From ba90859e610c9bec1956b5c7e11f5b4942e3a760 Mon Sep 17 00:00:00 2001 From: Nicholas Clark Date: Mon, 25 Mar 2013 10:20:05 +0100 Subject: [PATCH] PerlIO_find_layer should not be using memEQ() off the end of the layer name. PerlIO_find_layer was using memEQ() to compare the name of the desired layer with each layer in the array of known layers. However, it was always using the length of the desired layer for the comparison, whatever the length of the name it was comparing it with, resulting in out-of-bounds reads. --- perlio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/perlio.c b/perlio.c index d356a7b..2e5a77d 100644 --- a/perlio.c +++ b/perlio.c @@ -811,7 +811,8 @@ PerlIO_find_layer(pTHX_ const char *name, STRLEN len, int load) len = strlen(name); for (i = 0; i < PL_known_layers->cur; i++) { PerlIO_funcs * const f = PL_known_layers->array[i].funcs; - if (memEQ(f->name, name, len) && f->name[len] == 0) { + const STRLEN this_len = strlen(f->name); + if (this_len == len && memEQ(f->name, name, len)) { PerlIO_debug("%.*s => %p\n", (int) len, name, (void*)f); return f; } -- 1.8.3.1