.c.bz172587 2005-05-16 11:30:13.000000000 -0400
++++ perl-5.8.7/pp.c 2005-11-07 12:56:32.000000000 -0500
+@@ -721,7 +721,7 @@
+ while (MARK < SP)
+ do_chop(TARG, *++MARK);
+ SP = ORIGMARK;
+- PUSHTARG;
++ XPUSHTARG;
+ RETURN;
+ }
+
+@@ -739,7 +739,7 @@
+
+ while (SP > MARK)
+ count += do_chomp(POPs);
+- PUSHi(count);
++ XPUSHi(count);
+ RETURN;
+ }
+
================================================================
Index: SOURCES/perl-5.8.7-bz172236.patch
diff -u /dev/null SOURCES/perl-5.8.7-bz172236.patch:1.1
--- /dev/null Fri Jan 20 15:08:57 2006
+++ SOURCES/perl-5.8.7-bz172236.patch Fri Jan 20 15:08:52 2006
@@ -0,0 +1,21 @@
+--- perl-5.8.7/utils/h2ph.PL.bz172236 2005-04-04 17:47:17.000000000 -0400
++++ perl-5.8.7/utils/h2ph.PL 2005-11-01 17:42:36.000000000 -0500
+@@ -734,9 +734,15 @@
+ # non-GCC?) C compilers, but gcc uses an additional include directory.
+ sub inc_dirs
+ {
+- my $from_gcc = `$Config{cc} -v 2>&1`;
+- $from_gcc =~ s:^Reading specs from (.*?)/specs\b.*:$1/include:s;
+-
++ my $from_gcc = `LC_ALL=C $Config{cc} -v 2>&1`;
++ if( !( $from_gcc =~ s:^Reading specs from (.*?)/specs\b.*:$1/include:s ) )
++ { # gcc-4+ :
++ $from_gcc = `LC_ALL=C $Config{cc} -print-search-dirs 2>&1`;
++ if ( !($from_gcc =~ s/^install:\s*([^\s]+[^\s\/])([\s\/]*).*$/$1\/include/s) )
++ {
++ $from_gcc = '';
++ };
++ };
+ length($from_gcc) ? ($from_gcc, $Config{usrinc}) : ($Config{usrinc});
+ }
+
================================================================
Index: SOURCES/perl-5.8.7-CVE-2005-3962-bz174684.patch
diff -u /dev/null SOURCES/perl-5.8.7-CVE-2005-3962-bz174684.patch:1.1
--- /dev/null Fri Jan 20 15:08:57 2006
+++ SOURCES/perl-5.8.7-CVE-2005-3962-bz174684.patch Fri Jan 20 15:08:52 2006
@@ -0,0 +1,474 @@
+--- perl-5.8.7/t/lib/warnings/sv.CVE-2005-3962-bz174684 2004-03-18 07:51:14.000000000 -0500
++++ perl-5.8.7/t/lib/warnings/sv 2005-12-14 12:40:55.000000000 -0500
+@@ -301,12 +301,12 @@
+ printf F "%\x02" ;
+ $a = sprintf "%\x02" ;
+ EXPECT
+-Invalid conversion in sprintf: "%z" at - line 5.
+-Invalid conversion in sprintf: end of string at - line 7.
+-Invalid conversion in sprintf: "%\002" at - line 9.
+ Invalid conversion in printf: "%z" at - line 4.
++Invalid conversion in sprintf: "%z" at - line 5.
+ Invalid conversion in printf: end of string at - line 6.
++Invalid conversion in sprintf: end of string at - line 7.
+ Invalid conversion in printf: "%\002" at - line 8.
++Invalid conversion in sprintf: "%\002" at - line 9.
