develooper Front page | perl.perl5.porters | Postings from January 2017

[perl #129274] heap-buffer-overflow Perl_sv_vcatpvfn_flags(sv.c:12912)

Tony Cook via RT
January 24, 2017 00:32
[perl #129274] heap-buffer-overflow Perl_sv_vcatpvfn_flags(sv.c:12912)
Message ID:
On Tue, 29 Nov 2016 20:31:40 -0800, tonyc wrote:
> On Wed, 05 Oct 2016 06:04:14 -0700, hv wrote:
> > I don't think this is likely to be a security concern.
> I agree, so I've move the ticket to the public queue.
> Treating the # immediately following the $ as a comment in
> intuit_method() strikes me as a bug in itself, which I think
> the attached fixes.
> I don't think this fixes the base issue though - I'm not sure
> how to fix that, perhaps intuit_method() should be restoring
> PL_linestart.

I spent some time trying to make this crash with my patch in place but couldn't manage it.

I've applied my patch (with a test added) as 71776ae4fad9a7659deefe0c2376d45b873ffd6a.

Please open a new ticket if you manage to find a similar issue this commit
doesn't fix.

Closing this ticket.


via perlbug:  queue: perl5 status: open Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About