This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
[perl #125826] make the buffer large enough in TRIE_STORE_REVCHAR
authorTony Cook <tony@develop-help.com>
Wed, 19 Aug 2015 04:35:29 +0000 (14:35 +1000)
committerTony Cook <tony@develop-help.com>
Wed, 19 Aug 2015 04:35:29 +0000 (14:35 +1000)
Since the SV is discarded almost immediately (in non-DEBUGGING builds)
don't worry about making it the smallest possible size.

regcomp.c
t/re/pat_advanced.t

index f08f08f..4719d12 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -2001,7 +2001,7 @@ is the recommended Unicode-aware way of saying
 #define TRIE_STORE_REVCHAR(val)                                            \
     STMT_START {                                                           \
        if (UTF) {                                                         \
-            SV *zlopp = newSV(7); /* XXX: optimize me */                   \
+            SV *zlopp = newSV(UTF8_MAXBYTES);                             \
            unsigned char *flrbbbbb = (unsigned char *) SvPVX(zlopp);      \
             unsigned const char *const kapow = uvchr_to_utf8(flrbbbbb, val); \
            SvCUR_set(zlopp, kapow - flrbbbbb);                            \
index 230fd89..33647f3 100644 (file)
@@ -2419,6 +2419,15 @@ EOF
                         'No segfault on qr{(?&foo){0}abc(?<foo>)}');
     }
 
+    SKIP:
+    {   # [perl #125826] buffer overflow in TRIE_STORE_REVCHAR
+        # (during compilation, so use a fresh perl)
+        $Config{uvsize} == 8
+         or skip("need large code-points for this test", 1);
+       fresh_perl_is('/\x{E000000000}|/ and print qq(ok\n)', "ok\n", {},
+                     "buffer overflow in TRIE_STORE_REVCHAR");
+    }
+
     # !!! NOTE that tests that aren't at all likely to crash perl should go
     # a ways above, above these last ones.