This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
[perl #112478] Avoid buffer overflow in upg_version
On most systems, this is actually a panic, rather than an overflow,
because the overflow is detected before it can happen.
upg_version needs to use the equivalent of sprintf "%.9f" on a numeric
input before parsing it. For speed’s sake, I assume, it was done
using my_snprintf, with a C auto for the buffer, declared with a fixed
size of 64.
There is no guarantee that the number passed in will not overflow that
buffer, so upg_version should use an SV and sv_catpvf in those cases
where it would overflow.