develooper Front page | perl.perl5.porters | Postings from June 2008

Re: [perl #54934] Attempt to free unreferenced scalar fiddling with the symbol table

Thread Previous | Thread Next
From:
Rafael Garcia-Suarez
Date:
June 6, 2008 06:40
Subject:
Re: [perl #54934] Attempt to free unreferenced scalar fiddling with the symbol table
Message ID:
b77c1dce0806060640m72ea37b9s80dff78ae7afe0b3@mail.gmail.com
2008/6/6 Niko Tyni <ntyni@debian.org>:
>> --- ext/PerlIO/via/via.xs.orig        2008-01-25 10:00:53.000000000 +0100
>> +++ ext/PerlIO/via/via.xs     2008-05-30 14:43:11.000000000 +0200
>> @@ -89,7 +89,7 @@ PerlIOVia_method(pTHX_ PerlIO * f, const
>>           if (!s->fh) {
>>               GV *gv = newGVgen(HvNAME_get(s->stash));
>>               GvIOp(gv) = newIO();
>> -             s->fh = newRV_noinc((SV *) gv);
>> +             s->fh = newRV((SV *) gv);
>>               s->io = GvIOp(gv);
>>           }
>>           IoIFP(s->io) = PerlIONext(f);
>> End of Patch.
>>
>> So what leaks is a gv generated to hold the "FOO" reference. (Its name
>> is "_GEN_0".)
>
> Hi,
>
> I don't see this applied yet, hope it isn't falling through the cracks.
> While PerlIO-via-dynamic-0.13 now has a workaround for 5.10.0, Bastian
> Blank raised concerns about possible security implications of the double
> frees in <http://bugs.debian.org/479698> (Cc'd).

No. Nicholas commented on IRC that this apparently creates no link,
and I'm not able to prove him false, so I'll probably apply this
patch. (or someone could beat me to it)

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About