develooper Front page | perl.perl5.porters | Postings from September 2016

Re: [perl #129176] Conditional jump depends on uninitialized valuesin S_scan_heredoc

Thread Previous | Thread Next
From:
Dave Mitchell
Date:
September 5, 2016 13:13
Subject:
Re: [perl #129176] Conditional jump depends on uninitialized valuesin S_scan_heredoc
Message ID:
20160905131316.GY3173@iabyn.com
On Fri, Sep 02, 2016 at 10:31:37PM -0700, Father Chrysostomos via RT wrote:
> On Fri Sep 02 13:38:21 2016, dcollinsn@gmail.com wrote:
> > $ perl -e 'print "<<`\\"' | valgrind ../bin/perl
> ...
> > Can't find string terminator "\" anywhere before EOF at - line 1.
> 
> Wrong error message.
> 
> delimcpy (used to find the end of the `\... after <<) is going one byte past the end of the buffer passed to it, because the trailing null is ‘escaped’ with a backslash.  delimcpy needs fixing.
> 
> scan_heredoc perfectly reasonably croaks only if s==PL_bufend, since if s<PL_bufend the terminating ` was found.  In this case s>PL_bufend, which would not happen with a properly functioning delimcpy.

Note that I already have a fix worked up for this; I can't apply it yet
since it applies on top of another fix by Tony which hasn't been applied
yet (which was also an issue initially reported to the security queue but
which was provisionally agreed not to be a security issue).

-- 
You live and learn (although usually you just live).

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About