From 5e987cca642a643a73a4ecad5cc5a1b2bf5cd3fb Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Mon, 17 Jun 2019 16:21:20 +0300
Subject: [PATCH] Copy setlocale() return value in case it gets clobbered by
 later calls

Flagged by AddressSanitizer in [perl #134182]

Quoting IEEE Std 1003.1, 2004 Edition

 https://pubs.opengroup.org/onlinepubs/009695399/functions/setlocale.html

 The string returned by setlocale() is such that a subsequent call with
 that string and its associated category shall restore that part of the
 program's locale. The application shall not modify the string returned
 which may be overwritten by a subsequent call to setlocale().

Bug: https://rt.perl.org/Public/Bug/Display.html?id=134182
---
 vutil/vutil.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/vutil/vutil.c b/vutil/vutil.c
index 5d183a0..e776322 100644
--- a/vutil/vutil.c
+++ b/vutil/vutil.c
@@ -634,7 +634,7 @@ Perl_upg_version(pTHX_ SV *ver, bool qv)
 
             LC_NUMERIC_LOCK(0);    /* Start critical section */
 
-            locale_name_on_entry = setlocale(LC_NUMERIC, NULL);
+            locale_name_on_entry = savepv(setlocale(LC_NUMERIC, NULL));
             if (   strNE(locale_name_on_entry, "C")
                 && strNE(locale_name_on_entry, "POSIX"))
             {
@@ -642,6 +642,7 @@ Perl_upg_version(pTHX_ SV *ver, bool qv)
             }
             else {  /* This value indicates to the restore code that we didn't
                        change the locale */
+                Safefree(locale_name_on_entry);
                 locale_name_on_entry = NULL;
             }
 
@@ -710,6 +711,7 @@ Perl_upg_version(pTHX_ SV *ver, bool qv)
 
             if (locale_name_on_entry) {
                 setlocale(LC_NUMERIC, locale_name_on_entry);
+                Safefree(locale_name_on_entry);
             }
 
             LC_NUMERIC_UNLOCK;  /* End critical section */