develooper Front page | perl.perl5.porters | Postings from May 2019

[perl #134067] heap-buffer-overflow in S_scan_const (toke.c:4103)

Thread Next
From:
Karl Williamson via RT
Date:
May 3, 2019 17:07
Subject:
[perl #134067] heap-buffer-overflow in S_scan_const (toke.c:4103)
Message ID:
rt-4.0.24-20654-1556903221-465.134067-15-0@perl.org
Fixed by

commit 3fdfceb306b900b57c3ce5ad662aea091cfb53a6
 Author: Karl Williamson <khw@cpan.org>
 Date:   Sat Apr 27 14:04:58 2019 -0600
 
     PATCH: [perl #134067] heap buffer overflow in lexing
     
     This bug happens under tr///.  In some circumstances, a byte is inserted
     in the output that wasn't in the input, and it did not check that there
     was space available for this character.  The result could be a write
     after the buffer end.
     
     I suspect that this bug has been there all along, and the blamed commit
     rearranged things so that it is more likely to happen; it depends on
     needing to malloc in just the wrong place.
-- 
Karl Williamson

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=134067

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About