From: Paul "LeoNerd" Evans <leonerd@leonerd.org.uk>
Date: Sat, 27 Jun 2020 15:09:49 +0000 (+0100)
Subject: Ensure stack is in consistent state while restoring SAVEt_HINTS
X-Git-Tag: v5.33.1~240
X-Git-Url: https://perl5.git.perl.org/perl5.git/commitdiff_plain/ae955d3a183337a4770d39640a21da146cf97bc7

Ensure stack is in consistent state while restoring SAVEt_HINTS

SAVEt_HINTS has a non-constant savestack structure. If the
HINT_LOCALIZE_HH flag was set it pushes an additional pointer. In some
complex code scenarios it is possible reënter Perl code while destroying
nested PL_hintgv hashes (for example, if any stored objects contain
`free` magic). Because of this, it is important that we pop the extra
value from the save stack before any other code can be invoked, so if
they need to inspect or alter the save stack, they can do so in a
consistent manner.

See also

  https://github.com/Perl/perl5/issues/17895
---

diff --git a/scope.c b/scope.c
index a948a7b..df2e3c7 100644
--- a/scope.c
+++ b/scope.c
@@ -1348,7 +1348,12 @@ Perl_leave_scope(pTHX_ I32 base)
 	    break;
 
 	case SAVEt_HINTS:
+        {
+	    HV *was_hinthv;
             a0 = ap[0]; a1 = ap[1];
+            if (a0.any_i32 & HINT_LOCALIZE_HH) {
+                was_hinthv = MUTABLE_HV(SSPOPPTR);
+            }
 	    if ((PL_hints & HINT_LOCALIZE_HH)) {
 	      while (GvHV(PL_hintgv)) {
 		HV *hv = GvHV(PL_hintgv);
@@ -1361,7 +1366,7 @@ Perl_leave_scope(pTHX_ I32 base)
 	    *(I32*)&PL_hints = a0.any_i32;
 	    if (PL_hints & HINT_LOCALIZE_HH) {
 		SvREFCNT_dec(MUTABLE_SV(GvHV(PL_hintgv)));
-		GvHV(PL_hintgv) = MUTABLE_HV(SSPOPPTR);
+                GvHV(PL_hintgv) = was_hinthv;
 	    }
 	    if (!GvHV(PL_hintgv)) {
 		/* Need to add a new one manually, else rv2hv can
@@ -1372,6 +1377,7 @@ Perl_leave_scope(pTHX_ I32 base)
 	    }
 	    assert(GvHV(PL_hintgv));
 	    break;
+        }
 
 	case SAVEt_COMPPAD:
             a0 = ap[0];