This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
avoid reading/writing beyond the end of RExC_(open|close)_parens
authorTony Cook <tony@develop-help.com>
Mon, 7 Mar 2016 03:58:38 +0000 (14:58 +1100)
committerTony Cook <tony@develop-help.com>
Mon, 7 Mar 2016 03:58:38 +0000 (14:58 +1100)
commit2dc40b2d7c20b0d31c4343ac23cda9799f234a65
tree6e7027c9da0eadbcf1633932ad9a056161a8e24a
parent2aade621bf201fa22109ff80547965dc87cfe466
avoid reading/writing beyond the end of RExC_(open|close)_parens

Partly reverts d5a00e4af, which added this change:

-        for ( paren=0 ; paren < RExC_npar ; paren++ ) {
+        for ( paren=0 ; paren <= RExC_npar ; paren++ ) {

but RExC_(open|close)_parens are both allocated with RExC_npar entries,
making this a read/write buffer overflow.

This caused crashes during the build with GCC on Win32, and was
detectable with valgrind and -fsanitize=address on Linux.

With the change, passes all tests with -fsanitize=address -DDEBUGGING
on Linux and finishes the build with GCC on Win32.
regcomp.c