search

Perl / perl5

🐪 The Perl programming language
https://dev.perl.org/perl5/
Other
1.96k stars 555 forks source link

[PATCH] Copy&paste List::Util BOOT bug, reading past 2 bytes [rt.cpan.org #72700] #11770

Closed p5pRT closed 12 years ago

p5pRT commented 12 years ago

Migrated from rt.perl.org#104462 (status was 'rejected')

Searchable as RT104462$

p5pRT commented 12 years ago

From @rurban

This is a bug report for perl from rurban@​cpan.org\, generated with the help of perlbug 1.39 running under perl 5.15.5.

See http​://blogs.perl.org/users/rurban/2011/11/adventures-with-clang-and-asan.html how I found these and many more invalid memory read+write bugs with clang and Google ASan.

This does not look security relevant to me.

cpan/List-Util/ListUtil.xs | 2 +- 1 files changed\, 1 insertions(+)\, 1 deletions(-)

Flags​:   category=library   severity=high   module=List​::Util

This perlbug was built using Perl 5.15.5 - Mon Nov 21 11​:51​:57 CST 2011 It is being executed now by Perl 5.15.5 - Wed Nov 23 15​:43​:38 CST 2011.

Site configuration information for perl 5.15.5​:

Configured by rurban at Wed Nov 23 15​:43​:38 CST 2011.

Summary of my perl5 (revision 5 version 15 subversion 5) configuration​:   Derived from​: a7d2e0de32269f812d90519e6c9c554b40df8dca   Platform​:   osname=linux\, osvers=3.0.0-1-amd64\, archname=x86_64-linux-debug-asan@​a7d2e0   uname='linux reini 3.0.0-1-amd64 #1 smp sun jul 24 02​:24​:44 utc 2011 x86_64 gnulinux '   config_args='-de -Dusedevel -Dinstallman1dir=none -Dinstallman3dir=none -Dinstallsiteman1dir=none -Dinstallsiteman3dir=none -Dmksymlinks -DEBUGGING -Doptimize=-g3 -Uuseithreads -D'cc=/home/rurban/Software/address-sanitizer/clang_build_Linux/Release+Asserts/bin/clang' -A'ccflags=-faddress-sanitizer' -A'ldflags=-g3\ -O2\ -faddress-sanitizer' -Dcf_email='rurban@​cpanel.net' -Dperladmin='rurban@​cpanel.net' -Duseshrplib'   hint=recommended\, useposix=true\, d_sigaction=define   useithreads=undef\, usemultiplicity=undef   useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef   use64bitint=define\, use64bitall=define\, uselongdouble=undef   usemymalloc=n\, bincompat5005=undef   Compiler​:   cc='/home/rurban/Software/address-sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ccflags ='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'\,   optimize='-g3 -O2'\,   cppflags='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include'   ccversion=''\, gccversion='4.2.1 Compatible Clang 3.1 (trunk)'\, gccosandvers=''   intsize=4\, longsize=8\, ptrsize=8\, doublesize=8\, byteorder=12345678   d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=16   ivtype='long'\, ivsize=8\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8   alignbytes=8\, prototype=define   Linker and Libraries​:   ld='/home/rurban/Software/address-sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ldflags =' -g3 -O2 -faddress-sanitizer -fstack-protector -L/usr/local/lib'   libpth=/usr/local/lib /lib /usr/lib /usr/lib/x86_64-linux-gnu /lib64 /usr/lib64   libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat   perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc   libc=\, so=so\, useshrplib=true\, libperl=libperl.so   gnulibc_version='2.13'   Dynamic Linking​:   dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-Wl\,-E -Wl\,-rpath\,/usr/local/lib/perl5/5.15.5/x86_64-linux-debug-asan@​a7d2e0/CORE'   cccdlflags='-fPIC'\, lddlflags='-shared -g3 -L/usr/local/lib -fstack-protector'

Locally applied patches​:

@​INC for perl 5.15.5​:   lib   /usr/local/lib/perl5/site_perl/5.15.5/x86_64-linux-debug-asan@​a7d2e0   /usr/local/lib/perl5/site_perl/5.15.5   /usr/local/lib/perl5/5.15.5/x86_64-linux-debug-asan@​a7d2e0   /usr/local/lib/perl5/5.15.5   /usr/local/lib/perl5/site_perl   .

