This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
PATCH: GH #17367 read 1 beyond end of buffer
authorKarl Williamson <khw@cpan.org>
Wed, 13 Nov 2019 22:39:15 +0000 (15:39 -0700)
committerKarl Williamson <khw@cpan.org>
Tue, 17 Dec 2019 18:19:31 +0000 (11:19 -0700)
This is a bug in grok_infnan() in which in one place it failed to check
that it was reading within bounds.

numeric.c
t/re/pat.t

index db8197c..142f617 100644 (file)
--- a/numeric.c
+++ b/numeric.c
@@ -791,6 +791,9 @@ Perl_grok_infnan(pTHX_ const char** sp, const char* send)
                 /* "nanq" or "nans" are ok, though generating
                  * these portably is tricky. */
                 s++;
+                if (s == send) {
+                    return flags;
+                }
             }
             if (*s == '(') {
                 /* C99 style "nan(123)" or Perlish equivalent "nan($uv)". */
index 8045ed4..413fbee 100644 (file)
@@ -24,7 +24,7 @@ BEGIN {
 
 skip_all_without_unicode_tables();
 
-plan tests => 1011;  # Update this when adding/deleting tests.
+plan tests => 1012;  # Update this when adding/deleting tests.
 
 run_tests() unless caller;
 
@@ -2081,6 +2081,10 @@ CODE
     {   # [perl #133871], ASAN/valgrind out-of-bounds access
         fresh_perl_like('qr/(?|(())|())|//', qr/syntax error/, {}, "[perl #133871]");
     }
+    {   # [perl #133871], ASAN/valgrind out-of-bounds access
+        fresh_perl_like('qr/\p{nv:NAnq}/', qr/Can't find Unicode property definition/, {}, "GH #17367");
+    }
+
   SKIP:
     {   # [perl #133921], segfault
         skip "Not valid for EBCDIC", 5 if $::IS_EBCDIC;