This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
fix segv in regcomp.c:S_join_exact()
authorDavid Mitchell <davem@iabyn.com>
Tue, 5 Jul 2011 10:35:08 +0000 (11:35 +0100)
committerDavid Mitchell <davem@iabyn.com>
Tue, 5 Jul 2011 11:14:10 +0000 (12:14 +0100)
This function joins multiple EXACT* nodes into a single node.
At the end, under DEBUGGING, it marks the optimised-out nodes as being
type OPTIMIZED. However, some of the 'nodes' aren't actually nodes;
they're random bits of string at the tail of those nodes. So you
can't peek that the 'node's OP field to decide what type it was.

Instead, just unconditionally overwrite all the slots with fake
OPTIMIZED nodes.

regcomp.c

index 3ce6698..bfb2988 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -2647,13 +2647,13 @@ S_join_exact(pTHX_ RExC_state_t *pRExC_state, regnode *scan, I32 *min, U32 flags
     }
     
 #ifdef DEBUGGING
-    /* Allow dumping */
+    /* Allow dumping but overwriting the collection of skipped
+     * ops and/or strings with fake optimized ops */
     n = scan + NODE_SZ_STR(scan);
     while (n <= stop) {
-        if (PL_regkind[OP(n)] != NOTHING || OP(n) == NOTHING) {
-            OP(n) = OPTIMIZED;
-            NEXT_OFF(n) = 0;
-        }
+       OP(n) = OPTIMIZED;
+       FLAGS(n) = 0;
+       NEXT_OFF(n) = 0;
         n++;
     }
 #endif