This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Subject: PATCH: [perl #132063]: Heap buffer overflow
authorKarl Williamson <khw@cpan.org>
Tue, 6 Feb 2018 21:50:48 +0000 (14:50 -0700)
committerKarl Williamson <khw@cpan.org>
Tue, 17 Apr 2018 02:50:02 +0000 (20:50 -0600)
commit9ad8cac45829d8cd51c25f8c6abf8c591514d7e8
tree759f0613fd92ab79624cf5993b178d344098f373
parent2f145a2d09c96f4005a7cd54f706cc76a1fecbbb
Subject: PATCH: [perl #132063]: Heap buffer overflow

There were three things that were fixed as a result of this ticket, any
one of which would have avoided the issue.

Commit 421da25c4318861925129cd1b17263289db3443c already has fixed
one of those.  The issue was reading beyond the end of a buffer, and
that commit keeps from reading beyond a NUL, which normally should be
present, marking the end of the buffer.

This commit fixes the issue where the code was told that reading that
many bytes was ok to do.  This is several instances in regexec.c of the
code assuming that the input was valid UTF-8, whereas the input was too
short for what the start byte claimed it would be.

I grepped through the core for any other similar uses, and did not find
any.

The next commit will fix the third thing.
regexec.c
t/lib/warnings/regexec