develooper Front page | perl.perl5.changes | Postings from March 2019

[perl.git] branch blead updated. v5.29.8-59-g56e36cbf2f

From:
Karl Williamson
Date:
March 8, 2019 17:19
Subject:
[perl.git] branch blead updated. v5.29.8-59-g56e36cbf2f
Message ID:
E1h2J9B-0003YF-G4@git.dc.perl.space
In perl.git, the branch blead has been updated

<https://perl5.git.perl.org/perl.git/commitdiff/56e36cbf2fdf9d90f61690c1c3fc35af0d65e0cd?hp=ff736663d576ffad28573e0034109dc2da50d18d>

- Log -----------------------------------------------------------------
commit 56e36cbf2fdf9d90f61690c1c3fc35af0d65e0cd
Author: Karl Williamson <khw@cpan.org>
Date:   Fri Mar 8 10:01:48 2019 -0700

    PATCH: [perl #133876] Write out of bounds
    
    This was caused by a lapse on my part about the inputs to this function
    that grows memory.  I was thinking the trailing NUL was included, but
    it's not.  This patch adds space for that to all calls of
    sv_utf8_upgrade_flags_grow() in the file.
    
    But it occurs to me that maybe the function itself should just add one
    instead of having the caller do it.  If you think so, let me know.

-----------------------------------------------------------------------

Summary of changes:
 pp.c          | 9 ++++++---
 t/uni/upper.t | 3 ++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/pp.c b/pp.c
index 77dddcb8b3..c7fa23189d 100644
--- a/pp.c
+++ b/pp.c
@@ -4300,7 +4300,8 @@ PP(pp_uc)
 		    SvCUR_set(dest, len);
 		    len = sv_utf8_upgrade_flags_grow(dest,
 						SV_GMAGIC|SV_FORCE_UTF8_UPGRADE,
-						extra);
+                                                extra
+                                              + 1 /* trailing NUL */ );
 		    d = (U8*)SvPVX(dest) + len;
 
                     /* Now process the remainder of the source, simultaneously
@@ -4434,7 +4435,8 @@ PP(pp_lc)
              * when converted to UTF-8 */
             sv_utf8_upgrade_flags_grow(dest, 0, len
                                               + I_count
-                                              + variant_under_utf8_count(s, send));
+                                              + variant_under_utf8_count(s, send)
+                                              + 1 /* Trailing NUL */ );
             d = (U8*)SvPVX(dest);
             has_turkic_I = TRUE;
         }
@@ -4803,7 +4805,8 @@ PP(pp_fc)
                     SvCUR_set(dest, len);
                     len = sv_utf8_upgrade_flags_grow(dest,
                                                 SV_GMAGIC|SV_FORCE_UTF8_UPGRADE,
-                                                extra);
+                                                extra
+                                              + 1 /* Trailing NUL */ );
                     d = (U8*)SvPVX(dest) + len;
 
                     *d++ = UTF8_TWO_BYTE_HI(GREEK_SMALL_LETTER_MU);
diff --git a/t/uni/upper.t b/t/uni/upper.t
index 252b51ce39..3c8d8c2be7 100644
--- a/t/uni/upper.t
+++ b/t/uni/upper.t
@@ -11,8 +11,9 @@ use feature 'unicode_strings';
 
 is(uc("\x{3B1}\x{345}\x{301}"), "\x{391}\x{301}\x{399}",
                                                    'Verify moves YPOGEGRAMMENI');
+fresh_perl_is('use 5.026;m.\U00ÿÿ0000.', "", {}, "[perl #133876]  This caused valgrind and asan errors");
 
-casetest( 1,	# extra tests already run
+casetest( 2,	# extra tests already run
 	"Uppercase_Mapping",
 	 uc                        => sub { uc $_[0] },
 	 uc_with_appended_null_arg => sub { my $a = ""; uc ($_[0] . $a) }

-- 
Perl5 Master Repository



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About