meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

From 3295b48defa0f8570114877b063fe546dd348b3c Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Thu, 20 Feb 2020 17:49:36 +0000
Subject: [PATCH] regcomp: use long jumps if there is any possibility of
 overflow

(CVE-2020-10878) Be conservative for backporting, we'll aim to do
something more aggressive for bleadperl.

(cherry picked from commit 9d7759db46f3b31b1d3f79c44266b6ba42a47fc6)

Upstream-Status: Backport [https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c] 
CVE: CVE-2020-10878
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
---
 regcomp.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/regcomp.c b/regcomp.c
index 4ba2980db66..73c35a67020 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -7762,6 +7762,13 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
 
         /* We have that number in RExC_npar */
         RExC_total_parens = RExC_npar;
+
+        /* XXX For backporting, use long jumps if there is any possibility of
+         * overflow */
+        if (RExC_size > U16_MAX && ! RExC_use_BRANCHJ) {
+            RExC_use_BRANCHJ = TRUE;
+            flags |= RESTART_PARSE;
+        }
     }
     else if (! MUST_RESTART(flags)) {
 	ReREFCNT_dec(Rx);