This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: abf787b) | patch
PATCH: [perl #134067] heap buffer overflow in lexing
authorKarl Williamson <khw@cpan.org>
Sat, 27 Apr 2019 20:04:58 +0000 (14:04 -0600)
committerKarl Williamson <khw@cpan.org>
Fri, 3 May 2019 16:58:50 +0000 (10:58 -0600)
commit3fdfceb306b900b57c3ce5ad662aea091cfb53a6
treeb6a6ae82e0d422eb1ba8e1fd7a04178e0b017eb2tree | snapshot
parentabf787ba980b7d12a799dc22b830524bed5e028dcommit | diff
PATCH: [perl #134067] heap buffer overflow in lexing

This bug happens under tr///.  In some circumstances, a byte is inserted
in the output that wasn't in the input, and it did not check that there
was space available for this character.  The result could be a write
after the buffer end.

I suspect that this bug has been there all along, and the blamed commit
rearranged things so that it is more likely to happen; it depends on
needing to malloc in just the wrong place.
MANIFEST diff | blob | blame | history
t/op/tr_latin1.t [new file with mode: 0644] blob
toke.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.