[perl #132245] heap-buffer-overflow (READ of size 1) in S_scan_const(toke.c:3060)

Front page | perl.perl5.porters | Postings from October 2017

[perl #132245] heap-buffer-overflow (READ of size 1) in S_scan_const(toke.c:3060)

From:

Tony Cook via RT

Date:

October 29, 2017 23:56

Subject:

[perl #132245] heap-buffer-overflow (READ of size 1) in S_scan_const(toke.c:3060)

Message ID:

rt-4.0.24-27436-1509321389-1162.132245-15-0@perl.org

On Wed, 18 Oct 2017 16:55:37 -0700, tonyc wrote:
> On Sun, 08 Oct 2017 03:41:21 -0700, brian.carpenter@gmail.com wrote:
> > Triggered in 1195d90. Not a security concern as per Hugo in #129342 which
> > was marked resolved for 5.26.0.
> > 
> > ./perl -e 'y//\N{}-0/'
> > 
> 
> The first attached patch fixes this for me.
> 
> The second fixes a SV leak in the same area of code.

Applied as e8d55f27af460b2aea0e4f6867acad7ae6e154cc and ebcc725e3f7e5ec8b898a7035ff5c5e2c230522e.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=132245

[perl #132245] heap-buffer-overflow (READ of size 1) in S_scan_const(toke.c:3060) by Tony Cook via RT

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About