| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Committer's note: discussion on perl5-security-report concluded that
exploitability was low to nonexistent because any system that has setresgid
but not setregid will pretend to have the latter and define it in terms
of the former (see "#ifndef HAS_SETREGID" in perl.h). But the bug should
be fixed in case that code gets exposed in the future. The approach
taken in perl.h was also called into question and may elicit further
discussion and patching.]
Note: bug this only affects systems that have setresgid but not setregid
(since that codepath prefers the latter over the former). To the best of
my knowledge, no such systems exists (nor would it make much sense) so
this bug is probably not exploitable, but I can't guarantee that.
When the effective group is set using setresgid, it does this:
setresgid((Gid_t)PL_gid, (Gid_t)-1, (Gid_t) 1);
That last 1 should have been a -1. Instead of leaving the saved GID
unchanged it sets it to to 1. This means privileges are not permanently
dropped, but instead the GID is set to 1 (if possible). The program can
thereafter change it's effective and real GIDs to 1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit reimplements $[ using PL_check hooks, custom pp func-
tions and ties.
Outside of its compile-time use, $[ is now parsed as a simple varia-
ble, so function calls like foo($[) are permitted, which was not the
case with the former implementation removed by e1dccc0. I consider
that a bug fix.
The ‘That use of $[ is unsupported’ errors are out of necessity
deferred to run-time and implemented by a tied $[.
Indices between 0 and the array base are now treated consistently, as
are indices between a negative array base and zero. That, too, is
a bug fix.
|
|
|
|
|
| |
This adds _pv, _pvn, and _pv versions of whichsig() in mg.c, which
get both kill "NAME" and %SIG lookup nul-clean.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 099be4f1d added code to cope with this:
my $x = *STDERR; select($x); $x = 1;
which would cause PL_defoutgv to hold something other than a GV,
resulting in various crashes.
Commit 2acc3314 changed the way rv2gv works on fake globs, and inad-
vertently fixed this problem, too, so PL_defoutgv can no longer end up
holding something other than a GV.
So the code that checks if(isGV_with_GP(PL_defoutgv)) can go.
|
|
|
|
|
|
| |
$[ remains as a variable. It no longer has compile-time magic.
At runtime, it always reads as zero, accepts a write of zero, but dies
on writing any other value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently assigning to $^A updates the string in
PL_bodytarget, but doesn't update FmLINES(PL_bodytarget).
This can cause later writes to get confused about how many
lines have been output, and was causing write.t to fail test 418
under miniperl. (Only under miniperl, because skipping some tests under
miniperl affected how $^A's content and line count got messed up).
Fix this by updating FmLINES(PL_bodytarget) when $^A is set.
(Also fixes a TODO test which was failing due to 'local $^A' in earlier
tests)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is rather unsightly, don’t you think?
magic_methcall
Invoke a magic method (like FETCH).
* sv and mg are the tied thingy and the tie magic; * meth is
the name of the method to call; * argc is the number of args
(in addition to $self) to pass to the method;
the args themselves are any values following the argc
argument. * flags:
G_DISCARD: invoke method with G_DISCARD flag and don’t
return a value
G_UNDEF_FILL: fill the stack with argc pointers to
PL_sv_undef.
Returns the SV (if any) returned by the method, or NULL on
failure.
(That’s the ‘rendered’ nroff output.)
I would have used =over/=item/=back, but autodoc.pl doesn’t seem to
like those.
|
|
|
|
|
|
| |
study uses magic to call SvSCREAM_off() if the scalar is modified. Allocate it
its own magic type ('G' for now - pos magic is 'g'). Share the same "set"
routine and vtable as regexp/bm/fm (setregxp and vtbl_regexp).
|
|
|
|
|
|
|
|
|
| |
This reverts commit 571f0e8653a532c34edde36e797ecba446978b1c.
I’m afraid I have to revert this, as it does not modify sv_reftype
accordingly, and doing so would add *more* complexity (the opposite
of what that commit was trying to achieve) and slow down ref() at run
time, by making it search for pos magic.
|
|
|
|
|
| |
Store the target SV in mg_obj, instead of LvTARG(). This slightly reduces both
code complexity and runtime memory use.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit makes $$ writable again, as it was in 5.6, while preserv-
ing the magical pid-fetching added recently (post-5.14.0) by com-
mit 0e219455.
It does this by following Aristotle Pagaltzis’ brilliant suggestion in
<20110609145148.GD8471@klangraum.plasmasturm.org>; namely, to store
the PID in magic when $$ is written to, so that get-magic can detect
whether a fork() has occurred and reset $$ accordingly. This makes it
seem as though the fork() code sets $$ itself (which it used to before
0e219455), while even working when C code outside of perl’s control
calls fork().
