SOURCES/Encode-3.14-Fix-memory-leak-in-function-encode_method.patch

@@ -0,0 +1,97 @@
+From d77d726d206f16232df6edd80739720bb7011aea Mon Sep 17 00:00:00 2001
+From: Pali <pali@cpan.org>
+Date: Thu, 7 Oct 2021 22:35:51 +0200
+Subject: [PATCH] Fix memory leak in function encode_method()
+
+Pull request https://github.com/dankogai/p5-encode/pull/72 fixed memory
+corruption but introduced a new memory leak as dst scalar is not mortal
+anymore and not every possible exit from every XS function properly release
+scalar's memory.
+
+Fix this memory leak by making dst scalar mortal again. To not re-introduce
+that memory corruption, first store dst scalar into temporary variable and
+then save it into stack via ST(0) macro.
+---
+ Encode.xs | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/Encode.xs b/Encode.xs
+index 4baf296..d173c96 100644
+--- a/Encode.xs
++++ b/Encode.xs
+@@ -154,7 +154,7 @@ encode_method(pTHX_ const encode_t * enc, const encpage_t * dir, SV * src, U8 *
+     STRLEN sdone = 0;
+     /* We allocate slen+1.
+        PerlIO dumps core if this value is smaller than this. */
+-    SV *dst = newSV(slen+1);
++    SV *dst = sv_2mortal(newSV(slen+1));
+     U8 *d = (U8 *)SvPVX(dst);
+     STRLEN dlen = SvLEN(dst)-1;
+     int code = 0;
+@@ -810,13 +810,12 @@ CODE:
+     tmp = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+                 &offset, term, &code, fallback_cb);
+     sv_catsv(dst, tmp);
+-    SvREFCNT_dec(tmp);
+     SvIV_set(off, (IV)offset);
+     RETVAL = (code == ENCODE_FOUND_TERM);
+ OUTPUT:
+     RETVAL
+ 
+-SV *
++void
+ Method_decode(obj,src,check_sv = &PL_sv_no)
+ SV *	obj
+ SV *	src
+@@ -828,6 +827,7 @@ PREINIT:
+     encode_t *enc;
+     U8 *s;
+     STRLEN slen;
++    SV *ret;
+ INIT:
+     SvGETMAGIC(src);
+     SvGETMAGIC(check_sv);
+@@ -841,13 +841,13 @@ CODE:
+     s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, slen);
+     if (SvUTF8(src))
+         utf8_safe_downgrade(aTHX_ &src, &s, &slen, modify);
+-    RETVAL = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
++    ret = encode_method(aTHX_ enc, enc->t_utf8, src, s, slen, check,
+               NULL, Nullsv, NULL, fallback_cb);
+-    SvUTF8_on(RETVAL);
+-OUTPUT:
+-    RETVAL
++    SvUTF8_on(ret);
++    ST(0) = ret;
++    XSRETURN(1);
+ 
+-SV *
++void
+ Method_encode(obj,src,check_sv = &PL_sv_no)
+ SV *	obj
+ SV *	src
+@@ -859,6 +859,7 @@ PREINIT:
+     encode_t *enc;
+     U8 *s;
+     STRLEN slen;
++    SV *ret;
+ INIT:
+     SvGETMAGIC(src);
+     SvGETMAGIC(check_sv);
+@@ -872,10 +873,10 @@ CODE:
+     s = modify ? (U8 *)SvPV_force_nomg(src, slen) : (U8 *)SvPV_nomg(src, slen);
+     if (!SvUTF8(src))
+         utf8_safe_upgrade(aTHX_ &src, &s, &slen, modify);
+-    RETVAL = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
++    ret = encode_method(aTHX_ enc, enc->f_utf8, src, s, slen, check,
+               NULL, Nullsv, NULL, fallback_cb);
+-OUTPUT:
+-    RETVAL
++    ST(0) = ret;
++    XSRETURN(1);
+ 
+ bool
+ Method_needs_lines(obj)
+-- 
+2.31.1
+

SPECS/perl-Encode.spec

@@ -8,7 +8,7 @@ Version:        %{cpan_version}
 # perl-encoding sub-package has independent version which does not change
 # often and consecutive builds would clash on perl-encoding NEVRA. This is the
 # same case as in perl.spec.
-Release:        462%{?dist}
+Release:        461%{?dist}
 Summary:        Character encodings in Perl
 # ucm:          UCD
 # bin/encguess: Artistic 2.0
@@ -16,8 +16,10 @@ Summary:        Character encodings in Perl
 License:        (GPL+ or Artistic) and Artistic 2.0 and UCD
 URL:            https://metacpan.org/release/Encode
 Source0:        https://cpan.metacpan.org/authors/id/D/DA/DANKOGAI/Encode-%{cpan_version}.tar.gz
-# Encode.pm does not load code from outside expected @INC (rhbz#1984005, CVE-2021-36770)
-Patch0:         Encode-3.08-mitigate-INC-pollution-when-loading-ConfigLocal.patch
+# Encode.pm does not load code from outside expected @INC (rhbz#1991539, CVE-2021-36770)
+Patch0:         Encode-3.12-mitigate-INC-pollution-when-loading-ConfigLocal.patch
+# Fix memory leak in function encode_method()
+Patch1:         Encode-3.14-Fix-memory-leak-in-function-encode_method.patch
 BuildRequires:  findutils
 BuildRequires:  gcc
 BuildRequires:  make
@@ -130,6 +132,7 @@ your own encoding to perl. No knowledge of XS is necessary.
 %prep
 %setup -q -n Encode-%{cpan_version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 # Additional scripts can be installed by appending MORE_SCRIPTS, UCM files by
@@ -173,19 +176,15 @@ make test
 %{perl_vendorarch}/Encode/encode.h
 
 %changelog
-* Tue Aug 10 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-462
-- Resolves: rhbz#1984005, CVE-2021-36770 - mitigate @INC pollution when
-  loading ConfigLocal
+* Sun Oct 10 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-461
+- Fix memory leak in function encode_method()
+- "Fix a memory leak on FB_CROAK" was reverted in Encode 3.15
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4:3.08-461
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Wed Oct 06 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-460
+- Fix a memory leak on FB_CROAK, backported from Encode 3.13
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4:3.08-460
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4:3.08-459
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+* Mon Aug 09 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-459
+- Fix CVE-2021-36770 - mitigate @INC pollution when loading ConfigLocal
 
 * Wed Dec 02 2020 Jitka Plesnikova <jplesnik@redhat.com> - 4:3.08-458
 - 3.08 bump