[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#995331: marked as done (bullseye-pu: package perl/5.32.1-4+deb11u2)

Your message dated Sat, 09 Oct 2021 12:09:40 +0100
with message-id <81741a2f4e370c14a3bec08b7fe6e2b10c32267b.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for updates in 11.1
has caused the Debian Bug report #995331,
regarding bullseye-pu: package perl/5.32.1-4+deb11u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
995331: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995331
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: perl@packages.debian.org

Hi, I'd like to fix #994834 in perl/bullseye. It's a memory leak
regression from buster. The fix is from upstream Perl 5.34 and the patch
applied as-is to 5.32. It's included in unstable as of 5.32.1-6 which
recently migrated to testing as well (so it triggered no autopkgtest
regressions.) The patch includes a build time regression test.

Debdiff against 5.32.1-4+deb11u1 in stable-security attached.  I expect
this is uncontroversial so I've just uploaded without waiting for an
explicit ack.

Thanks for your work,
-- 
Niko Tyni   ntyni@debian.org

diff -Nru perl-5.32.1/debian/changelog perl-5.32.1/debian/changelog
--- perl-5.32.1/debian/changelog	2021-08-05 22:26:55.000000000 +0300
+++ perl-5.32.1/debian/changelog	2021-09-24 19:10:58.000000000 +0300
@@ -1,3 +1,9 @@
+perl (5.32.1-4+deb11u2) bullseye; urgency=medium
+
+  * Apply upstream patch fixing a regexp memory leak. (Closes: #994834)
+
+ -- Niko Tyni <ntyni@debian.org>  Fri, 24 Sep 2021 19:10:58 +0300
+
 perl (5.32.1-4+deb11u1) bullseye-security; urgency=high
 
   * [SECURITY] CVE-2021-36770: Encode loading code from working directory
diff -Nru perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff
--- perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.32.1/debian/patches/fixes/regcomp-memleak.diff	2021-09-24 19:10:52.000000000 +0300
@@ -0,0 +1,69 @@
+From: Karl Williamson <khw@cpan.org>
+Date: Sat, 27 Feb 2021 11:43:41 -0700
+Subject: regcomp.c: Remove memory leak
+
+This fixes GH #18604.  There was a path through the code where a
+particular SV did not get its reference count decremented.
+
+I did an audit of the function and came up with several other
+possiblities that are included in this commit.
+
+Further, there would be leaks for some instances of finding syntax
+errors in the input pattern, or when warnings are fatalized.  Those
+would require mortalizing some SVs, but that is beyond the scope of this
+commit.
+
+Origin: backport, https://github.com/Perl/perl5/commit/5f41fa466a67b5535aa8bcf4b814f242545ac7bd
+Bug: https://github.com/Perl/perl5/issues/18604
+Bug-Debian: https://bugs.debian.org/994834
+---
+ regcomp.c     | 7 +++++++
+ t/op/svleak.t | 3 ++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/regcomp.c b/regcomp.c
+index 0da659c..5c72ff7 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -18626,6 +18626,12 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
+ 	RExC_end = save_end;
+ 	RExC_in_multi_char_class = 0;
+         SvREFCNT_dec_NN(multi_char_matches);
++        SvREFCNT_dec(properties);
++        SvREFCNT_dec(cp_list);
++        SvREFCNT_dec(simple_posixes);
++        SvREFCNT_dec(posixes);
++        SvREFCNT_dec(nposixes);
++        SvREFCNT_dec(cp_foldable_list);
+         return ret;
+     }
+ 
+@@ -19983,6 +19989,7 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
+                                            RExC_parse - orig_parse);;
+     SvREFCNT_dec(cp_list);;
+     SvREFCNT_dec(only_utf8_locale_list);
++    SvREFCNT_dec(upper_latin1_only_utf8_matches);
+     return ret;
+ }
+ 
+diff --git a/t/op/svleak.t b/t/op/svleak.t
+index 6acc298..3df4838 100644
+--- a/t/op/svleak.t
++++ b/t/op/svleak.t
+@@ -15,7 +15,7 @@ BEGIN {
+ 
+ use Config;
+ 
+-plan tests => 150;
++plan tests => 151;
+ 
+ # run some code N times. If the number of SVs at the end of loop N is
+ # greater than (N-1)*delta at the end of loop 1, we've got a leak
+@@ -278,6 +278,7 @@ eleak(2,0,'/[[:ascii:]]/');
+ eleak(2,0,'/[[.zog.]]/');
+ eleak(2,0,'/[.zog.]/');
+ eleak(2,0,'/|\W/', '/|\W/ [perl #123198]');
++eleak(2,0,'/a\sb/', '/a\sb/ [GH #18604]');
+ eleak(2,0,'no warnings; /(?[])/');
+ eleak(2,0,'no warnings; /(?[[a]+[b]])/');
+ eleak(2,0,'no warnings; /(?[[a]-[b]])/');
diff -Nru perl-5.32.1/debian/patches/series perl-5.32.1/debian/patches/series
--- perl-5.32.1/debian/patches/series	2021-08-05 22:26:55.000000000 +0300
+++ perl-5.32.1/debian/patches/series	2021-09-24 19:10:52.000000000 +0300
@@ -44,3 +44,4 @@
 fixes/hurd-cachepropagate-test-fix.diff
 fixes/io_socket_ip_ipv6.diff
 fixes/encode-CVE-2021-36770.diff
+fixes/regcomp-memleak.diff

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 11.1

Hi,

The updates relating to these bugs were included in this morning's 11.1
point release for bullseye.

Regards,

Adam

--- End Message ---
Reply to: