This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
In Perl_pv_escape(), avoid reading 1 byte beyond the end of the buffer.
authorNicholas Clark <nick@ccl4.org>
Tue, 24 May 2011 20:37:26 +0000 (21:37 +0100)
committerNicholas Clark <nick@ccl4.org>
Tue, 24 May 2011 20:37:26 +0000 (21:37 +0100)
The check for whether to use 3 digits of octal was not correct, and was capable
of reading the byte beyond the passed in buffer. Except for the small
possibility that that byte was not mapped memory, it wouldn't change the
semantic correctness of the escaped output, but it would lead to
non-deterministic choice of which format to use.

dump.c

diff --git a/dump.c b/dump.c
index 32e7596..9624970 100644 (file)
--- a/dump.c
+++ b/dump.c
@@ -321,7 +321,7 @@ Perl_pv_escape( pTHX_ SV *dsv, char const * const str,
                             chsize = 1;
                         break;
                default:
-                        if ( (pv < end) && isDIGIT((U8)*(pv+readsize)) )
+                        if ( (pv+readsize < end) && isDIGIT((U8)*(pv+readsize)) )
                             chsize = my_snprintf( octbuf, PV_ESCAPE_OCTBUFSIZE, 
                                                   "%c%03o", esc, c);
                        else