sprintf-as-multiconcat: fix \x80 issue

My recent OP_MULTICONCAT merge which (amongst other things) converts
sprintfs with a constant format that only containing %s's into a
multiconcat op, miscounted variant chars (i.e. chars like \x80, which if
upgraded to utf8, expand the number of bytes they require).
This could cause buffer overruns.

Spotted by Karl Williamson++

NPD

diff --git a/op.c b/op.c
index 689f696..c2f0a3a 100644 (file)
--- a/op.c
+++ b/op.c
@@ -2552,7 +2552,7 @@ S_sprintf_is_multiconcatable(pTHX_ OP *o,struct sprintf_ismc_info *info)
     for (p = s; p < e; p++) {
         if (*p != '%') {
             total_len++;
-            if (UTF8_IS_INVARIANT(*p))
+            if (!UTF8_IS_INVARIANT(*p))
                 variant++;
             continue;
         }

diff --git a/t/op/sprintf2.t b/t/op/sprintf2.t
index eb90c76..bf09203 100644 (file)
--- a/t/op/sprintf2.t
+++ b/t/op/sprintf2.t
@@ -1114,6 +1114,14 @@ like sprintf("%p", 0+'NaN'), qr/^[0-9a-f]+$/, "%p and NaN";
     }
 }
 
+# variant chars in constant format (not utf8, but change if upgraded)
+
+{
+    my $x = "\x{100}";
+    my $y = sprintf "%sa\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80", $x;
+    is $y, "\x{100}a\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80",
+        "\\x80 in format";
+}
 
 
 done_testing();