This restores compatibility with DBIx::Connector and PPerl.
|
|
|
|
| |
Use this to replace S_is_container_magic() in mg.c with a direct lookup.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
instead of caching it
The intent is that by not caching $$, we eliminate one opportunity for bugs:
If one embeds Perl or uses XS and calls fork(3) from C, Perls notion of $$
may go out of sync with what getpid() returns. By always fetching the
value of $$ via getpid(), this bug opportunity is eliminated. The overhead
of always fetching $$ should be small and is likely only used for tempfile
creation, which should be dwarfed by file system accesses.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This:
commit 8aacddc1ea3837f8f1a911d90c644451fc7cfc86
Author: Nick Ing-Simmons <nik@tiuk.ti.com>
Date: Tue Dec 18 15:55:22 2001 +0000
Tidied version of Jeffrey Friedl's <jfriedl@yahoo.com> restricted hashes
- added delete of READONLY value inhibit & test for same
- re-tabbed
p4raw-id: //depot/perlio@13760
essentially deprecated HvKEYS() in favor of HvUSEDKEYS(); this is
explained in line 144 (now 313) of file `hv.h':
/*
* HvKEYS gets the number of keys that actually exist(), and is provided
* for backwards compatibility with old XS code. The core uses HvUSEDKEYS
* (keys, excluding placeholdes) and HvTOTALKEYS (including placeholders)
*/
This commit simply puts that into practice, and is equivalent to running
the following (at least with a35ef416833511da752c4b5b836b7a8915712aab
checked out):
git grep -l HvKEYS | sed /hv.h/d | xargs sed -i s/HvKEYS/HvUSEDKEYS/
Notice that HvKEYS is currently just an alias for HvUSEDKEYS:
$ git show a35ef416833511da752c4b5b836b7a8915712aab:hv.h | sed -n 318p
#define HvKEYS(hv) HvUSEDKEYS(hv)
According to `make tests':
All tests successful.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Formats are compiled down to a sequence of U32 opcodes in doparseform().
Previously the block of opcodes was stored in the buffer of SvPVX() after
the raw string by extending the buffer, and calculating the first U32 aligned
address after SvCUR(). A flag bit on the scalar was set to signal this hackery,
tested with SvCOMPILED()
The flag bit used happened to be the same as one of the two used by to signal
Boyer-Moore compiled scalars. The assumption was that no scalar can be used for
both. Unfortunately, this isn't quite true.
Given that the scalar is alway upgraded to PVMG to add PERL_MAGIC_fm magic,
to clear the cached compiled version, there's no extra memory cost in using
mg_ptr in the MAGIC struct to point directly to the block of U32 opcodes. The
test for "is there a compiled version" can switch to mg_find(..., PERL_MAGIC_fm)
returning a pointer, and the use of a flag bit abolished.
Retain SvCOMPILED() and SvCOMPILED_{on,off}() as compatibility for XS code on
CPAN - the first is always 0, the other two now no-ops.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The functions S_save_magic() and S_restore_magic(), which are called by
mg_get(), mg_set(), mg_length(), mg_size() and mg_clear(),
are not robust when called with an SV whose reference count is zero.
Basically, one of the actions of S_save_magic() is to temporarily
increase the refcount of the SV, and then for S_restore_magic() to reduce
it again at the end, so that if any of the magic functions called
inbetween decrease the count, it won't be prematurely freed.
However, if the count starts at zero, then bumping it up and bringing it
back down to zero, triggers a spurious second freeing.
So, if its zero, just skip the whole bumping thing.
Now, we shouldn't really be calling these functions will a zero-refcount
SV, but these things happen, and its best to be robust.
In particular, this fixes RT #87860, which was ultimately triggered by a
bug in Set::Object 1.28 that managed to create an HV with null SvMAGIC
field, but with the RMG flag set.
When freeing that HV, sv_clear() skips doing mg_free() because SvMAGIC is
null, whereas later it calls Perl_hv_undef_flags, which calls mg_clear()
because it uses the test SvRMAGICAL(hv) (which is true).
|
|
|
|
|
|
| |
local($_) will now strip all magic from $_, so that it is always safe
to localize $_, regardless what kind of special (or tied) variable it
may have been aliased to.
|
|
|
|
|
|
|
|
|
| |
Perl_sighandler currently increments the savestack by 5
before running a signal handler, to avoid messing with a
partially completed SS push operation that's been interrupted.
This is irrelevant for safe signals, so make this action conditional on
unsafe signals only.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Perl_sighandler, we currently increment PL_markstack_ptr and
PL_scopestack_ix.
This was added back in 1997 in the era of unsafe signals, to make them
slightly less unsafe. The idea presumably was to stop signal handlers
inadvertently corrupting the top element of each stack. However, given that
the normal method of pushing something onto those stacks is to increment
the pointer before pushing the value, I don't see how that can happen.