Environment for perl 5.15.5​:   HOME=/home/rurban   LANG=en_US.utf8   LANGUAGE (unset)   LD_LIBRARY_PATH=/home/rurban/Perl/src/build-5.15.5d-nt-asan@​a7d2e0   LOGDIR (unset)   PATH=/home/rurban/bin​:/home/rurban/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/local/games​:/usr/games   PERL_BADLANG (unset)   SHELL=/bin/bash

-- Reini Urban http​://cpanel.net/   http​://www.perl-compiler.org/

p5pRT commented 12 years ago

From @rurban

0001-Copy-paste-List-Util-BOOT-bug-reading-past-2-bytes.patch ```diff From fcda72764b78c8512a04347f3f18fb7549582f0a Mon Sep 17 00:00:00 2001 From: Reini Urban Date: Wed, 23 Nov 2011 18:10:26 -0600 Subject: [PATCH] Copy&paste List::Util BOOT bug, reading past 2 bytes MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------1.7.5.4" This is a multi-part message in MIME format. --------------1.7.5.4 Content-Type: text/plain; charset=UTF-8; format=fixed Content-Transfer-Encoding: 8bit See http://blogs.perl.org/users/rurban/2011/11/adventures-with-clang-and-asan.html how I found these and many more invalid memory read+write bugs with clang and Google ASan. This does not look security relevant to me. --- cpan/List-Util/ListUtil.xs | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --------------1.7.5.4 Content-Type: text/x-patch; name="0001-Copy-paste-List-Util-BOOT-bug-reading-past-2-bytes.patch" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="0001-Copy-paste-List-Util-BOOT-bug-reading-past-2-bytes.patch" diff --git a/cpan/List-Util/ListUtil.xs b/cpan/List-Util/ListUtil.xs index 7da9b95..eacdde4 100644 --- a/cpan/List-Util/ListUtil.xs +++ b/cpan/List-Util/ListUtil.xs @@ -595,7 +595,7 @@ BOOT: varav = GvAVn(vargv); #endif if (SvTYPE(rmcgv) != SVt_PVGV) - gv_init(rmcgv, lu_stash, "List::Util", 12, TRUE); + gv_init(rmcgv, lu_stash, "List::Util", 10, TRUE); rmcsv = GvSVn(rmcgv); #ifndef SvWEAKREF av_push(varav, newSVpv("weaken",6)); --------------1.7.5.4-- ```
p5pRT commented 12 years ago

From @cpansprout

CPAN is upstream for List​::Util. I’m forwarding it there.

On Wed Nov 23 16​:50​:18 2011\, rurban wrote​:

This is a bug report for perl from rurban@​cpan.org\, generated with the help of perlbug 1.39 running under perl 5.15.5.

See http​://blogs.perl.org/users/rurban/2011/11/adventures-with-clang- and-asan.html how I found these and many more invalid memory read+write bugs with clang and Google ASan.

This does not look security relevant to me. --- cpan/List-Util/ListUtil.xs | 2 +- 1 files changed\, 1 insertions(+)\, 1 deletions(-) --- Flags​: category=library severity=high module=List​::Util --- This perlbug was built using Perl 5.15.5 - Mon Nov 21 11​:51​:57 CST 2011 It is being executed now by Perl 5.15.5 - Wed Nov 23 15​:43​:38 CST 2011.

Site configuration information for perl 5.15.5​:

Configured by rurban at Wed Nov 23 15​:43​:38 CST 2011.

Summary of my perl5 (revision 5 version 15 subversion 5) configuration​: Derived from​: a7d2e0de32269f812d90519e6c9c554b40df8dca Platform​: osname=linux\, osvers=3.0.0-1-amd64\, archname=x86_64-linux-debug- asan@​a7d2e0 uname='linux reini 3.0.0-1-amd64 #1 smp sun jul 24 02​:24​:44 utc 2011 x86_64 gnulinux ' config_args='-de -Dusedevel -Dinstallman1dir=none -Dinstallman3dir=none -Dinstallsiteman1dir=none -Dinstallsiteman3dir=none -Dmksymlinks -DEBUGGING -Doptimize=-g3 -Uuseithreads

