Bug#995331: bullseye-pu: package perl/5.32.1-4+deb11u2

Niko Tyni ntyni at debian.org
Wed Sep 29 20:46:43 BST 2021 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: perl at packages.debian.org

Hi, I'd like to fix #994834 in perl/bullseye. It's a memory leak
regression from buster. The fix is from upstream Perl 5.34 and the patch
applied as-is to 5.32. It's included in unstable as of 5.32.1-6 which
recently migrated to testing as well (so it triggered no autopkgtest
regressions.) The patch includes a build time regression test.

Debdiff against 5.32.1-4+deb11u1 in stable-security attached.  I expect
this is uncontroversial so I've just uploaded without waiting for an
explicit ack.

Thanks for your work,
-- 
Niko Tyni   ntyni at debian.org
-------------- next part --------------
diff -Nru perl-5.32.1/debian/changelog perl-5.32.1/debian/changelog
--- perl-5.32.1/debian/changelog	2021-08-05 22:26:55.000000000 +0300
+++ perl-5.32.1/debian/changelog	2021-09-24 19:10:58.000000000 +0300
@@ -1,3 +1,9 @@
+perl (5.32.1-4+deb11u2) bullseye; urgency=medium
+
+  * Apply upstream patch fixing a regexp memory leak. (Closes: #994834)
+
+ -- Niko Tyni <ntyni at debian.org>  Fri, 24 Sep 2021 19:10:58 +0300
+
 perl (5.32.1-4+deb11u1) bullseye-security; urgency=high
 
   * [SECURITY] CVE-2021-36770: Encode loading code from working directory
diff -Nru perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff
--- perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff	2021-09-24 19:10:52.000000000 +0300
@@ -0,0 +1,69 @@
+From: Karl Williamson <khw at cpan.org>
+Date: Sat, 27 Feb 2021 11:43:41 -0700
+Subject: regcomp.c: Remove memory leak
+
+This fixes GH #18604.  There was a path through the code where a
+particular SV did not get its reference count decremented.
+
+I did an audit of the function and came up with several other
+possiblities that are included in this commit.
+
+Further, there would be leaks for some instances of finding syntax
+errors in the input pattern, or when warnings are fatalized.  Those
+would require mortalizing some SVs, but that is beyond the scope of this
+commit.
+
+Origin: backport, https://github.com/Perl/perl5/commit/5f41fa466a67b5535aa8bcf4b814f242545ac7bd
+Bug: https://github.com/Perl/perl5/issues/18604
+Bug-Debian: https://bugs.debian.org/994834
+---
+ regcomp.c     | 7 +++++++
+ t/op/svleak.t | 3 ++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/regcomp.c b/regcomp.c
+index 0da659c..5c72ff7 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -18626,6 +18626,12 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
+ 	RExC_end = save_end;
+ 	RExC_in_multi_char_class = 0;
+         SvREFCNT_dec_NN(multi_char_matches);
++        SvREFCNT_dec(properties);
++        SvREFCNT_dec(cp_list);
++        SvREFCNT_dec(simple_posixes);
++        SvREFCNT_dec(posixes);
++        SvREFCNT_dec(nposixes);
++        SvREFCNT_dec(cp_foldable_list);
+         return ret;
+     }
+ 
+@@ -19983,6 +19989,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
+                                            RExC_parse - orig_parse);;
+     SvREFCNT_dec(cp_list);;
+     SvREFCNT_dec(only_utf8_locale_list);
++    SvREFCNT_dec(upper_latin1_only_utf8_matches);
+     return ret;
+ }
+ 
+diff --git a/t/op/svleak.t b/t/op/svleak.t
+index 6acc298..3df4838 100644
+--- a/t/op/svleak.t
++++ b/t/op/svleak.t
+@@ -15,7 +15,7 @@ BEGIN {
+ 
+ use Config;
+ 
+-plan tests => 150;
++plan tests => 151;
+ 
+ # run some code N times. If the number of SVs at the end of loop N is
+ # greater than (N-1)*delta at the end of loop 1, we've got a leak
+@@ -278,6 +278,7 @@ eleak(2,0,'/[[:ascii:]]/');
+ eleak(2,0,'/[[.zog.]]/');
+ eleak(2,0,'/[.zog.]/');
+ eleak(2,0,'/|\W/', '/|\W/ [perl #123198]');
++eleak(2,0,'/a\sb/', '/a\sb/ [GH #18604]');
+ eleak(2,0,'no warnings; /(?[])/');
+ eleak(2,0,'no warnings; /(?[[a]+[b]])/');
+ eleak(2,0,'no warnings; /(?[[a]-[b]])/');
diff -Nru perl-5.32.1/debian/patches/series perl-5.32.1/debian/patches/series
--- perl-5.32.1/debian/patches/series	2021-08-05 22:26:55.000000000 +0300
+++ perl-5.32.1/debian/patches/series	2021-09-24 19:10:52.000000000 +0300
@@ -44,3 +44,4 @@
 fixes/hurd-cachepropagate-test-fix.diff
 fixes/io_socket_ip_ipv6.diff
 fixes/encode-CVE-2021-36770.diff
+fixes/regcomp-memleak.diff

More information about the Perl-maintainers mailing list