Bug#702519: unblock/pre-approval: perl and libencode-perl (memory leak in Encode::decode)

Niko Tyni ntyni at debian.org
Thu Mar 7 17:37:54 UTC 2013 

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-Cc: perl at packages.debian.org, libencode-perl at packages.debian.org

I'd like to fix #702416 / #702444 (memory leak in Encode::decode) in
perl + libencode-perl in wheezy. It's not a regression from squeeze,
but I intend to pursue a squeeze fix in a point release later.

The wheezy side would need a tpu upload of libencode-perl and a sid
upload of perl (obviously after 5.14.2-19 has migrated.)

I'm attaching the preliminary debdiffs. The perl package needs to Break
the unfixed versions of libencode-perl, because the separate packaged
version takes precedence in @INC when installed.

So perl/5.14.2-20 can't migrate before libencode-perl 2.44-1+deb7u1
but the latter could be uploaded straight away.

Would you be OK with this?

Thanks for your work,
-- 
Niko Tyni   ntyni at debian.org
-------------- next part --------------
diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog	2013-03-05 21:38:31.000000000 +0200
+++ perl-5.14.2/debian/changelog	2013-03-07 19:08:49.000000000 +0200
@@ -1,3 +1,12 @@
+perl (5.14.2-20) unstable; urgency=low
+
+  * Fix an Encode memory leak that occurred in the UTF-8 encoding.
+    (Closes: #702416)
+    + upgrade the Broken versions of the separate libencode-perl
+      package accordingly.
+
+ -- Niko Tyni <ntyni at debian.org>  Thu, 07 Mar 2013 19:08:47 +0200
+
 perl (5.14.2-19) unstable; urgency=high
 
   * [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
diff -Nru perl-5.14.2/debian/control perl-5.14.2/debian/control
--- perl-5.14.2/debian/control	2013-03-05 21:38:02.000000000 +0200
+++ perl-5.14.2/debian/control	2013-03-07 19:02:52.000000000 +0200
@@ -294,7 +294,7 @@
  libthreads-perl (<< 1.83),
  libthreads-shared-perl (<< 1.37),
  libtime-piece-perl (<< 1.20.01),
- libencode-perl (<< 2.42.01),
+ libencode-perl (<< 2.44-1+deb7u1),
  libdevel-dprof-perl (<< 20110228.00),
  mrtg (<< 2.16.3-3.1),
  libhtml-template-compiled-perl (<< 0.95-1),
diff -Nru perl-5.14.2/debian/patches/fixes/encode-memleak.diff perl-5.14.2/debian/patches/fixes/encode-memleak.diff
--- perl-5.14.2/debian/patches/fixes/encode-memleak.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/encode-memleak.diff	2013-03-07 19:01:39.000000000 +0200
@@ -0,0 +1,64 @@
+From 89405c8ebc5bf8ae4ed6479de2bc0f311c1f6fe1 Mon Sep 17 00:00:00 2001
+From: chansen <chansen at cpan.org>
+Date: Sun, 3 Mar 2013 22:43:53 +0100
+Subject: Encode: Fixed a memory leak that occurred in the UTF-8 encoding.
+
+The decode and encode methods allocated a SV for the result, this SV
+is passed to the process_utf8() function which may croak() if the
+CHECK flag has FB_CROAK set.
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/5814803a8fa15d6b5fd483efdaf849a7166f9ac4
+Bug: https://github.com/dankogai/p5-encode/issues/8
+Bug-Debian: http://bugs.debian.org/702416
+Patch-Name: fixes/encode-memleak.diff
+---
+ cpan/Encode/Encode.xs |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/cpan/Encode/Encode.xs b/cpan/Encode/Encode.xs
+index 723170c..4fa4ac3 100644
+--- a/cpan/Encode/Encode.xs
++++ b/cpan/Encode/Encode.xs
+@@ -440,7 +440,6 @@ CODE:
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
+     check = SvROK(check_sv) ? ENCODE_PERLQQ|ENCODE_LEAVE_SRC : SvIV(check_sv);
+     /* 
+      * PerlIO check -- we assume the object is of PerlIO if renewed
+@@ -471,6 +470,7 @@ CODE:
+     }
+     }
+ 
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     s = process_utf8(aTHX_ dst, s, e, check_sv, 0, strict_utf8(aTHX_ obj), renewed);
+ 
+     /* Clear out translated part of source unless asked not to */
+@@ -482,7 +482,7 @@ CODE:
+     SvCUR_set(src, slen);
+     }
+     SvUTF8_on(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
+@@ -504,7 +504,7 @@ CODE:
+     if (src == &PL_sv_undef || SvROK(src)) src = sv_2mortal(newSV(0));
+     s = (U8 *) SvPV(src, slen);
+     e = (U8 *) SvEND(src);
+-    dst = newSV(slen>0?slen:1); /* newSV() abhors 0 -- inaba */
++    dst = sv_2mortal(newSV(slen>0?slen:1)); /* newSV() abhors 0 -- inaba */
+     if (SvUTF8(src)) {
+     /* Already encoded */
+     if (strict_utf8(aTHX_ obj)) {
+@@ -543,7 +543,7 @@ CODE:
+     }
+     SvPOK_only(dst);
+     SvUTF8_off(dst);
+-    ST(0) = sv_2mortal(dst);
++    ST(0) = dst;
+     XSRETURN(1);
+ }
+ 
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series	2013-03-05 21:38:04.000000000 +0200
+++ perl-5.14.2/debian/patches/series	2013-03-07 19:01:39.000000000 +0200
@@ -77,3 +77,4 @@
 fixes/64bitint-signedness-wraparound.diff
 fixes/stdin-sigchld.diff
 fixes/hsplit-rehash.diff
+fixes/encode-memleak.diff
diff -Nru perl-5.14.2/debian/t/control.t perl-5.14.2/debian/t/control.t
--- perl-5.14.2/debian/t/control.t	2013-03-05 21:38:02.000000000 +0200
+++ perl-5.14.2/debian/t/control.t	2013-03-07 19:08:24.000000000 +0200
@@ -49,6 +49,9 @@
 	"libdigest-sha-perl" => {
 		"5.61"  =>  "5.71",
 	},
+	"libencode-perl" => {
+		"2.42_01" => "2.44-1+deb7u1",
+	},
 );
 
 # list special cases where a Breaks entry doesn't need to imply
-------------- next part --------------
A non-text attachment was scrubbed...
Name: encode_tpu_memory_leak.patch
Type: text/x-diff
Size: 2648 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20130307/cc2ce400/attachment-0001.patch>

More information about the pkg-perl-maintainers mailing list