Change 18233 by rgs@rgs-home on 2002/12/02 20:03:09 Fix bug #18573 : in a double-quoted string, a \c not followed by any character may corrupt memory due to reading past the end of the input buffer. Add a new error message corresponding to this case.
Affected files ... .... //depot/perl/pod/perldiag.pod#323 edit .... //depot/perl/t/comp/parser.t#3 edit .... //depot/perl/toke.c#452 edit Differences ... ==== //depot/perl/pod/perldiag.pod#323 (text) ==== Index: perl/pod/perldiag.pod --- perl/pod/perldiag.pod#322~18221~ Sun Dec 1 18:18:19 2002 +++ perl/pod/perldiag.pod Mon Dec 2 12:03:09 2002 @@ -2089,6 +2089,11 @@ C<open(FH, "command |")> construction, but the command was missing or blank. +=item Missing control char name in \c + +(F) A double-quoted string ended with "\c", without the required control +character name. + =item Missing name in "my sub" (F) The reserved syntax for lexically scoped subroutines requires that ==== //depot/perl/t/comp/parser.t#3 (text) ==== Index: perl/t/comp/parser.t --- perl/t/comp/parser.t#2~18170~ Fri Nov 22 12:49:12 2002 +++ perl/t/comp/parser.t Mon Dec 2 12:03:09 2002 @@ -9,7 +9,7 @@ } require "./test.pl"; -plan( tests => 9 ); +plan( tests => 10 ); eval '%@x=0;'; like( $@, qr/^Can't modify hash dereference in repeat \(x\)/, '%@x=0' ); @@ -47,3 +47,7 @@ # This used to dump core (bug #17920) eval q{ sub { sub { f1(f2();); my($a,$b,$c) } } }; like( $@, qr/error/, 'lexical block discarded by yacc' ); + +# bug #18573, used to corrupt memory +eval q{ "\c" }; +like( $@, qr/^Missing control char name in \\c/, q("\c" string) ); ==== //depot/perl/toke.c#452 (text) ==== Index: perl/toke.c --- perl/toke.c#451~18220~ Sun Dec 1 16:58:54 2002 +++ perl/toke.c Mon Dec 2 12:03:09 2002 @@ -1611,13 +1611,16 @@ /* \c is a control character */ case 'c': s++; - { + if (s < send) { U8 c = *s++; #ifdef EBCDIC if (isLOWER(c)) c = toUPPER(c); #endif *d++ = NATIVE_TO_NEED(has_utf8,toCTRL(c)); + } + else { + yyerror("Missing control char name in \\c"); } continue; End of Patch.