develooper Front page | perl.perl5.porters | Postings from August 2019

[perl #134325] Heap buffer overflow

Thread Previous | Thread Next
Hugo van der Sanden via RT
August 12, 2019 12:46
[perl #134325] Heap buffer overflow
Message ID:
On Sun, 11 Aug 2019 23:09:07 -0700, tonyc wrote:
> Attached the PoC to save people time.

Here's a shorter version. I was unaware of the compounding effect of multiple \Q - I would have expected "\Q\Q+" to result in '\Q\+' rather than '\\\+' - and I suspect the long string resulting is a prime mover in this bug.

perl -e '
  printf "/\\1|(|%s)%s%s   /i",
    $quote x 8 . $back x 69,
    $quote x 5 . $back x 4,
    $ff x 48
' | ./miniperl


via perlbug:  queue: perl5 status: open

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About