develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #129000] heap-buffer-overflow Perl_utf8_hop (utf8.c:1132)

Thread Previous
From:
Tony Cook via RT
Date:
October 18, 2016 22:53
Subject:
[perl #129000] heap-buffer-overflow Perl_utf8_hop (utf8.c:1132)
Message ID:
rt-4.0.24-31544-1476831177-1772.129000-15-0@perl.org
On Mon Aug 22 18:19:40 2016, tonyc wrote:
> As this requires feeding code to the perl parser I don't think it's
> security
> issue (if you can feed code you can attack much more directly.)
> 
> It's still a bug, I suspect we're calling functions that are intended
> to
> work on valid UTF-8 on strings with known invalid UTF-8.

Since this isn't a security issue, I've moved it to the public queue.

I'm working on a fix.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=129000

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About