+ ########
+ # sv.c
+ use warnings 'misc' ;
+--- perl-5.8.7/t/op/sprintf.t.CVE-2005-3962-bz174684 2003-09-01 03:41:07.000000000 -0400
++++ perl-5.8.7/t/op/sprintf.t 2005-12-14 12:53:09.000000000 -0500
+@@ -385,3 +385,8 @@
+ >%4$K %d< >[45, 67]< >%4$K 45 INVALID<
+ >%d %K %d< >[23, 45]< >23 %K 45 INVALID<
+ >%*v*999\$d %d %d< >[11, 22, 33]< >%*v*999\$d 11 22 INVALID<
++>%#b< >0< >0<
++>%#o< >0< >0<
++>%#x< >0< >0<
++>%2918905856$v2d< >''< ><
++>%*2918905856$v2d< >''< > UNINIT<
+--- perl-5.8.7/t/op/sprintf2.t.CVE-2005-3962-bz174684 2004-02-09 16:37:13.000000000 -0500
++++ perl-5.8.7/t/op/sprintf2.t 2005-12-14 12:50:39.000000000 -0500
+@@ -6,7 +6,7 @@
+ require './test.pl';
+ }
+
+-plan tests => 3;
++plan tests => 7 + 256;
+
+ is(
+ sprintf("%.40g ",0.01),
+@@ -26,3 +26,43 @@
+ q(width calculation under utf8 upgrade)
+ );
+ }
++
++# Used to mangle PL_sv_undef
++fresh_perl_is(
++ 'print sprintf "xxx%n\n"; print undef',
++ 'Modification of a read-only value attempted at - line 1.',
++ { switches => [ '-w' ] },
++ q(%n should not be able to modify read-only constants),
++);
++
++# check %NNN$ for range bounds, especially negative 2's complement
++{
++ my ($warn, $bad) = (0,0);
++ local $SIG{__WARN__} = sub {
++ if ($_[0] =~ /uninitialized/) {
++ $warn++
++ }
++ else {
++ $bad++
++ }
++ };
++ my $result = sprintf join('', map("%$_\$s%" . ~$_ . '$s', 1..20)),
++ qw(a b c d);
++ is($result, "abcd", "only four valid values");
++ is($warn, 36, "expected warnings");
++ is($bad, 0, "unexpected warnings");
++}
++{
++ foreach my $ord (0 .. 255) {
++ my $bad = 0;
++ local $SIG{__WARN__} = sub {
++ unless ($_[0] =~ /^Invalid conversion in sprintf/ ||
++ $_[0] =~ /^Use of uninitialized value in sprintf/) {
++ warn $_[0];
++ $bad++;
++ }
++ };
++ my $r = eval {sprintf '%v' . chr $ord};
++ is ($bad, 0, "pattern '%v' . chr $ord");
++ }
++}
+--- perl-5.8.7/opcode.h.CVE-2005-3962-bz174684 2005-05-27 12:29:50.000000000 -0400
++++ perl-5.8.7/opcode.h 2005-12-14 12:40:55.000000000 -0500
+@@ -1585,7 +1585,7 @@
+ 0x0022281c, /* vec */
+ 0x0122291c, /* index */
+ 0x0122291c, /* rindex */
+- 0x0004280f, /* sprintf */
++ 0x0004280d, /* sprintf - WAS 0x0004280f before patch #26283 */
+ 0x00042805, /* formline */
+ 0x0001379e, /* ord */
+ 0x0001378e, /* chr */
+--- perl-5.8.7/op.c.CVE-2005-3962-bz174684 2005-04-22 10:12:32.000000000 -0400
++++ perl-5.8.7/op.c 2005-12-14 12:40:55.000000000 -0500
+@@ -2076,7 +2076,9 @@
+ /* XXX might want a ck_negate() for this */
+ cUNOPo->op_first->op_private &= ~OPpCONST_STRICT;
+ break;
+- case OP_SPRINTF:
++/* Removed as part of fix for CVE-2005-3962 / Upstream patch 26283 :
++ * case OP_SPRINTF:
++ */
+ case OP_UCFIRST:
+ case OP_LCFIRST:
+ case OP_UC:
+--- perl-5.8.7/makedef.pl.CVE-2005-3962-bz174684 2005-05-09 09:27:41.000000000 -0400
++++ perl-5.8.7/makedef.pl 2005-12-14 12:40:55.000000000 -0500
+@@ -635,11 +635,13 @@
+ )];
+ }
+
+-if ($define{'PERL_MALLOC_WRAP'}) {
+- emit_symbols [qw(
+- PL_memory_wrap
+- )];
+-}
++# Removed as part of fix for CVE-2005-3962 / CVE-2005-3962 /
++# Upstream patch #26283
++# if ($define{'PERL_MALLOC_WRAP'}) {
++# emit_symbols [qw(
++# PL_memory_wrap
++# )];
++#}
+
+ unless ($define{'USE_5005THREADS'} || $define{'USE_ITHREADS'}) {
+ skip_symbols [qw(
+--- perl-5.8.7/ext/Sys/Syslog/Syslog.pm.CVE-2005-3962-bz174684 2005-04-22 07:53:56.000000000 -0400
++++ perl-5.8.7/ext/Sys/Syslog/Syslog.pm 2005-12-14 12:40:55.000000000 -0500
+@@ -1,14 +1,13 @@
+ package Sys::Syslog;
+ require 5.006;
+ require Exporter;
+-require DynaLoader;
+ use Carp;
+ use strict;
+
+-our @ISA = qw(Exporter DynaLoader);
++our @ISA = qw(Exporter);
+ our @EXPORT = qw(openlog closelog setlogmask syslog);
+ our @EXPORT_OK = qw(setlogsock);
+-our $VERSION = '0.06';
++our $VERSION = '0.08';
+
+ # it would be nice to try stream/unix first, since that will be
+ # most efficient. However streams are dodgy - see _syslog_send_stream
+@@ -54,26 +53,38 @@
+
+ =item openlog $ident, $logopt, $facility
+
++Opens the syslog.
+ I<$ident> is prepended to every message. I<$logopt> contains zero or
+ more of the words I<pid>, I<ndelay>, I<nowait>. The cons option is
+ ignored, since the failover mechanism will drop down to the console
+ automatically if all other media fail. I<$facility> specifies the
+ part of the system to report about, for example LOG_USER or LOG_LOCAL0:
+ see your C<syslog(3)> documentation for the facilities available in
+-your system.
++your system. This function will croak if it can't connect to the syslog
++daemon.
+
+ B<You should use openlog() before calling syslog().>
+
++=item syslog $priority, $message
++
+ =item syslog $priority, $format, @args
+
+-If I<$priority> permits, logs I<($format, @args)>
+-printed as by C<printf(3V)>, with the addition that I<%m>
+-is replaced with C<"$!"> (the latest error message).
++If I<$priority> permits, logs I<$message> or I<sprintf($format, @args)>
++with the addition that I<%m> in $message or $format is replaced with
++C<"$!"> (the latest error message).
+
+ If you didn't use openlog() before using syslog(), syslog will try to
+ guess the I<$ident> by extracting the shortest prefix of I<$format>
+ that ends in a ":".
+
++Note that Sys::Syslog version v0.07 and older passed the $message as
++the formatting string to sprintf() even when no formatting arguments
++were provided. If the code calling syslog() might execute with older
++versions of this module, make sure to call the function as
++syslog($priority, "%s", $message) instead of syslog($priority,
++$message). This protects against hostile formatting sequences that
++might show up if $message contains tainted data.
++
+ =item setlogmask $mask_priority
+
+ Sets log mask I<$mask_priority> and returns the old mask.
+@@ -175,7 +186,8 @@
+ goto &$AUTOLOAD;
+ }
+
+-bootstrap Sys::Syslog $VERSION;
++require XSLoader;
++XSLoader::load('Sys::Syslog', $VERSION);
+
+ our $maskpri = &LOG_UPTO(&LOG_DEBUG);
+
+@@ -316,9 +328,16 @@
+
+ $whoami .= "[$$]" if our $lo_pid;
+
+- $mask =~ s/(?<!%)%m/$!/g;
++ if ($mask =~ /%m/) {
++ my $err = $!;
++ # escape percent signs if sprintf will be called
++ $err =~ s/%/%%/g if @_;
++ # replace %m with $err, if preceded by an even number of percent signs
++ $mask =~ s/(?<!%)((?:%%)*)%m/$1$err/g;
++ }
++
+ $mask .= "\n" unless $mask =~ /\n$/;
+- $message = sprintf ($mask, @_);
++ $message = @_ ? sprintf($mask, @_) : $mask;
+
+ $sum = $numpri + $numfac;
+ my $buf = "<$sum>$whoami: $message\0";
+--- perl-5.8.7/opcode.pl.CVE-2005-3962-bz174684 2004-12-01 08:54:30.000000000 -0500
++++ perl-5.8.7/opcode.pl 2005-12-14 12:40:55.000000000 -0500
+@@ -606,7 +606,7 @@
+ index index ck_index isT@ S S S?
