develooper Front page | perl.perl5.porters | Postings from September 2016

[perl #129267] Possible string overrun with invalid len in gv.c

Thread Previous | Thread Next
From:
Todd Rinaldo via RT
Date:
September 13, 2016 18:59
Subject:
[perl #129267] Possible string overrun with invalid len in gv.c
Message ID:
rt-4.0.24-14717-1473793170-1812.129267-15-0@perl.org
On Tue Sep 13 11:29:21 2016, petdance wrote:
> 
> > On Sep 13, 2016, at 1:25 PM, demerphq <demerphq@gmail.com> wrote:
> >
> > > I did not search for other examples. I thought it might be best to
> > > open a discussion before proceeding on any work.
> >
> > Not sure what there is to discuss really.  Wrong is wrong. ☺️
> >
> 
> 
> I took the comment to mean “For all I know, there may be other
> examples elsewhere in the codebase, and it might even be a security
> hole, but I haven’t investigated further, but someone probably should
> before we just patch this and call it done."
> 

Correct. I was a little concerned this code pattern might be being used to walk other string incorrectly.

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=129267

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About