develooper Front page | perl.perl5.porters | Postings from January 2019

[perl #131955] heap-buffer-overflow in token.c:S_scan_formline()

Thread Previous
From:
Tony Cook via RT
Date:
January 21, 2019 03:31
Subject:
[perl #131955] heap-buffer-overflow in token.c:S_scan_formline()
Message ID:
rt-4.0.24-8358-1548041492-1682.131955-15-0@perl.org
On Mon, 28 Aug 2017 18:42:02 -0700, tonyc wrote:
> On Sun, 27 Aug 2017 17:10:40 -0700, tonyc wrote:
> > On Sun, 27 Aug 2017 01:10:04 -0700, imdb95@gmail.com wrote:
> > > Greetings,
> > > Have you take a look at fixing this bug please?
> >
> > I expect to take a close look at it tomorrow (or maybe later today).
> >
> > Just from the backtrace it doesn't appear to be a security issue, but
> > I won't be sure of that until I take that close look.
> 
> This requires feeding code to the parser and isn't a security issue.
> 
> scan_formline() is being entered with PL_bufptr == PL_bufend+1 and
> things go downhill from there.
> 
> I haven't tracked down exactly why that's happening though.

This looks like it was fixed by 817480137a8b1165315f21d14b8968862101c3a2.

Tony


---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=131955

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About