This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 46f9c2c) | patch
Fix ‘panic: memory wrap’ in reg_scan_name
authorFather Chrysostomos <sprout@cpan.org>
Mon, 18 Nov 2013 14:01:56 +0000 (06:01 -0800)
committerFather Chrysostomos <sprout@cpan.org>
Mon, 18 Nov 2013 16:29:33 +0000 (08:29 -0800)
commit75839571633feac3bfc81ebab323ce9d655edfcb
tree393504ac8c78afe9b7505c0aa432d6019c8c11bctree | snapshot
parent46f9c2c216aabe458b17081c9919823fd7545126commit | diff
Fix ‘panic: memory wrap’ in reg_scan_name

reg_scan_name was not checking for end-of-string.  If the character it
read were not a word character, it would then increment the current
position (RExC_parse), so that the <-- HERE marker in the error mes-
sage would point to the bad character.

If we try to split a regexp like /(?</ into two pieces when the cur-
rent position is off the end like this:

 ( ? < \0
          ^

then the first ‘half’ of the regexp, before the <-- HERE marker is
"(?<\0" (including the trailing null), and the second ‘half’ is of
negative length.  Negative string lengths are what cause ‘panic: mem-
ory wrap’.

$ ./perl -Ilib -e '/(?</'
panic: memory wrap at -e line 1.

This commit takes advantage of the fact that, ever since 1f4f6bf1,
RExC_parse == name_start has never been true after a call to
reg_scan_name.  This is how reg_scan_name now signals EOS.
regcomp.c diff | blob | blame | history
t/re/reg_mesg.t diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.