Bug#995804: libencode-perl: Encode <3.12 leaks
Eric Wong
e at 80x24.org
Wed Oct 6 04:43:50 BST 2021
Package: libencode-perl
Version: Encode <=3.12 leaks on decode, 3.13 released
Severity: normal
Tags: upstream patch
Dear Maintainer,
Encode 3.13 was just released with a memory leak fix for:
https://rt.cpan.org/Ticket/Display.html?id=139622
Since Encode is also bunded with various libperl5.xx packages,
I'm not sure how to go about getting those fixed.
-------------- next part --------------
>From 23978817a2c1ed13861167154e8eb3d829104b6b Mon Sep 17 00:00:00 2001
From: Dan Kogai <dankogai+github at gmail.com>
Date: Wed, 6 Oct 2021 08:37:27 +0900
Subject: [PATCH] resolve RT#139622
---
Changes | 5 +++++
Encode.xs | 1 +
2 files changed, 6 insertions(+)
diff --git a/Changes b/Changes
index 39e0bc1..1613abc 100644
--- a/Changes
+++ b/Changes
@@ -3,6 +3,11 @@
# $Id: Changes,v 3.12 2021/08/09 14:17:04 dankogai Exp dankogai $
#
$Revision: 3.12 $ $Date: 2021/08/09 14:17:04 $
+! Encode.xs
+ Apply the patch of RT#139622 to fix a memory leak on FB_CROAK
+ https://rt.cpan.org/Ticket/Display.html?id=139622
+
+3.12 2021/08/09 14:17:04
! Encode.pm
Address CVE-2021-36770
<9639159a-d070-4762-9cbd-f1622f10449c at beta.fastmail.com>
diff --git a/Encode.xs b/Encode.xs
index 4baf296..8cc8d15 100644
--- a/Encode.xs
+++ b/Encode.xs
@@ -275,6 +275,7 @@ encode_method(pTHX_ const encode_t * enc, const encpage_t * dir, SV * src, U8 *
/* decoding */
else {
if (check & ENCODE_DIE_ON_ERR){
+ SvREFCNT_dec(dst);
Perl_croak(aTHX_ ERR_DECODE_NOMAP,
enc->name[0], (UV)s[slen]);
return &PL_sv_undef; /* never reaches but be safe */
More information about the pkg-perl-maintainers
mailing list