develooper Front page | perl.perl5.porters | Postings from August 2018

[perl #130909] AddressSanitizer: heap-buffer-overflow InPerl_pp_padsv

From:
Tony Cook via RT
Date:
August 21, 2018 01:18
Subject:
[perl #130909] AddressSanitizer: heap-buffer-overflow InPerl_pp_padsv
Message ID:
rt-4.0.24-15550-1534814290-1467.130909-15-0@perl.org
On Mon, 06 Mar 2017 09:57:26 -0800, davem wrote:
> I haven't looked more closely yet at how to fix it. I doubt that is a
> security issue though, since it involves the rare use of the empty pattern
> against a code-block-containing regex. An attacker is unlikely to find
> existing perl code that is exploitable and that doesn't already badly
> crash (and so would never have made it into production in the first
> place).

Now public.

Tony



---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=130909



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About