[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702519: marked as done (unblock/pre-approval: perl and libencode-perl (memory leak in Encode::decode))

Your message dated Mon, 11 Mar 2013 13:13:07 +0000
with message-id <b4634caca40e699bc27caf5fb3bdf30e@mail.adsl.funky-badger.org>
and subject line Re: Bug#702519: unblock/pre-approval: perl and libencode-perl (memory leak in Encode::decode)
has caused the Debian Bug report #702519,
regarding unblock/pre-approval: perl and libencode-perl (memory leak in Encode::decode)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
702519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702519
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: perl@packages.debian.org, libencode-perl@packages.debian.org

I'd like to fix #702416 / #702444 (memory leak in Encode::decode) in
perl + libencode-perl in wheezy. It's not a regression from squeeze,
but I intend to pursue a squeeze fix in a point release later.

The wheezy side would need a tpu upload of libencode-perl and a sid
upload of perl (obviously after 5.14.2-19 has migrated.)

I'm attaching the preliminary debdiffs. The perl package needs to Break
the unfixed versions of libencode-perl, because the separate packaged
version takes precedence in @INC when installed.

So perl/5.14.2-20 can't migrate before libencode-perl 2.44-1+deb7u1
but the latter could be uploaded straight away.

Would you be OK with this?

Thanks for your work,
-- 
Niko Tyni   ntyni@debian.org

diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog	2013-03-05 21:38:31.000000000 +0200
+++ perl-5.14.2/debian/changelog	2013-03-07 19:08:49.000000000 +0200
@@ -1,3 +1,12 @@
+perl (5.14.2-20) unstable; urgency=low
+
+  * Fix an Encode memory leak that occurred in the UTF-8 encoding.
+    (Closes: #702416)
+    + upgrade the Broken versions of the separate libencode-perl
+      package accordingly.
+
+ -- Niko Tyni <ntyni@debian.org>  Thu, 07 Mar 2013 19:08:47 +0200
+
 perl (5.14.2-19) unstable; urgency=high
 
   * [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control
--- perl-5.14.2/debian/control	2013-03-05 21:38:02.000000000 +0200
+++ perl-5.14.2/debian/control	2013-03-07 19:02:52.000000000 +0200
@@ -294,7 +294,7 @@
  libthreads-perl (<< 1.83),
  libthreads-shared-perl (<< 1.37),
  libtime-piece-perl (<< 1.20.01),
- libencode-perl (<< 2.42.01),
+ libencode-perl (<< 2.44-1+deb7u1),
  libdevel-dprof-perl (<< 20110228.00),
  mrtg (<< 2.16.3-3.1),
  libhtml-template-compiled-perl (<< 0.95-1),
diff -Nru perl-5.14.2/debian/patches/fixes/encode-memleak.diff perl-5.14.2/debian/patches/fixes/encode-memleak.diff
--- perl-5.14.2/debian/patches/fixes/encode-memleak.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/encode-memleak.diff	2013-03-07 19:01:39.000000000 +0200
@@ -0,0 +1,64 @@
+From 89405c8ebc5bf8ae4ed6479de2bc0f311c1f6fe1 Mon Sep 17 00:00:00 2001
+From: chansen <chansen@cpan.org>
+Date: Sun, 3 Mar 2013 22:43:53 +0100
+Subject: Encode: Fixed a memory leak that occurred in the UTF-8 encoding.
+
+The decode and encode methods allocated a SV for the result, this SV
+is passed to the process_utf8() function which may croak() if the
+CHECK flag has FB_CROAK set.
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/5814803a8fa15d6b5fd483efdaf849a7166f9ac4
+Bug: https://github.com/dankogai/p5-encode/issues/8
+Bug-Debian: http://bugs.debian.org/702416
+Patch-Name: fixes/encode-memleak.diff
+---
+ cpan/Encode/Encode.xs |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/cpan/Encode/Encode.xs b/cpan/Encode/Encode.xs
+index 723170c..4fa4ac3 100644
+--- a/cpan/Encode/Encode.xs
++++ b/cpan/Encode/Encode.xs
+@@ -440,7 +440,6 @@ CODE:
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
+     check = SvROK(check_sv) ? ENCODE_PERLQQ|ENCODE_LEAVE_SRC : SvIV(check_sv);
+     /* 
+      * PerlIO check -- we assume the object is of PerlIO if renewed
+@@ -471,6 +470,7 @@ CODE:
+     }
+     }
+ 
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     s = process_utf8(aTHX_ dst, s, e, check_sv, 0, strict_utf8(aTHX_ obj), renewed);
+ 
+     /* Clear out translated part of source unless asked not to */
+@@ -482,7 +482,7 @@ CODE:
+     SvCUR_set(src, slen);
+     }
+     SvUTF8_on(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
+@@ -504,7 +504,7 @@ CODE:
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     if (SvUTF8(src)) {
+     /* Already encoded */
+     if (strict_utf8(aTHX_ obj)) {
+@@ -543,7 +543,7 @@ CODE:
+     }
+     SvPOK_only(dst);
+     SvUTF8_off(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series	2013-03-05 21:38:04.000000000 +0200
+++ perl-5.14.2/debian/patches/series	2013-03-07 19:01:39.000000000 +0200
@@ -77,3 +77,4 @@
 fixes/64bitint-signedness-wraparound.diff
 fixes/stdin-sigchld.diff
 fixes/hsplit-rehash.diff
+fixes/encode-memleak.diff
diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t
--- perl-5.14.2/debian/t/control.t	2013-03-05 21:38:02.000000000 +0200
+++ perl-5.14.2/debian/t/control.t	2013-03-07 19:08:24.000000000 +0200
@@ -49,6 +49,9 @@
 	"libdigest-sha-perl" => {
 		"5.61"  =>  "5.71",
 	},
+	"libencode-perl" => {
+		"2.42_01" => "2.44-1+deb7u1",
+	},
 );
 