+ rindex rindex ck_index isT@ S S S?
+
+-sprintf sprintf ck_fun mfst@ S L
++sprintf sprintf ck_fun mst@ S L
+ formline formline ck_fun ms@ S L
+ ord ord ck_fun ifsTu% S?
+ chr chr ck_fun fsTu% S?
+--- perl-5.8.7/handy.h.CVE-2005-3962-bz174684 2005-04-20 12:33:28.000000000 -0400
++++ perl-5.8.7/handy.h 2005-12-14 12:40:55.000000000 -0500
+@@ -598,91 +598,65 @@
+
+ =cut */
+
+-#ifndef lint
+-
+ #define NEWSV(x,len) newSV(len)
+
+ #ifdef PERL_MALLOC_WRAP
+ #define MEM_WRAP_CHECK(n,t) \
+- (void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(PL_memory_wrap),0):0)
++ (void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(PL_memory_wrap),0):0)
+ #define MEM_WRAP_CHECK_1(n,t,a) \
+- (void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a),0):0)
++ (void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a),0):0)
+ #define MEM_WRAP_CHECK_2(n,t,a,b) \
+- (void)((n)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a,b),0):0)
++ (void)((sizeof(t)>1?(n):1)>((MEM_SIZE)~0)/sizeof(t)?(Perl_croak_nocontext(a,b),0):0)
++#define MEM_WRAP_CHECK_(n,t) MEM_WRAP_CHECK(n,t),
+
+-#define New(x,v,n,t) (v = (MEM_WRAP_CHECK(n,t), (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
+-#define Newc(x,v,n,t,c) (v = (MEM_WRAP_CHECK(n,t), (c*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
+-#define Newz(x,v,n,t) (v = (MEM_WRAP_CHECK(n,t), (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))), \
+- memzero((char*)(v), (n)*sizeof(t))
+-#define Renew(v,n,t) \
+- (v = (MEM_WRAP_CHECK(n,t), (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
+-#define Renewc(v,n,t,c) \
+- (v = (MEM_WRAP_CHECK(n,t), (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
+-#define Safefree(d) safefree((Malloc_t)(d))
+-
+-#define Move(s,d,n,t) (MEM_WRAP_CHECK(n,t), (void)memmove((char*)(d),(char*)(s), (n) * sizeof(t)))
+-#define Copy(s,d,n,t) (MEM_WRAP_CHECK(n,t), (void)memcpy((char*)(d),(char*)(s), (n) * sizeof(t)))
+-#define Zero(d,n,t) (MEM_WRAP_CHECK(n,t), (void)memzero((char*)(d), (n) * sizeof(t)))
+-
+-#define MoveD(s,d,n,t) (MEM_WRAP_CHECK(n,t), memmove((char*)(d),(char*)(s), (n) * sizeof(t)))
+-#define CopyD(s,d,n,t) (MEM_WRAP_CHECK(n,t), memcpy((char*)(d),(char*)(s), (n) * sizeof(t)))
+-#ifdef HAS_MEMSET
+-#define ZeroD(d,n,t) (MEM_WRAP_CHECK(n,t), memzero((char*)(d), (n) * sizeof(t)))
+-#else
+-/* Using bzero(), which returns void. */
+-#define ZeroD(d,n,t) (MEM_WRAP_CHECK(n,t), memzero((char*)(d), (n) * sizeof(t)),d)
+-#endif
+-
+-#define Poison(d,n,t) (MEM_WRAP_CHECK(n,t), (void)memset((char*)(d), 0xAB, (n) * sizeof(t)))
++#define PERL_STRLEN_ROUNDUP(n) ((void)(((n) > (MEM_SIZE)~0 - 2 * PERL_STRLEN_ROUNDUP_QUANTUM) ? (Perl_croak_nocontext(PL_memory_wrap),0):0),((n-1+PERL_STRLEN_ROUNDUP_QUANTUM)&~((MEM_SIZE)PERL_STRLEN_ROUNDUP_QUANTUM-1)))
+
+ #else
+
+ #define MEM_WRAP_CHECK(n,t)
