This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
dquote.c: Prevent possible out-of-bounds read
authorKarl Williamson <khw@cpan.org>
Tue, 19 Mar 2019 18:21:49 +0000 (12:21 -0600)
committerKarl Williamson <khw@cpan.org>
Tue, 19 Mar 2019 18:50:49 +0000 (12:50 -0600)
This code read a byte that was potentially out-of-bounds.  I don't know
how it could get this far, but maybe some fuzzing code could get it.

dquote.c

index 17857dd..bed6624 100644 (file)
--- a/dquote.c
+++ b/dquote.c
@@ -106,7 +106,7 @@ Perl_grok_bslash_o(pTHX_ char **s, const char * const send, UV *uv,
     assert(* *s       == 'o');
     (*s)++;
 
-    if (**s != '{') {
+    if (send <= *s || **s != '{') {
        *error_msg = "Missing braces on \\o{}";
        return FALSE;
     }