This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
regcomp can read past end of string after parsing flags
authorHugo van der Sanden <hv@crypt.org>
Tue, 10 Feb 2015 02:09:13 +0000 (02:09 +0000)
committerHugo van der Sanden <hv@crypt.org>
Tue, 10 Feb 2015 02:17:07 +0000 (02:17 +0000)
New test in 8a6d8ec6fe revealed additional code problem reading past
end of string under clang with sanitize=address.

regcomp.c

index e069a15..9e1fab9 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -10414,7 +10414,8 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I32 paren, I32 *flagp,U32 depth)
               parse_flags:
                parse_lparen_question_flags(pRExC_state);
                 if (UCHARAT(RExC_parse) != ':') {
-                    nextchar(pRExC_state);
+                    if (*RExC_parse)
+                        nextchar(pRExC_state);
                     *flagp = TRYAGAIN;
                     return NULL;
                 }