This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
locale.c: Avoid potential read beyond buffer end
I noticed this flaw by code reading; I doubt that it's exploitable.
foldEQ assumes that both operands are at least as long as its length
parameter. In this case, it's possible that the codeset returned by
nl_langinfo is shorter than 5, in which case, it would try to access the
extra characters in the heap. Real codesets tend to be longer than
this, so an attacker would likely have to install a locale with a
made-up codeset whose name is shorter.
Even the C locale is longer: "ANSI_X3.4-1968"