Front page | perl.perl5.porters |
Postings from May 2011
On Sat, May 21, 2011 at 10:05:49PM +0100, Dave Mitchell wrote:
> On Sat, May 21, 2011 at 07:32:15PM +0100, Nicholas Clark wrote:
> > It's this:
> >
> > commit 815f25c6e302f84ecce02c74fa717a19d787f662
> > Author: Dave Mitchell <davem@fdisolutions.com>
> > Date: Sat May 10 02:45:23 2003 +0100
> >
> > [perl #7391] Perl crashes with certain write() formats.
>
>
> > I'm certainly not going to get a chance to look at this for at least 36 hours
> > (and maybe not even then)
>
> I'll have a look
Now looked at and fixed.
The basic problem is that when a format is compiled, it keeps indexes
into the original string (so for example it can print out the literal
chunks of the format). If the PVX slot of the SV can change (tie) or
doesn't exist at at all (stringification of a reference), then it all goes
to pot. Worse, in that last case, it estimates the output buffer size to
be zero, which it immediately overruns.
Frankly, pp_formline was a big mess and full of bugs and potential bombs.
I've fixed many things within it with the 20 commits running between
3808a68376b13a13745f22f7454ecf5e673ad24f
and
a701009a6144238330665867df80dde3e52459e3
inclusive, with the first one most closely addressing the bug in this ticket.
--
In the 70's we wore flares because we didn't know any better.
What possible excuse does the current generation have?
Thread Previous
|
Thread Next