develooper Front page | perl.perl5.porters | Postings from August 2017

[perl #131955] heap-buffer-overflow in token.c:S_scan_formline()

From:
Tony Cook via RT
Date:
August 29, 2017 01:42
Subject:
[perl #131955] heap-buffer-overflow in token.c:S_scan_formline()
Message ID:
rt-4.0.24-7160-1503970922-768.131955-15-0@perl.org
On Sun, 27 Aug 2017 17:10:40 -0700, tonyc wrote:
> On Sun, 27 Aug 2017 01:10:04 -0700, imdb95@gmail.com wrote:
> > Greetings,
> > Have you take a look at fixing this bug please?
> 
> I expect to take a close look at it tomorrow (or maybe later today).
> 
> Just from the backtrace it doesn't appear to be a security issue, but
> I won't be sure of that until I take that close look.

This requires feeding code to the parser and isn't a security issue.

scan_formline() is being entered with PL_bufptr == PL_bufend+1 and things go downhill from there.

I haven't tracked down exactly why that's happening though.

Tony

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131955



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About