The downside of this is that an uninitialised or stale value can be left
in the 'hole' left on these stacks. When exiting from a signal handler via
exit(), these holes can be read and corruption occur, while stack
unwinding is taking place. The ordering of things means we can't use
SAVEDESTRUCTOR_X to undo the damage.
This commit leaves the 'PL_savestack_ix += 5', because in this case, with
unsafe signals, it *is* possible to interrupt halfway through a new set of
save data being pushed onto the stack, and it *is* possible for this to be
undone via SAVEDESTRUCTOR_X. (But it's still unsafe and half-baked.)
This fixes [perl #85206].
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous versions of the Posix spec allowed the struct siginfo_t*
parameter passed to the signal handler to be NULL in certain cases. More
recent Posix specifications (SUSv3) have rescinded this: Now this
parameter is required always to be non-NULL. However we use this
parameter to differentiate between safe and unsafe signals, as in the
former it will always be NULL and in the latter case it should have been
non-NULL.
This patch fixes this issue by also relying on the ucontext_t*
parameter. This should reliably be non-NULL when using unsafe signals
handlers.
Signed-off-by: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I mostly fixed spelling mistakes, some of very long standing,
but a few files got more attentive word-smithying. I've updated:
pod/perl.pod
pod/perldelta.pod
pod/perl592delta.pod
pod/perl5120delta.pod
pod/perl51310delta.pod
pod/perl5139delta.pod
pod/perlfunc.pod
pod/perlop.pod
pod/perlrebackslash.pod
pod/perlrecharclass.pod
pod/perlutil.pod
pod/perlhack.pod
pod/perlintern.pod
pod/perlnetware.pod
pod/perlpolicy.pod
|
|
|
|
|
| |
Also handle and test the edge case of a signal handler throwing an
exception
|
|
|
|
|
| |
Only unblock signal after a safe-signal handler is executed if that signal was
also unblocked before the handler.
|
|
|
|
|
|
| |
Add a flag G_WRITING_TO_STDERR to signal that Perl_magic_methcall() needs to
localise PL_stderrgv to NULL, and save/free temps, inside its ENTER/LEAVE
pair.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a fix for RT #81230 (and more). Currently, mg_get() works around
the case where the called magic (e.g. FETCH) frees the magic SV. It does
this by unconditionally pushing the SV on the tmps stack before invoking
the method.
There are two issues with this. Firstly, it may artificially extend the
life of the SV. This was the root of the problem with #81230. There, the
DB_File code, under -T, created a tainted tied object. Accessing the
object (within FETCH as it happens), caused mg_get() to be invoked on the
object (due to the taint magic), and thus extend the life of the object.
This then caused c<untie %h if $h{k}> to give the warning
untie attempted while 1 inner references still exist.
This only became noticeable after efaf36747029c85b4d8825318cb4d485a0bb350e,
which stopped wrapping magic method calls in SAVETMPS/FREETMPS.
The second issue issue that this protection only applies to mg_get();
functions like mg_set() can still segfault if the SV is deleted.
This commit fixes both problems as follows:
First, the protection mechanism is moved out of mg_get() and into
save_magic() / restore_magic(), so that it protects more things.
Secondly, the protection is now:
* in save_magic(), SvREFCNT_inc() the SV, thus protecting it from being
freed during FETCH (or whatever)
* in restore_magic(), SvREFCNT_dec() the SV, undoing the protection
without extending the life of the SV, *except* if the refcount is
1 (ie FETCH tried to free it), then push it on the mortals stack
to extend it life a bit so our callers wont choke on it.
|
|
|
|
| |
Brought to you by -Duser_c_flags=/WARN=(ENABLE=LEVEL5,INFORMATIONAL=ALL)
|
| |
|
|
|
|
|
|
|
|
|
| |
The format accumulator $^A now becomes tainted when formline() is
called with tainted data.
There is still one failing test from the TODO set; it seems
that the $^A get magic is handled too late for the taintedness
to show up.
|
|
|
|
|
| |
It now only exists as a compatibility macro for extensions that want to
introspect it.
|
|
|
|
| |
This exposes the current top-level interpreter phase to perl space.
|
|
|
|
|
| |
This makes aliased @ISA arrays work by storing a non-magical AV as the
mg_obj if there need to be multiple entries.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) compress
if (...)
flag |= 1
...
if (flag & 1) {
...
into
if (...) {
flag |= 1
....
2) re-order the flag bits, since over the years some bits have become
redundant.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was some buggy code in Perl_sighandler() related to getting an SV
with the signal name to pass to the perl-level handler function.
`
Basically:
on threaded builds, a sig handler that died leaked PL_psig_name[sig];
on unthreaded builds, in a recursive handler that died, PL_sig_sv was
prematurely freed.