-D'cc=/home/rurban/Software/address-sanitizer/clang_build_Linux/Release+Asserts/bin/clang' -A'ccflags=-faddress-sanitizer' -A'ldflags=-g3\ -O2\ -faddress-sanitizer' -Dcf_email='rurban@​cpanel.net' -Dperladmin='rurban@​cpanel.net' -Duseshrplib' hint=recommended\, useposix=true\, d_sigaction=define useithreads=undef\, usemultiplicity=undef useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef use64bitint=define\, use64bitall=define\, uselongdouble=undef usemymalloc=n\, bincompat5005=undef Compiler​: cc='/home/rurban/Software/address- sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ccflags ='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'\, optimize='-g3 -O2'\, cppflags='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion=''\, gccversion='4.2.1 Compatible Clang 3.1 (trunk)'\, gccosandvers='' intsize=4\, longsize=8\, ptrsize=8\, doublesize=8\, byteorder=12345678 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=16 ivtype='long'\, ivsize=8\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8 alignbytes=8\, prototype=define Linker and Libraries​: ld='/home/rurban/Software/address- sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ldflags =' -g3 -O2 -faddress-sanitizer -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /usr/lib/x86_64-linux-gnu /lib64 /usr/lib64 libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc libc=\, so=so\, useshrplib=true\, libperl=libperl.so gnulibc_version='2.13' Dynamic Linking​: dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-Wl\,-E

-Wl\,-rpath\,/usr/local/lib/perl5/5.15.5/x86_64-linux-debug-asan@​a7d2e0/CORE' cccdlflags='-fPIC'\, lddlflags='-shared -g3 -L/usr/local/lib -fstack-protector'

Locally applied patches​:

--- @​INC for perl 5.15.5​: lib /usr/local/lib/perl5/site_perl/5.15.5/x86_64-linux-debug- asan@​a7d2e0 /usr/local/lib/perl5/site_perl/5.15.5 /usr/local/lib/perl5/5.15.5/x86_64-linux-debug-asan@​a7d2e0 /usr/local/lib/perl5/5.15.5 /usr/local/lib/perl5/site_perl .

--- Environment for perl 5.15.5​: HOME=/home/rurban LANG=en_US.utf8 LANGUAGE (unset) LD_LIBRARY_PATH=/home/rurban/Perl/src/build-5.15.5d-nt-asan@​a7d2e0 LOGDIR (unset)

PATH=/home/rurban/bin​:/home/rurban/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/local/games​:/usr/games PERL_BADLANG (unset) SHELL=/bin/bash

--

Father Chrysostomos

p5pRT commented 12 years ago

The RT System itself - Status changed from 'new' to 'open'

p5pRT commented 12 years ago

@cpansprout - Status changed from 'open' to 'rejected'

p5pRT commented 12 years ago

From @tsee

List​::Util patches should go to the Scalar-List-Util RT queue on CPAN​:

  'Scalar-List-Utils' =>   {   'MAINTAINER' => 'gbarr'\,   'DISTRIBUTION' => 'GBARR/Scalar-List-Utils-1.23.tar.gz'\,   # Note that perl uses its own version of Makefile.PL   'FILES' => q[cpan/List-Util]\,   'EXCLUDED' => [ qr{^inc/Module/}\,   qr{^inc/Test/}\,   qw{ mytypemap }\,   ]\,   'UPSTREAM' => 'cpan'\,   }\,

Forwarding this.

Cheers\, Steffen

On 11/24/2011 01​:50 AM\, Reini Urban wrote​:

# New Ticket Created by Reini Urban # Please include the string​: [perl #104462] # in the subject line of all future correspondence about this issue. #\<URL​: https://rt-archive.perl.org/perl5/Ticket/Display.html?id=104462>

This is a bug report for perl from rurban@​cpan.org\, generated with the help of perlbug 1.39 running under perl 5.15.5.

See http​://blogs.perl.org/users/rurban/2011/11/adventures-with-clang-and-asan.html how I found these and many more invalid memory read+write bugs with clang and Google ASan.

This does not look security relevant to me. --- cpan/List-Util/ListUtil.xs | 2 +- 1 files changed\, 1 insertions(+)\, 1 deletions(-) --- Flags​: category=library severity=high module=List​::Util --- This perlbug was built using Perl 5.15.5 - Mon Nov 21 11​:51​:57 CST 2011 It is being executed now by Perl 5.15.5 - Wed Nov 23 15​:43​:38 CST 2011.

Site configuration information for perl 5.15.5​:

Configured by rurban at Wed Nov 23 15​:43​:38 CST 2011.

