(perl #118551) an empty string from _freeze() now supplies the same to _thaw()/_attach()

tonycoz · tonycoz · commit 48968138d197 · 2018-02-08T13:58:13.000+11:00
The retrieve_hook() code would simply pass the string length to
NEWSV(), so if the length was zero, no PV would be allocated, and the
SV would not be upgraded.

The following code would then set POK on an SV that wasn't SVt_PV (or
better), resulting in fun later down the line.

Change to always supply at least 1 as the buffer size for NEWSV(), and
always set CUR and NUL terminate the buffer.
diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
@@ -4903,12 +4903,12 @@ static SV *retrieve_hook_common(pTHX_ stcxt_t *cxt, const char *cname, int large
     else
         GETMARK(len2);
 
-    frozen = NEWSV(10002, len2);
+    frozen = NEWSV(10002, len2 ? len2 : 1);
     if (len2) {
         SAFEREAD(SvPVX(frozen), len2, frozen);
-        SvCUR_set(frozen, len2);
-        *SvEND(frozen) = '\0';
     }
+    SvCUR_set(frozen, len2);
+    *SvEND(frozen) = '\0';
     (void) SvPOK_only(frozen);		/* Validates string pointer */
     if (cxt->s_tainted)			/* Is input source tainted? */
         SvTAINT(frozen);
diff --git a/dist/Storable/t/blessed.t b/dist/Storable/t/blessed.t
@@ -44,7 +44,7 @@ use Storable qw(freeze thaw store retrieve);
    'long VSTRING' => \(my $lvstring = eval "v" . 0 x 300),
    LVALUE         => \(my $substr  = substr((my $str = "foo"), 0, 3)));
 
-my $test = 12;
+my $test = 13;
 my $tests = $test + 23 + (2 * 6 * keys %::immortals) + (3 * keys %::weird_refs);
 plan(tests => $tests);
 
@@ -322,3 +322,38 @@ is(ref $t, 'STRESS_THE_STACK');
         }
     }
 }
+
+{
+    # [perl #118551]
+    {
+        package RT118551;
+
+        sub new {
+            my $class = shift;
+            my $string = shift;
+            die 'Bad data' unless defined $string;
+            my $self = { string => $string };
+            return bless $self, $class;
+        }
+
+        sub STORABLE_freeze {
+            my $self = shift;
+            my $cloning = shift;
+            return if $cloning;
+            return ($self->{string});
+        }
+
+        sub STORABLE_attach {
+            my $class = shift;
+            my $cloning = shift;
+            my $string = shift;
+            return $class->new($string);
+        }
+    }
+
+    my $x = [ RT118551->new('a'), RT118551->new('') ];
+
+    $y = freeze($x);
+
+    ok(eval {thaw($y)}, "empty serialized") or diag $@; # <-- dies here with "Bad data"
+}
