Front page | perl.perl5.porters |
Postings from October 2013
On Wed, Aug 28, 2013 at 02:09:51PM -0700, andrewn@locus.net wrote:
> $ ./perl -e '/\7777777777/'
> Segmentation fault
>
> This is caused by a negative backreference in the compiled regex when the
> following code returns a negative number:
>
> regcomp.c:10690: num = atoi(RExC_parse);
>
> This bug was discovered in our production system running perl-5.8.8-40.el5_9
> (CentOS5), confirmed on a developer's ActivePerl 5.16.2 (Windows7), and
> debugged/reported on the current git.
>
> The following patch does not properly correct the parsing of large integers,
> but it should at least die cleanly instead of segfaulting:
Thanks for the report and patch. I've actually applied this more general
fix to bleed:
commit 0c2990d652e985784f095bba4bc356481a66aa06
Author: David Mitchell <davem@iabyn.com>
AuthorDate: Wed Oct 16 13:59:12 2013 +0100
Commit: David Mitchell <davem@iabyn.com>
CommitDate: Thu Oct 17 10:57:35 2013 +0100
[perl #119505] Segfault from bad backreference
The code that parses regex backrefs (or ambiguous backref/octal) such as
\123, did a simple atoi(), which could wrap round to negative values on
long digit strings and cause seg faults.
Include a check on the length of the digit string, and if greater than 9
digits, assume it can never be a valid backref (obviating the need for the
atoi() call).
I've also simplified the code a bit, putting most of the \g handling code
into a single block, rather than doing multiple "if (isg) {...}".
M regcomp.c
M t/re/re_tests
--
Lear: Dost thou call me fool, boy?
Fool: All thy other titles thou hast given away; that thou wast born with.
Thread Previous
|
Thread Next