develooper Front page | perl.perl5.porters | Postings from February 2015

[perl #123874] pack underflow

Thread Previous
From:
Hugo van der Sanden
Date:
February 18, 2015 15:35
Subject:
[perl #123874] pack underflow
Message ID:
rt-4.0.18-3194-1424273725-1874.123874-75-0@perl.org
# New Ticket Created by  Hugo van der Sanden 
# Please include the string:  [perl #123874]
# in the subject line of all future correspondence about this issue. 
# <URL: https://rt.perl.org/Ticket/Display.html?id=123874 >


AFL (<http://lcamtuf.coredump.cx/afl/>) finds this:

% ./miniperl -e 'pack "pi/x"'
Segmentation fault (core dumped)
% 

This occurs because the NEXTFROM macro leaves items == -1, and we then end up trying to Zero(cur, len, char) with len == -1. The code fix is below, will push once I've added a test.

Hugo

--- a/pp_pack.c
+++ b/pp_pack.c
@@ -2094,7 +2094,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist )
        char *cur   = start + SvCUR(cat);
         bool needs_swap;
 
-#define NEXTFROM (lengthcode ? lengthcode : items-- > 0 ? *beglist++ : &PL_sv_no)
+#define NEXTFROM (lengthcode ? lengthcode : items > 0 ? (--items, *beglist++) : &PL_sv_no)
 #define PEEKFROM (lengthcode ? lengthcode : items > 0 ? *beglist : &PL_sv_no)
 
         switch (howlen) {


Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About