This is a live mirror of the Perl 5 development currently hosted at
https://github.com/perl/perl5
https://perl5.git.perl.org
/
perl5.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e750deb
)
dquote.c: Prevent possible out-of-bounds read
author
Karl Williamson
<khw@cpan.org>
Tue, 19 Mar 2019 18:21:49 +0000
(12:21 -0600)
committer
Karl Williamson
<khw@cpan.org>
Tue, 19 Mar 2019 18:50:49 +0000
(12:50 -0600)
This code read a byte that was potentially out-of-bounds. I don't know
how it could get this far, but maybe some fuzzing code could get it.
dquote.c
patch
|
blob
|
blame
|
history
diff --git
a/dquote.c
b/dquote.c
index
17857dd
..
bed6624
100644
(file)
--- a/
dquote.c
+++ b/
dquote.c
@@
-106,7
+106,7
@@
Perl_grok_bslash_o(pTHX_ char **s, const char * const send, UV *uv,
assert(* *s == 'o');
(*s)++;
- if (**s != '{') {
+ if (
send <= *s ||
**s != '{') {
*error_msg = "Missing braces on \\o{}";
return FALSE;
}