+ #define MEM_WRAP_CHECK_1(n,t,a)
+ #define MEM_WRAP_CHECK_2(n,t,a,b)
++#define MEM_WRAP_CHECK_(n,t)
++
++#define PERL_STRLEN_ROUNDUP(n) (((n-1+PERL_STRLEN_ROUNDUP_QUANTUM)&~((MEM_SIZE)PERL_STRLEN_ROUNDUP_QUANTUM-1)))
+
+-#define New(x,v,n,t) (v = (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))
+-#define Newc(x,v,n,t,c) (v = (c*)safemalloc((MEM_SIZE)((n)*sizeof(t))))
+-#define Newz(x,v,n,t) (v = (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))), \
++#endif
++
++#define Newx(v,n,t) (v = (MEM_WRAP_CHECK_(n,t) (t*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
++#define Newxc(v,n,t,c) (v = (MEM_WRAP_CHECK_(n,t) (c*)safemalloc((MEM_SIZE)((n)*sizeof(t)))))
++#define Newxz(v,n,t) (v = (MEM_WRAP_CHECK_(n,t) (t*)safemalloc((MEM_SIZE)((n)*sizeof(t))))), \
+ memzero((char*)(v), (n)*sizeof(t))
++/* pre 5.9.x compatibility */
++#define New(x,v,n,t) Newx(v,n,t)
++#define Newc(x,v,n,t,c) Newxc(v,n,t,c)
++#define Newz(x,v,n,t) Newxz(v,n,t)
++
+ #define Renew(v,n,t) \
+- (v = (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t))))
++ (v = (MEM_WRAP_CHECK_(n,t) (t*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
+ #define Renewc(v,n,t,c) \
+- (v = (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t))))
+-#define Safefree(d) safefree((Malloc_t)(d))
+-
+-#define Move(s,d,n,t) (void)memmove((char*)(d),(char*)(s), (n) * sizeof(t))
+-#define Copy(s,d,n,t) (void)memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
+-#define Zero(d,n,t) (void)memzero((char*)(d), (n) * sizeof(t))
++ (v = (MEM_WRAP_CHECK_(n,t) (c*)saferealloc((Malloc_t)(v),(MEM_SIZE)((n)*sizeof(t)))))
+
+-#define MoveD(s,d,n,t) memmove((char*)(d),(char*)(s), (n) * sizeof(t))
+-#define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
+-#ifdef HAS_MEMSET
+-#define ZeroD(d,n,t) memzero((char*)(d), (n) * sizeof(t))
++#ifdef PERL_POISON
++#define Safefree(d) \
++ (d ? (void)(safefree((Malloc_t)(d)), Poison(&(d), 1, Malloc_t)) : (void) 0)
+ #else
+-#define ZeroD(d,n,t) ((void)memzero((char*)(d), (n) * sizeof(t)),d)
++#define Safefree(d) safefree((Malloc_t)(d))
+ #endif
+
+-#define Poison(d,n,t) (void)memset((char*)(d), 0xAB, (n) * sizeof(t))
++#define Move(s,d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memmove((char*)(d),(const char*)(s), (n) * sizeof(t)))
++#define Copy(s,d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memcpy((char*)(d),(const char*)(s), (n) * sizeof(t)))
++#define Zero(d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memzero((char*)(d), (n) * sizeof(t)))
+
++#define MoveD(s,d,n,t) (MEM_WRAP_CHECK_(n,t) memmove((char*)(d),(const char*)(s), (n) * sizeof(t)))
++#define CopyD(s,d,n,t) (MEM_WRAP_CHECK_(n,t) memcpy((char*)(d),(const char*)(s), (n) * sizeof(t)))
++#ifdef HAS_MEMSET
++#define ZeroD(d,n,t) (MEM_WRAP_CHECK_(n,t) memzero((char*)(d), (n) * sizeof(t)))
