develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #129130] heap-buffer-overflow Perl_pp_chdir (pp_sys.c:3685)

From:
Tony Cook via RT
Date:
October 24, 2016 03:22
Subject:
[perl #129130] heap-buffer-overflow Perl_pp_chdir (pp_sys.c:3685)
Message ID:
rt-4.0.24-32655-1477279332-1353.129130-15-0@perl.org
On Sun Sep 04 22:50:16 2016, tonyc wrote:
> Fix attached.

Applied as 92c843fb4b4e1a1e0ac7ec0fe198dc77266838da.

> 
> I don't think this would be exploitable beyond a denial of service if it
> crashes perl - it only writes one pointersize beyond the end of the
> allocated block, and is always the address of a new SV (should this use
> PL_sv_yes and PL_sv_no?)

And made this public.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=129130



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About