Summary of my perl5 (revision 5 version 15 subversion 5) configuration​: Derived from​: a7d2e0de32269f812d90519e6c9c554b40df8dca Platform​: osname=linux\, osvers=3.0.0-1-amd64\, archname=x86_64-linux-debug-asan@​a7d2e0 uname='linux reini 3.0.0-1-amd64 #1 smp sun jul 24 02​:24​:44 utc 2011 x86_64 gnulinux ' config_args='-de -Dusedevel -Dinstallman1dir=none -Dinstallman3dir=none -Dinstallsiteman1dir=none -Dinstallsiteman3dir=none -Dmksymlinks -DEBUGGING -Doptimize=-g3 -Uuseithreads -D'cc=/home/rurban/Software/address-sanitizer/clang_build_Linux/Release+Asserts/bin/clang' -A'ccflags=-faddress-sanitizer' -A'ldflags=-g3\ -O2\ -faddress-sanitizer' -Dcf_email='rurban@​cpanel.net' -Dperladmin='rurban@​cpanel.net' -Duseshrplib' hint=recommended\, useposix=true\, d_sigaction=define useithreads=undef\, usemultiplicity=undef useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef use64bitint=define\, use64bitall=define\, uselongdouble=undef usemymalloc=n\, bincompat5005=undef Compiler​: cc='/home/rurban/Software/address-sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ccflags ='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'\, optimize='-g3 -O2'\, cppflags='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion=''\, gccversion='4.2.1 Compatible Clang 3.1 (trunk)'\, gccosandvers='' intsize=4\, longsize=8\, ptrsize=8\, doublesize=8\, byteorder=12345678 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=16 ivtype='long'\, ivsize=8\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8 alignbytes=8\, prototype=define Linker and Libraries​: ld='/home/rurban/Software/address-sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ldflags =' -g3 -O2 -faddress-sanitizer -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /usr/lib/x86_64-linux-gnu /lib64 /usr/lib64 libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc libc=\, so=so\, useshrplib=true\, libperl=libperl.so gnulibc_version='2.13' Dynamic Linking​: dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-Wl\,-E -Wl\,-rpath\,/usr/local/lib/perl5/5.15.5/x86_64-linux-debug-asan@​a7d2e0/CORE' cccdlflags='-fPIC'\, lddlflags='-shared -g3 -L/usr/local/lib -fstack-protector'

Locally applied patches​:

--- @​INC for perl 5.15.5​: lib /usr/local/lib/perl5/site_perl/5.15.5/x86_64-linux-debug-asan@​a7d2e0 /usr/local/lib/perl5/site_perl/5.15.5 /usr/local/lib/perl5/5.15.5/x86_64-linux-debug-asan@​a7d2e0 /usr/local/lib/perl5/5.15.5 /usr/local/lib/perl5/site_perl .

--- Environment for perl 5.15.5​: HOME=/home/rurban LANG=en_US.utf8 LANGUAGE (unset) LD_LIBRARY_PATH=/home/rurban/Perl/src/build-5.15.5d-nt-asan@​a7d2e0 LOGDIR (unset) PATH=/home/rurban/bin​:/home/rurban/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr/local/games​:/usr/games PERL_BADLANG (unset) SHELL=/bin/bash

p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

What's up? Still a critical CORE bug with a patch. May I take over?

On Thu Nov 24 11​:17​:33 2011\, perlbug-followup@​perl.org wrote​:

CPAN is upstream for List​::Util. I’m forwarding it there.

On Wed Nov 23 16​:50​:18 2011\, rurban wrote​:

This is a bug report for perl from rurban@​cpan.org\, generated with the help of perlbug 1.39 running under perl 5.15.5.

See http​://blogs.perl.org/users/rurban/2011/11/adventures-with- clang- and-asan.html how I found these and many more invalid memory read+write bugs with clang and Google ASan.

This does not look security relevant to me. --- cpan/List-Util/ListUtil.xs | 2 +- 1 files changed\, 1 insertions(+)\, 1 deletions(-) --- Flags​: category=library severity=high module=List​::Util --- This perlbug was built using Perl 5.15.5 - Mon Nov 21 11​:51​:57 CST 2011 It is being executed now by Perl 5.15.5 - Wed Nov 23 15​:43​:38 CST 2011.

Site configuration information for perl 5.15.5​:

Configured by rurban at Wed Nov 23 15​:43​:38 CST 2011.