++#else
++/* Using bzero(), which returns void. */
++#define ZeroD(d,n,t) (MEM_WRAP_CHECK_(n,t) memzero((char*)(d), (n) * sizeof(t)),d)
+ #endif
+
+-#else /* lint */
+-
+-#define New(x,v,n,s) (v = Null(s *))
+-#define Newc(x,v,n,s,c) (v = Null(s *))
+-#define Newz(x,v,n,s) (v = Null(s *))
+-#define Renew(v,n,s) (v = Null(s *))
+-#define Move(s,d,n,t)
+-#define Copy(s,d,n,t)
+-#define Zero(d,n,t)
+-#define MoveD(s,d,n,t) d
+-#define CopyD(s,d,n,t) d
+-#define ZeroD(d,n,t) d
+-#define Poison(d,n,t)
+-#define Safefree(d) (d) = (d)
+-
+-#endif /* lint */
++#define Poison(d,n,t) (MEM_WRAP_CHECK_(n,t) (void)memset((char*)(d), 0xAB, (n) * sizeof(t)))
+
+ #ifdef USE_STRUCT_COPY
+ #define StructCopy(s,d,t) (*((t*)(d)) = *((t*)(s)))
+--- perl-5.8.7/perl.h.CVE-2005-3962-bz174684 2005-12-14 12:40:55.000000000 -0500
++++ perl-5.8.7/perl.h 2005-12-14 12:40:55.000000000 -0500
+@@ -720,6 +720,13 @@
+
+ #define MEM_SIZE Size_t
+
++/* Round all values passed to malloc up, by default to a multiple of
++ sizeof(size_t)
++*/
++#ifndef PERL_STRLEN_ROUNDUP_QUANTUM
++#define PERL_STRLEN_ROUNDUP_QUANTUM Size_t_size
++#endif
++
+ #if defined(STANDARD_C) && defined(I_STDDEF)
+ # include <stddef.h>
+ # define STRUCT_OFFSET(s,m) offsetof(s,m)
+@@ -3332,10 +3339,8 @@
+ INIT("\"my\" variable %s can't be in a package");
+ EXTCONST char PL_no_localize_ref[]
+ INIT("Can't localize through a reference");
+-#ifdef PERL_MALLOC_WRAP
+ EXTCONST char PL_memory_wrap[]
+ INIT("panic: memory wrap");
+-#endif
+
+ EXTCONST char PL_uuemap[65]
+ INIT("`!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_");
+--- perl-5.8.7/sv.c.CVE-2005-3962-bz174684 2005-05-27 06:38:11.000000000 -0400
++++ perl-5.8.7/sv.c 2005-12-14 12:48:45.000000000 -0500
+@@ -8589,9 +8589,12 @@
+ if (vectorarg) {
+ if (args)
+ vecsv = va_arg(*args, SV*);
+- else
+- vecsv = (evix ? evix <= svmax : svix < svmax) ?
+- svargs[evix ? evix-1 : svix++] : &PL_sv_undef;
++ else if (evix) {
++ vecsv = (evix > 0 && evix <= svmax)
++ ? svargs[evix-1] : &PL_sv_undef;
++ } else {
++ vecsv = svix < svmax ? svargs[svix++] : &PL_sv_undef;
++ }
+ dotstr = SvPVx(vecsv, dotstrlen);
+ if (DO_UTF8(vecsv))
+ is_utf8 = TRUE;
+@@ -8601,12 +8604,13 @@
+ vecstr = (U8*)SvPVx(vecsv,veclen);
+ vec_utf8 = DO_UTF8(vecsv);
+ }
+- else if (efix ? efix <= svmax : svix < svmax) {
++ else if (efix ? (efix > 0 && efix <= svmax) : svix < svmax) {
+ vecsv = svargs[efix ? efix-1 : svix++];
+ vecstr = (U8*)SvPVx(vecsv,veclen);
+ vec_utf8 = DO_UTF8(vecsv);
+ }
+ else {
++ vecsv = &PL_sv_undef;
+ vecstr = (U8*)"";
+ veclen = 0;
+ }
+@@ -8707,9 +8711,15 @@
+
+ if (vectorize)
+ argsv = vecsv;
+- else if (!args)
+- argsv = (efix ? efix <= svmax : svix < svmax) ?
+- svargs[efix ? efix-1 : svix++] : &PL_sv_undef;
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list