Front page | perl.perl5.porters |
Postings from September 2016
On 13 September 2016 at 20:29, Todd Rinaldo via RT
<perlbug-followup@perl.org> wrote:
> On Tue Sep 13 11:26:24 2016, demerphq wrote:
>
>> > I did not search for other examples. I thought it might be best to
>> > open a discussion before proceeding on any work.
>>
>> Not sure what there is to discuss really. Wrong is wrong. ☺️
>>
>> Yves
>
>
> Proposed patch. I'm 99% certain we need <= not <. However this is why I use Perl. So I don't have to remember that ;)
>
> ---
> via perlbug: queue: perl5 status: open
> https://rt.perl.org/Ticket/Display.html?id=129267
>
> From 1c722feb82f0b29d5b439ddc1dd3f05a7a3e115f Mon Sep 17 00:00:00 2001
> From: Todd Rinaldo <toddr@cpan.org>
> Date: Tue, 13 Sep 2016 13:21:03 -0500
> Subject: [PATCH] Prevent Perl_gv_fetchmethod_pvn_flags from running past the
> end of a string
>
> Addressed reported issue from Perl #129267
> ---
> gv.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gv.c b/gv.c
> index 1bc8bf2..c9b706c 100644
> --- a/gv.c
> +++ b/gv.c
> @@ -1028,7 +1028,7 @@ Perl_gv_fetchmethod_pvn_flags(pTHX_ HV *stash, const char *name, const STRLEN le
> the error reporting code. */
> }
>
> - for (nend = name; *nend || nend != (origname + len); nend++) {
> + for (nend = name; *nend && nend <= (origname + len); nend++) {
> if (*nend == '\'') {
> nsplit = nend;
> name = nend + 1;
Well, that fixes /one/ issue. But I think there are more. I was
putting together a patch like this:
$ git diff gv.c
diff --git a/gv.c b/gv.c
index 1bc8bf2..23700a0 100644
--- a/gv.c
+++ b/gv.c
@@ -1009,6 +1009,7 @@ GV *
Perl_gv_fetchmethod_pvn_flags(pTHX_ HV *stash, const char *name,
const STRLEN len, U32 flags)
{
const char *nend;
+ const char * const name_end= name + len;
const char *nsplit = NULL;
GV* gv;
HV* ostash = stash;
@@ -1028,15 +1029,15 @@ Perl_gv_fetchmethod_pvn_flags(pTHX_ HV *stash,
const char *name, const STRLE
the error reporting code. */
}
- for (nend = name; *nend || nend != (origname + len); nend++) {
+ for (nend = name; nend < name_end && *nend; nend++) {
if (*nend == '\'') {
nsplit = nend;
name = nend + 1;
}
- else if (*nend == ':' && *(nend + 1) == ':') {
- nsplit = nend++;
- name = nend + 1;
- }
+ else if (*nend == ':' && nend+1 < name_end && *(nend + 1) == ':') {
+ nsplit = nend++;
+ name = nend + 1;
+ }
}
if (nsplit) {
if ((nsplit - origname) == 5 && memEQ(origname, "SUPER", 5)) {
Although I will probably follow it will another patch to rename "nend".
Also, somewhat concerning is the comment right above this function:
/* Don't merge this yet, as it's likely to get a len parameter, and possibly
even a U32 hash */
Sigh.
Yves
--
perl -Mre=debug -e "/just|another|perl|hacker/"
Thread Previous
|
Thread Next