This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
PATCH: [perl #134067] heap buffer overflow in lexing
This bug happens under tr///. In some circumstances, a byte is inserted
in the output that wasn't in the input, and it did not check that there
was space available for this character. The result could be a write
after the buffer end.
I suspect that this bug has been there all along, and the blamed commit
rearranged things so that it is more likely to happen; it depends on
needing to malloc in just the wrong place.