This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
PATCH: [perl #134067] heap buffer overflow in lexing
authorKarl Williamson <khw@cpan.org>
Sat, 27 Apr 2019 20:04:58 +0000 (14:04 -0600)
committerKarl Williamson <khw@cpan.org>
Fri, 3 May 2019 16:58:50 +0000 (10:58 -0600)
commit3fdfceb306b900b57c3ce5ad662aea091cfb53a6
treeb6a6ae82e0d422eb1ba8e1fd7a04178e0b017eb2
parentabf787ba980b7d12a799dc22b830524bed5e028d
PATCH: [perl #134067] heap buffer overflow in lexing

This bug happens under tr///.  In some circumstances, a byte is inserted
in the output that wasn't in the input, and it did not check that there
was space available for this character.  The result could be a write
after the buffer end.

I suspect that this bug has been there all along, and the blamed commit
rearranged things so that it is more likely to happen; it depends on
needing to malloc in just the wrong place.
MANIFEST
t/op/tr_latin1.t [new file with mode: 0644]
toke.c