perl/perl-regexp-refoverflow.diff

14 lines
474 B
Diff
Raw Normal View History

Accepting request 494775 from home:coolo:branches:openSUSE:Factory - Fix building with zlib-1.2.10 (RT#119762): * Compress-Raw-Zlib-2.071-Adapt-tests-to-zlib-1.2.11.patch - Update to perl-5.24.1 -Di switch is now required for PerlIO debugging output Previously PerlIO debugging output would be sent to the file specified by the "PERLIO_DEBUG" environment variable if perl wasn't running setuid and the -T or -t switches hadn't been parsed yet. If perl performed output at a point where it hadn't yet parsed its switches this could result in perl creating or overwriting the file named by "PERLIO_DEBUG" even when the -T switch had been supplied. Perl now requires the -Di switch to produce PerlIO debugging output. By default this is written to "stderr", but can optionally be redirected to a file by setting the "PERLIO_DEBUG" environment variable. If perl is running setuid or the -T switch was supplied "PERLIO_DEBUG" is ignored and the debugging output is sent to "stderr" as for any other -D switch. Core modules and tools no longer search "." for optional modules The tools and many modules supplied in core no longer search the default current directory entry in @INC for optional modules. For example, Storable will remove the final "." from @INC before trying to load Log::Agent. This prevents an attacker injecting an optional module into a process run by another user where the current directory is writable by the attacker, e.g. the /tmp directory. - Refresh patches OBS-URL: https://build.opensuse.org/request/show/494775 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl?expand=0&rev=148
2017-05-17 12:00:29 +02:00
Index: regcomp.c
===================================================================
--- regcomp.c.orig
+++ regcomp.c
@@ -10988,7 +10988,7 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I
ret = reg2Lanode(pRExC_state, GOSUB, num, RExC_recurse_count);
if (!SIZE_ONLY) {
- if (num > (I32)RExC_rx->nparens) {
+ if (num < 0 || num > (I32)RExC_rx->nparens) {
RExC_parse++;
vFAIL("Reference to nonexistent group");
}