develooper Front page | perl.perl5.porters | Postings from January 2017

[perl #130635] [PATCH] Stack overflow in Storable retrieve_hook

Thread Previous | Thread Next
From:
James E Keenan via RT
Date:
January 25, 2017 02:05
Subject:
[perl #130635] [PATCH] Stack overflow in Storable retrieve_hook
Message ID:
rt-4.0.24-8044-1485309945-264.130635-15-0@perl.org
On Tue, 24 Jan 2017 19:22:28 GMT, john@nixnuts.net wrote:
> This is a bug report for perl from john@nixnuts.net,
> generated with the help of perlbug 1.40 running under perl 5.25.9.
> 
> 
> -----------------------------------------------------------------
> AFL detected a stack overflow in Storable's retrieve_hook() function.
> 
> The problem essentially is that a hook's classname length is read into
> a signed integer, compared to the size of a stack buffer, then used to
> read the classname. The size comparison treats the length as signed,
> while the read treats the length as unsigned.
> 

Available for smoke-testing in this branch:

smoke-me/jkeenan/130635-storable

I corrected one spelling error in a test description and incremented the VERSION number.

-- 
James E Keenan (jkeenan@cpan.org)

---
via perlbug:  queue: perl5 status: new
https://rt.perl.org/Ticket/Display.html?id=130635

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About