Fix edge case in pp_eof where the stack extent was not checked.
authorNicholas Clark <nick@ccl4.org>
Sat, 12 Jun 2010 20:13:14 +0000 (21:13 +0100)
committerNicholas Clark <nick@ccl4.org>
Sat, 12 Jun 2010 20:13:14 +0000 (21:13 +0100)
Analogous to pp_getc and pp_tell in ac3697cd90b00fae, pp_eof has a conditional
POP from the stack, but an unconditional PUSH to the stack, but no check that
the stack had space for the PUSH. This bug has been present since perl 5.000.

pp_sys.c

index 9d4887f..3525bfe 100644 (file)
--- a/pp_sys.c
+++ b/pp_sys.c
@@ -2010,10 +2010,14 @@ PP(pp_eof)
 
     if (MAXARG)
        gv = PL_last_in_gv = MUTABLE_GV(POPs);  /* eof(FH) */
-    else if (PL_op->op_flags & OPf_SPECIAL)
-       gv = PL_last_in_gv = GvEGVx(PL_argvgv); /* eof() - ARGV magic */
-    else
-       gv = PL_last_in_gv;                     /* eof */
+    else {
+       EXTEND(SP, 1);
+
+       if (PL_op->op_flags & OPf_SPECIAL)
+           gv = PL_last_in_gv = GvEGVx(PL_argvgv);     /* eof() - ARGV magic */
+       else
+           gv = PL_last_in_gv;                 /* eof */
+    }
 
     if (!gv)
        RETPUSHNO;