Summary of my perl5 (revision 5 version 15 subversion 5) configuration​: Derived from​: a7d2e0de32269f812d90519e6c9c554b40df8dca Platform​: osname=linux\, osvers=3.0.0-1-amd64\, archname=x86_64-linux-debug- asan@​a7d2e0 uname='linux reini 3.0.0-1-amd64 #1 smp sun jul 24 02​:24​:44 utc 2011 x86_64 gnulinux ' config_args='-de -Dusedevel -Dinstallman1dir=none -Dinstallman3dir=none -Dinstallsiteman1dir=none -Dinstallsiteman3dir=none -Dmksymlinks -DEBUGGING -Doptimize=-g3 -Uuseithreads

-D'cc=/home/rurban/Software/address- sanitizer/clang_build_Linux/Release+Asserts/bin/clang' -A'ccflags=-faddress-sanitizer' -A'ldflags=-g3\ -O2\ -faddress-sanitizer' -Dcf_email='rurban@​cpanel.net' -Dperladmin='rurban@​cpanel.net' -Duseshrplib' hint=recommended\, useposix=true\, d_sigaction=define useithreads=undef\, usemultiplicity=undef useperlio=define\, d_sfio=undef\, uselargefiles=define\, usesocks=undef use64bitint=define\, use64bitall=define\, uselongdouble=undef usemymalloc=n\, bincompat5005=undef Compiler​: cc='/home/rurban/Software/address- sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ccflags ='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'\, optimize='-g3 -O2'\, cppflags='-faddress-sanitizer -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include' ccversion=''\, gccversion='4.2.1 Compatible Clang 3.1 (trunk)'\, gccosandvers='' intsize=4\, longsize=8\, ptrsize=8\, doublesize=8\, byteorder=12345678 d_longlong=define\, longlongsize=8\, d_longdbl=define\, longdblsize=16 ivtype='long'\, ivsize=8\, nvtype='double'\, nvsize=8\, Off_t='off_t'\, lseeksize=8 alignbytes=8\, prototype=define Linker and Libraries​: ld='/home/rurban/Software/address- sanitizer/clang_build_Linux/Release+Asserts/bin/clang'\, ldflags =' -g3 -O2 -faddress-sanitizer -fstack-protector -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib /usr/lib/x86_64-linux-gnu /lib64 /usr/lib64 libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc -lgdbm_compat perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc libc=\, so=so\, useshrplib=true\, libperl=libperl.so gnulibc_version='2.13' Dynamic Linking​: dlsrc=dl_dlopen.xs\, dlext=so\, d_dlsymun=undef\, ccdlflags='-Wl\,-E

-Wl\,-rpath\,/usr/local/lib/perl5/5.15.5/x86_64-linux-debug- asan@​a7d2e0/CORE' cccdlflags='-fPIC'\, lddlflags='-shared -g3 -L/usr/local/lib -fstack-protector'

Locally applied patches​:

--- @​INC for perl 5.15.5​: lib /usr/local/lib/perl5/site_perl/5.15.5/x86_64-linux-debug- asan@​a7d2e0 /usr/local/lib/perl5/site_perl/5.15.5 /usr/local/lib/perl5/5.15.5/x86_64-linux-debug-asan@​a7d2e0 /usr/local/lib/perl5/5.15.5 /usr/local/lib/perl5/site_perl .

--- Environment for perl 5.15.5​: HOME=/home/rurban LANG=en_US.utf8 LANGUAGE (unset) LD_LIBRARY_PATH=/home/rurban/Perl/src/build-5.15.5d-nt- asan@​a7d2e0 LOGDIR (unset)

PATH=/home/rurban/bin​:/home/rurban/bin​:/usr/local/bin​:/usr/bin​:/bin​:/usr /local/games​:/usr/games

