From 2d2af554da24863760d055834f4984fbca7ec85b Mon Sep 17 00:00:00 2001
From: Gisle Aas <gisle@activestate.com>
Date: Tue, 10 Jan 2006 08:58:21 +0000
Subject: [PATCH] Avoid possible dereference of NULL in the initialization of
 PL_origalen. This can only happen when perlparse is called with no argv.
 Don't try to update PL_origargv unless PL_origalen is at least 2.

p4raw-id: //depot/perl@26760
---
 mg.c   | 44 +++++++++++++++++++++++---------------------
 perl.c |  4 ++--
 2 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/mg.c b/mg.c
index db0d4de..d6e7667 100644
--- a/mg.c
+++ b/mg.c
@@ -2568,28 +2568,30 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
 	     pstat(PSTAT_SETCMD, un, len, 0, 0);
 	}
 #endif
-	/* PL_origalen is set in perl_parse(). */
-	s = SvPV_force(sv,len);
-	if (len >= (STRLEN)PL_origalen-1) {
-	    /* Longer than original, will be truncated. We assume that
-             * PL_origalen bytes are available. */
-	    Copy(s, PL_origargv[0], PL_origalen-1, char);
+	if (PL_origalen > 1) {
+	    /* PL_origalen is set in perl_parse(). */
+	    s = SvPV_force(sv,len);
+	    if (len >= (STRLEN)PL_origalen-1) {
+		/* Longer than original, will be truncated. We assume that
+		 * PL_origalen bytes are available. */
+		Copy(s, PL_origargv[0], PL_origalen-1, char);
+	    }
+	    else {
+		/* Shorter than original, will be padded. */
+		Copy(s, PL_origargv[0], len, char);
+		PL_origargv[0][len] = 0;
+		memset(PL_origargv[0] + len + 1,
+		       /* Is the space counterintuitive?  Yes.
+			* (You were expecting \0?)  
+			* Does it work?  Seems to.  (In Linux 2.4.20 at least.)
+			* --jhi */
+		       (int)' ',
+		       PL_origalen - len - 1);
+	    }
+	    PL_origargv[0][PL_origalen-1] = 0;
+	    for (i = 1; i < PL_origargc; i++)
+		PL_origargv[i] = 0;
 	}
-	else {
-	    /* Shorter than original, will be padded. */
-	    Copy(s, PL_origargv[0], len, char);
-	    PL_origargv[0][len] = 0;
-	    memset(PL_origargv[0] + len + 1,
-		   /* Is the space counterintuitive?  Yes.
-		    * (You were expecting \0?)  
-		    * Does it work?  Seems to.  (In Linux 2.4.20 at least.)
-		    * --jhi */
-		   (int)' ',
-		   PL_origalen - len - 1);
-	}
-	PL_origargv[0][PL_origalen-1] = 0;
-	for (i = 1; i < PL_origargc; i++)
-	    PL_origargv[i] = 0;
 	UNLOCK_DOLLARZERO_MUTEX;
 	break;
 #endif
diff --git a/perl.c b/perl.c
index a76307d..b1671d9 100644
--- a/perl.c
+++ b/perl.c
@@ -1487,7 +1487,7 @@ setuid perl scripts securely.\n");
 	      }
 	 }
 	 /* Can we grab env area too to be used as the area for $0? */
-	 if (PL_origenviron) {
+	 if (s && PL_origenviron) {
 	      if ((PL_origenviron[0] == s + 1
 #ifdef OS2
 		   || (PL_origenviron[0] == s + 9 && (s += 8))
@@ -1523,7 +1523,7 @@ setuid perl scripts securely.\n");
 		   }
 	      }
 	 }
-	 PL_origalen = s - PL_origargv[0] + 1;
+	 PL_origalen = s ? s - PL_origargv[0] + 1 : 0;
     }
 
     if (PL_do_undump) {
-- 
1.8.3.1