 # list special cases where a Breaks entry doesn't need to imply

diff --git a/debian/changelog b/debian/changelog
index 35a103a..28e4ea4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libencode-perl (2.44-1+deb7u1) UNRELEASED; urgency=low
+
+  * Add patch memory_leak.patch, backported from the 2.49 release.
+    (Closes: #702444)
+
+ -- gregor herrmann <gregoa@debian.org>  Wed, 06 Mar 2013 22:03:32 +0100
+
 libencode-perl (2.44-1) unstable; urgency=high
 
   * Team upload.
diff --git a/debian/patches/memory_leak.patch b/debian/patches/memory_leak.patch
new file mode 100644
index 0000000..28e975a
--- /dev/null
+++ b/debian/patches/memory_leak.patch
@@ -0,0 +1,56 @@
+Description: fix memory leak:
+ The decode and encode methods allocated a SV for the result, this SV is
+ passed to the process_utf8() function which may croak() if the CHECK flag
+ has FB_CROAK set.
+Origin: upstream, 2.49 release
+Bug: https://github.com/dankogai/p5-encode/issues/8
+Bug-Debian: http://bugs.debian.org/702444
+Author: Christian Hansen
+Reviewed-by: gregor herrmann <gregoa@debian.org>
+Last-Update: 2013-03-06
+
+--- a/Encode.xs
++++ b/Encode.xs
+@@ -440,7 +440,6 @@
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
+     check = SvROK(check_sv) ? ENCODE_PERLQQ|ENCODE_LEAVE_SRC : SvIV(check_sv);
+     /* 
+      * PerlIO check -- we assume the object is of PerlIO if renewed
+@@ -471,6 +470,7 @@
+     }
+     }
+ 
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     s = process_utf8(aTHX_ dst, s, e, check_sv, 0, strict_utf8(aTHX_ obj), renewed);
+ 
+     /* Clear out translated part of source unless asked not to */
+@@ -482,7 +482,7 @@
+     SvCUR_set(src, slen);
+     }
+     SvUTF8_on(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
+@@ -504,7 +504,7 @@
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     if (SvUTF8(src)) {
+     /* Already encoded */
+     if (strict_utf8(aTHX_ obj)) {
+@@ -543,7 +543,7 @@
+     }
+     SvPOK_only(dst);
+     SvUTF8_off(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 5299247..0d7aa92 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 spelling.patch
+memory_leak.patch

--- End Message ---
--- Begin Message --- 
On 10.03.2013 19:00, Adam D. Barratt wrote:

On Sun, 2013-03-10 at 18:40 +0200, Niko Tyni wrote:

On Sat, Mar 09, 2013 at 08:49:59PM +0000, Adam D. Barratt wrote:
> On Thu, 2013-03-07 at 19:37 +0200, Niko Tyni wrote:
> > The wheezy side would need a tpu upload of libencode-perl and a sid 
> > upload of perl (obviously after 5.14.2-19 has migrated.)
>
> It looks like libencode-perl was still in sync between sid and wheezy > until Tuesday. :-( The diffs look okay and -19 migrated last night, so 
> please go ahead.

Thanks, both uploaded earlier today.


Yep, spotted the tpu earlier and approved that; thanks. Once that's
migrated I'll look at the perl unblock.


perl unblocked and aged.

Regards,

Adam

--- End Message ---
Reply to: