Bug#995738: perl: leak fixes for buster (perl 5.28.1)

Eric Wong e at 80x24.org
Mon Oct 4 21:47:02 BST 2021 

Package: perl
Version: 5.28.1-6+deb10u1
Severity: normal
Tags: upstream patch

There are at least two regexp leaks affecting buster/oldstable
that affect codebases I'm maintaining.

They're fixed upstream and in current stable/testing/unstable;
but I expect there to be many users still using buster/5.28.1
for the forseeable future due to the pandemic delaying upgrades.

Memory leak in regular expressions:
	https://github.com/Perl/perl5/issues/17218

Matching Unicode regexp against ASCII string leaks
	https://github.com/Perl/perl5/issues/17140
	https://rt.perl.org/Ticket/Display.html?id=134390

Attached are patches from perl.git
-------------- next part --------------
>From 0463f3a19af7afac8b402655ad66e5b05c095bcc Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw at cpan.org>
Date: Fri, 15 Nov 2019 15:01:15 -0700
Subject: [PATCH] PATCH: gh#17218 memory leak

Indeed, a variable's ref count was not getting decremented.
---
 regcomp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/regcomp.c b/regcomp.c
index 076ea350b5..7b9bf6ba7d 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -18180,6 +18180,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
 
                 /* Likewise for 'posixes' */
                 _invlist_union(posixes, cp_list, &cp_list);
+                SvREFCNT_dec(posixes);
 
                 /* Likewise for anything else in the range that matched only
                  * under UTF-8 */
-------------- next part --------------
>From 05a03c0da6f3694904885fa1629a6e35e75d2875 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony at develop-help.com>
Date: Mon, 2 Sep 2019 15:35:36 +1000
Subject: [PATCH] (perl #134390) don't leak the SV we just created on an early
 return

---
 regexec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/regexec.c b/regexec.c
index c390bff72e..97ea458a20 100644
--- a/regexec.c
+++ b/regexec.c
@@ -10405,6 +10405,7 @@ S_to_byte_substr(pTHX_ regexp *prog)
 	    && !prog->substrs->data[i].substr) {
 	    SV* sv = newSVsv(prog->substrs->data[i].utf8_substr);
 	    if (! sv_utf8_downgrade(sv, TRUE)) {
+                SvREFCNT_dec_NN(sv);
                 return FALSE;
             }
             if (SvVALID(prog->substrs->data[i].utf8_substr)) {

More information about the Perl-maintainers mailing list