From @jhi

Attached.

From @jhi

From fd670099139dabadc727193ec4829ebf88aae6c4 Mon Sep 17 00:00:00 2001
From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Mon, 21 Apr 2014 18:54:54 -0400
Subject: [PATCH 8/9] Fix for Coverity perl5 CID 29060: Pointer to local
 outside scope (RETURN_LOCAL) use_invalid: Using mode, which points to an
 out-of-scope variable tmode.

Duplicate the PerlIOBase_pushed call so that the tmode is in scope.
---
 perlio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/perlio.c b/perlio.c
index fabfdbc..653c7c4 100644
--- a/perlio.c
+++ b/perlio.c
@@ -2907,6 +2907,7 @@ PerlIOStdio_pushed(pTHX_ PerlIO *f, const char *mode, SV *arg, PerlIO_funcs *tab
 		PerlIOSelf(f, PerlIOStdio)->stdio = stdio;
 	    	/* We never call down so do any pending stuff now */
 	    	PerlIO_flush(PerlIONext(f));
+                return PerlIOBase_pushed(aTHX_ f, mode, arg, tab);
 	    }
 	    else {
 		return -1;
-- 
1.8.5.2 (Apple Git-48)

From @tonycoz

On Tue Apr 22 17​:32​:08 2014, jhi wrote​:

Attached.

Added to 5.21.1 blockers.

Tony

The RT System itself - Status changed from 'new' to 'open'

From @tonycoz

On Tue Apr 22 17​:32​:08 2014, jhi wrote​:

Attached.

Thanks, added as a 5.20 blocker and applied as 2a600bb.

Tony

@tonycoz - Status changed from 'open' to 'resolved'

From @bulk88

On Tue Apr 22 17​:32​:08 2014, jhi wrote​:

Attached.

This patch needed a clearer explanation. It took me a long time to figure out what this patch is fixing. It should have mentioned that PerlIOStdio_mode returns tmode, and "mode" was assigned a * to an out of scope C auto.

Ideally tmode should be renamed to "buf", or PerlIOStdio_mode should return void and the caller knows what * it passed. PerlIOStdio_mode's API falls into the stupid category with localtime() and strerror().

Asm wise, this makes no difference on VC 2003 (maybe it will on other CC/archs, liveness etc), before this patch Perl_PerlIO_flush already fell through to PerlIOBase_pushed and tmode was alloced through the whole C function.

--
bulk88 ~ bulk88 at hotmail.com

From @Leont

On Wed, Apr 30, 2014 at 3​:45 AM, bulk88 via RT <perlbug-followup@​perl.org>wrote​:

This patch needed a clearer explanation. It took me a long time to figure
out what this patch is fixing. It should have mentioned that
PerlIOStdio_mode returns tmode, and "mode" was assigned a * to an out of
scope C auto.

It's just a simple fix for a simple but easy to read over issue in a piece
of code that's not particularly commonly used. Commit-message could be
better, but discussing what it should look like isn't really worth the
effort IMHO.

Ideally tmode should be renamed to "buf", or PerlIOStdio_mode should
return void and the caller knows what * it passed. PerlIOStdio_mode's API
falls into the stupid category with localtime() and strerror().

Ideally, PerlIOStdio would DIAF.

Leon