This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
duplicate full index for SAVEt_AELEM
authorZefram <zefram@fysh.org>
Mon, 13 Nov 2017 07:45:35 +0000 (07:45 +0000)
committerZefram <zefram@fysh.org>
Mon, 13 Nov 2017 07:45:35 +0000 (07:45 +0000)
The index in a SAVEt_AELEM save entry is now IV-sized, but only an I32
portion of it was being duplicated.  This would lead to restoring the
wrong element if a pseudfork were done with a localised array element
on the stack, if the array index were above the 32-bit range or on a
big-endian architecture.

sv.c

diff --git a/sv.c b/sv.c
index c1a33fb..e39f44a 100644 (file)
--- a/sv.c
+++ b/sv.c
@@ -14974,8 +14974,8 @@ Perl_ss_dup(pTHX_ PerlInterpreter *proto_perl, CLONE_PARAMS* param)
        case SAVEt_AELEM:               /* array element */
            sv = (const SV *)POPPTR(ss,ix);
            TOPPTR(nss,ix) = SvREFCNT_inc(sv_dup_inc(sv, param));
-           i = POPINT(ss,ix);
-           TOPINT(nss,ix) = i;
+           iv = POPIV(ss,ix);
+           TOPIV(nss,ix) = iv;
            av = (const AV *)POPPTR(ss,ix);
            TOPPTR(nss,ix) = av_dup_inc(av, param);
            break;