My recent OP_MULTICONCAT merge which (amongst other things) converts
sprintfs with a constant format that only containing %s's into a
multiconcat op, miscounted variant chars (i.e. chars like \x80, which if
upgraded to utf8, expand the number of bytes they require).
This could cause buffer overruns.
Spotted by Karl Williamson++
NPD
for (p = s; p < e; p++) {
if (*p != '%') {
total_len++;
- if (UTF8_IS_INVARIANT(*p))
+ if (!UTF8_IS_INVARIANT(*p))
variant++;
continue;
}
}
}
+# variant chars in constant format (not utf8, but change if upgraded)
+
+{
+ my $x = "\x{100}";
+ my $y = sprintf "%sa\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80", $x;
+ is $y, "\x{100}a\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80\x80",
+ "\\x80 in format";
+}
done_testing();