This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eb58a7e)
run-time /(?{})/: fix an buffer overrun
authorDavid Mitchell <davem@iabyn.com>
Thu, 14 Jun 2012 12:10:08 +0000 (13:10 +0100)
committerDavid Mitchell <davem@iabyn.com>
Thu, 14 Jun 2012 12:10:08 +0000 (13:10 +0100)
String length calculation didn't allow for trailing nul.
(spotted by Nicholas)

regcomp.c patch | blob | blame | history

diff --git a/regcomp.c b/regcomp.c
index 038a4a6..7500e37 100644 (file)
--- a/regcomp.c
+++ b/regcomp.c
@@ -5041,7 +5041,7 @@ S_compile_runtime_code(pTHX_ RExC_state_t * const pRExC_state,
        int n = 0;
        STRLEN s;
        char *p, *newpat;
-       int newlen = plen + 5; /* allow for "qr''x" extra chars */
+       int newlen = plen + 6; /* allow for "qr''x\0" extra chars */
        SV *sv, *qr_ref;
        dSP;
 
Unnamed repository; edit this file 'description' to name the repository.