PERL\_BADLANG \(unset\)
SHELL=/bin/bash

-- Reini Urban

p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

re-attach patch -- Reini Urban

p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

0001-Copy-paste-List-Util-BOOT-bug-reading-past-2-bytes.patch ```diff [#CPAN 72700] https://rt.cpan.org/Public/Bug/Display.html?id=72700 From fcda72764b78c8512a04347f3f18fb7549582f0a Mon Sep 17 00:00:00 2001 From: Reini Urban Date: Wed, 23 Nov 2011 18:10:26 -0600 Subject: [PATCH] Copy&paste List::Util BOOT bug, reading past 2 bytes MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------1.7.5.4" This is a multi-part message in MIME format. --------------1.7.5.4 Content-Type: text/plain; charset=UTF-8; format=fixed Content-Transfer-Encoding: 8bit See http://blogs.perl.org/users/rurban/2011/11/adventures-with-clang-and-asan.html how I found these and many more invalid memory read+write bugs with clang and Google ASan. This does not look security relevant to me. --- cpan/List-Util/ListUtil.xs | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --------------1.7.5.4 Content-Type: text/x-patch; name="0001-Copy-paste-List-Util-BOOT-bug-reading-past-2-bytes.patch" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="0001-Copy-paste-List-Util-BOOT-bug-reading-past-2-bytes.patch" diff --git a/cpan/List-Util/ListUtil.xs b/cpan/List-Util/ListUtil.xs index 7da9b95..eacdde4 100644 --- a/cpan/List-Util/ListUtil.xs +++ b/cpan/List-Util/ListUtil.xs @@ -595,7 +595,7 @@ BOOT: varav = GvAVn(vargv); #endif if (SvTYPE(rmcgv) != SVt_PVGV) - gv_init(rmcgv, lu_stash, "List::Util", 12, TRUE); + gv_init(rmcgv, lu_stash, "List::Util", 10, TRUE); rmcsv = GvSVn(rmcgv); #ifndef SvWEAKREF av_push(varav, newSVpv("weaken",6)); --------------1.7.5.4-- ```
p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

By the way\, I can't see an actual patch here\, either attached as a file or inline in any of the messages.

Can you please provide one\, ideally attached as a file so I can easily apply it?

Thanks\,

--

Paul Evans

p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

Released in 1.23_04.

If this makes it past the smokers OK\, I'll consider bumping it to 1.24\, because there's quite a bit of change since 1.23 overall\, and there hasn't been a non-dev release in 2 years. (!)

--

Paul Evans

p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

On Sat Mar 10 07​:12​:55 2012\, PEVANS wrote​:

Released in 1.23_04.

If this makes it past the smokers OK\, I'll consider bumping it to 1.24\, because there's quite a bit of change since 1.23 overall\, and there hasn't been a non-dev release in 2 years. (!)

This was released for real as 1.24.

--

Paul Evans

p5pRT commented 12 years ago

From @rjbs

* Paul Evans via RT \bug\-Scalar\-List\-Utils@&#8203;rt\.cpan\.org [2012-03-28T14​:38​:44]

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

On Sat Mar 10 07​:12​:55 2012\, PEVANS wrote​:

Released in 1.23_04.

If this makes it past the smokers OK\, I'll consider bumping it to 1.24\, because there's quite a bit of change since 1.23 overall\, and there hasn't been a non-dev release in 2 years. (!)

This was released for real as 1.24.

It looked like there were quite a lot of changes between the last stable release of Scalar-List-Utils and this. How much test coverage have we seen?

-- rjbs

p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

* Paul Evans via RT \bug\-Scalar\-List\-Utils@&#8203;rt\.cpan\.org [2012-03-28T14​:38​:44]

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

On Sat Mar 10 07​:12​:55 2012\, PEVANS wrote​:

Released in 1.23_04.

If this makes it past the smokers OK\, I'll consider bumping it to 1.24\, because there's quite a bit of change since 1.23 overall\, and there hasn't been a non-dev release in 2 years. (!)

This was released for real as 1.24.

It looked like there were quite a lot of changes between the last stable release of Scalar-List-Utils and this. How much test coverage have we seen?

-- rjbs

p5pRT commented 12 years ago

From bug-Scalar-List-Utils@rt.cpan.org

\<URL​: https://rt.cpan.org/Ticket/Display.html?id=72700 >

It looked like there were quite a lot of changes between the last stable release of Scalar-List-Utils and this. How much test coverage have we seen?

There was quite a lot of history of smoke tests and the like on the devel releases in between; mostly at​:

  http​://matrix.cpantesters.org/?dist=Scalar-List-Utils+1.23_03

(also a little at _01\, _02 and _04).

This covered a wide range of OS platforms and Perl versions\, though didn't include the "rare" ones like VMS\, IRIX or HP-UX. That said\, given it worked entirely without a FAIL across all these platforms already\, and there wasn't any OS-specific code change included\, I felt it safe enough to call 1.24 without reference here.

--

Paul Evans