[perl #134325] Heap buffer overflow

Front page | perl.perl5.porters | Postings from August 2019

[perl #134325] Heap buffer overflow

Thread Previous | Thread Next

From:

Hugo van der Sanden via RT

Date:

August 12, 2019 12:46

Subject:

[perl #134325] Heap buffer overflow

Message ID:

rt-4.0.24-13328-1565613979-850.134325-15-0@perl.org

On Sun, 11 Aug 2019 23:09:07 -0700, tonyc wrote:
> Attached the PoC to save people time.

Here's a shorter version. I was unaware of the compounding effect of multiple \Q - I would have expected "\Q\Q+" to result in '\Q\+' rather than '\\\+' - and I suspect the long string resulting is a prime mover in this bug.

perl -e '
  $quote="\\Q";
  $back="\\\\";
  $ff="\xff";
  printf "/\\1|(|%s)%s%s   /i",
    $quote x 8 . $back x 69,
    $quote x 5 . $back x 4,
    $ff x 48
' | ./miniperl

Hugo

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=134325

Thread Previous | Thread Next

[perl #134325] Heap buffer overflow by Hugo van der Sanden via RT

Re: [perl #134325] Heap buffer overflow by Tony Cook

[perl #134325] Heap buffer overflow by Hugo van der Sanden via RT

Re: [perl #134325] Heap buffer overflow by Karl Williamson

[perl #134325] Heap buffer overflow by Tony Cook via RT

[perl #134325] Heap buffer overflow by Hugo van der Sanden via RT
[perl #134325] Heap buffer overflow by Tony Cook via RT

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About