This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e750deb)
dquote.c: Prevent possible out-of-bounds read
authorKarl Williamson <khw@cpan.org>
Tue, 19 Mar 2019 18:21:49 +0000 (12:21 -0600)
committerKarl Williamson <khw@cpan.org>
Tue, 19 Mar 2019 18:50:49 +0000 (12:50 -0600)
This code read a byte that was potentially out-of-bounds.  I don't know
how it could get this far, but maybe some fuzzing code could get it.

dquote.c patch | blob | blame | history

diff --git a/dquote.c b/dquote.c
index 17857dd..bed6624 100644 (file)
--- a/dquote.c
+++ b/dquote.c
@@ -106,7 +106,7 @@ Perl_grok_bslash_o(pTHX_ char **s, const char * const send, UV *uv,
     assert(* *s       == 'o');
     (*s)++;
 
-    if (**s != '{') {
+    if (send <= *s || **s != '{') {
        *error_msg = "Missing braces on \\o{}";
        return FALSE;
     }
Unnamed repository; edit this file 'description' to name the repository.