develooper Front page | perl.perl5.porters | Postings from May 2019

[perl #134067] heap-buffer-overflow in S_scan_const (toke.c:4103)

Thread Next
Karl Williamson via RT
May 3, 2019 17:07
[perl #134067] heap-buffer-overflow in S_scan_const (toke.c:4103)
Message ID:
Fixed by

commit 3fdfceb306b900b57c3ce5ad662aea091cfb53a6
 Author: Karl Williamson <>
 Date:   Sat Apr 27 14:04:58 2019 -0600
     PATCH: [perl #134067] heap buffer overflow in lexing
     This bug happens under tr///.  In some circumstances, a byte is inserted
     in the output that wasn't in the input, and it did not check that there
     was space available for this character.  The result could be a write
     after the buffer end.
     I suspect that this bug has been there all along, and the blamed commit
     rearranged things so that it is more likely to happen; it depends on
     needing to malloc in just the wrong place.
Karl Williamson

via perlbug:  queue: perl5 status: open

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About