This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
(perl #17844) don't update SvCUR until after we've done moving
authorTony Cook <tony@develop-help.com>
Mon, 15 Apr 2019 05:23:32 +0000 (15:23 +1000)
committerNicolas R <nicolas@atoomic.org>
Thu, 30 Jul 2020 23:28:05 +0000 (17:28 -0600)
commit45f235c116d4deab95c576aff77fe46d609f8553
tree4db901fc3e8824d94b82e1a5919100878109cf44
parentcb3d73dce2756fa1c49d4a2e236543f633d036ec
(perl #17844) don't update SvCUR until after we've done moving

SvCUR() before the SvGROW() calls could result in reading beyond the
end of a buffer.

It wasn't a problem in the normal case, since sv_grow() just calls
realloc() which has its own notion of how big the memory block is, but
if the SV is SvOOK() sv_backoff() tries to move SvCUR()+1 bytes, which
might be larger than the currently allocated size of the PV.
doop.c
t/op/bop.t