This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
run-time /(?{})/: fix an buffer overrun
authorDavid Mitchell <davem@iabyn.com>
Thu, 14 Jun 2012 12:10:08 +0000 (13:10 +0100)
committerDavid Mitchell <davem@iabyn.com>
Thu, 14 Jun 2012 12:10:08 +0000 (13:10 +0100)
String length calculation didn't allow for trailing nul.
(spotted by Nicholas)

regcomp.c

index 038a4a6..7500e37 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -5041,7 +5041,7 @@ S_compile_runtime_code(pTHX_ RExC_state_t * const pRExC_state,
        int n = 0;
        STRLEN s;
        char *p, *newpat;
-       int newlen = plen + 5; /* allow for "qr''x" extra chars */
+       int newlen = plen + 6; /* allow for "qr''x\0" extra chars */
        SV *sv, *qr_ref;
        dSP;