PL_sig_sv was originally just a file static var that was not
recursion-save anyway, and got promoted to perlvars.h when it should
instead have been done away with. So I've got rid of it now, and
rationalised the code, which fixed the two issues listed above.
Also added an assert which makes the dodgy manual popping of the save
stack slightly less dodgy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has the side-effect of fixing these one-liners:
$ perl5.13.5 -le' my $glob = \*foo::ISA; delete $::{"foo::"}; *$glob = *a'
Bus error
$ perl5.13.5 -le' my $glob = \*foo::ISA; delete $::{"foo::"}; *$glob = []'
Bus error
$ perl5.13.6 -le'sub baz; my $glob = \*foo::bar; delete $::{"foo::"}; *$glob = *baz;'
Bus error
$ perl5.13.6 -le'sub foo::bar; my $glob = \*foo::bar; delete $::{"foo::"}; *$glob = *baz;'
Bus error
In the first two cases the crash was inadvertently fixed (isn’t it
nice when that happens?) in 5.13.6 (by 6f86b615fa7), but there was
still a fatal error:
Can't call mro_isa_changed_in() on anonymous symbol table at -e line 1.
Because sv_clear calls ->DESTROY, if an object’s stash has been
detached from the symbol table, mro_get_linear_isa can be called on a
hash with no HvENAME. So HvNAME is used as a fallback for those cases.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expose cop hint hashes as a type COPHH, with a cophh_* API which is a
macro layer over the refcounted_he_* API. The documentation for cophh_*
describes purely API-visible behaviour, whereas the refcounted_he_*
documentation describes the functions mainly in terms of the
implementation. Revise the cop_hints_* API, using the flags parameter
consistently and reimplementing in terms of cophh_*. Use the cophh_*
and cop_hints_* functions consistently where appropriate.
[Modified by the committer to update two calls to
Perl_refcounted_he_fetch recently added to newPMOP.]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New magic type PERL_MAGIC_checkcall attaches a function to a CV, which
will be called as the second half of the op checker for an entersub
op calling that CV. Default state, in the absence of this magic,
is to process the CV's prototype if it has one, or apply list context
to all the arguments if not. New API functions cv_get_call_checker()
and cv_set_call_checker() provide a clean interface to this facility,
hiding the internal use of magic.
Expose in the API the new functions rv2cv_op_cv(),
ck_entersub_args_list(), ck_entersub_args_proto(), and
ck_entersub_args_proto_or_list(), which are meaningful segments of
standard entersub op checking and are likely to be useful in plugged-in
call checker functions.
Expose new API function op_contextualize(), which is a public interface
to the internal scalar()/list()/scalarvoid() functions. This API is
likely to be required in most plugged-in call checker functions.
Incidentally add new function mg_free_type(), in the API, which will
remove magic of one type from an SV. (mg_free() removes all magic,
and there isn't anything else more selective.)
|
|
|
|
|
| |
This fixes $^A being reset when $1..$2 are localized before any regexp match
happened.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are left from PERL_OBJECT, which was an implementation of
multiplicity using C++ objects. PERL_OBJECT was removed in 5.8, but the
macros seem to have been cargo-culted all over the core (including in
places where they would have been inappropriate originally). Since they
now do exactly nothing, it's cleaner to remove them.
I have left the definitions in perl.h, under #ifndef PERL_CORE, since
some CPAN XS code uses them (also often incorrectly). I have also left
STATIC alone, since it seems potentially more useful and is much more
ingrained.
The only appearance of these macros this patch doesn't touch is in
Devel-PPPort, because that's a CPAN module.
|
|
|
|
|
|
| |
The perl source has for some while been clean to -Wwrite-strings.
I suggest this warning be added to cflags.
The patch makes the appropriate change to cflags.SH and silences a warning from mg.c
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than creating an AV and pushing the backref onto it,
store a single backref directly in the mg_obj or xhv_backreferences
slot.
If the backref is an AV, then we skip this optimisation (although I don't
think at the moment, that an AV would ever be pointed to by some backref
magic). So the test of whether the optimisation is is in effect is whether
the thing in the slot is an AV or not.
|
|
|
|
|
| |
It's way too easy to forget to "local $!" in signal handlers and
changing $! when signal hits between two ops is probably never useful.
|
|
|
|
|
| |
This reduces object code size, reducing CPU cache pressure on the non-exception
paths.
|
|
|
|
|
|
|
|
|
| |
This reverts commit 191ad7eff570fc96c93993e4358f83e2033365d6.
Some modules (e.g. File::chdir) relied on the current behaviour of
local $tied_scalar, so lets leave things as-is for now. See
http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2010-05/msg00627.html
|
|
|
|
| |
it's now a varargs function
|
|
|
|
|
| |
This better represents its current role as specifically delaying magic on
@ISA as opposed to a general array magic delay mechanism.
|