develooper Front page | perl.perl5.porters | Postings from January 2017

[perl #129274] heap-buffer-overflow Perl_sv_vcatpvfn_flags(sv.c:12912)

From:
Tony Cook via RT
Date:
January 24, 2017 00:32
Subject:
[perl #129274] heap-buffer-overflow Perl_sv_vcatpvfn_flags(sv.c:12912)
Message ID:
rt-4.0.24-22854-1485217955-1331.129274-15-0@perl.org
On Tue, 29 Nov 2016 20:31:40 -0800, tonyc wrote:
> On Wed, 05 Oct 2016 06:04:14 -0700, hv wrote:
> > I don't think this is likely to be a security concern.
> 
> I agree, so I've move the ticket to the public queue.
> 
> Treating the # immediately following the $ as a comment in
> intuit_method() strikes me as a bug in itself, which I think
> the attached fixes.
> 
> I don't think this fixes the base issue though - I'm not sure
> how to fix that, perhaps intuit_method() should be restoring
> PL_linestart.

I spent some time trying to make this crash with my patch in place but couldn't manage it.

I've applied my patch (with a test added) as 71776ae4fad9a7659deefe0c2376d45b873ffd6a.

Please open a new ticket if you manage to find a similar issue this commit
doesn't fix.

Closing this ticket.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=129274



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About