Change 18233 by rgs@rgs-home on 2002/12/02 20:03:09
Fix bug #18573 : in a double-quoted string, a \c not followed
by any character may corrupt memory due to reading past the
end of the input buffer. Add a new error message corresponding
to this case.
Affected files ...
.... //depot/perl/pod/perldiag.pod#323 edit
.... //depot/perl/t/comp/parser.t#3 edit
.... //depot/perl/toke.c#452 edit
Differences ...
==== //depot/perl/pod/perldiag.pod#323 (text) ====
Index: perl/pod/perldiag.pod
--- perl/pod/perldiag.pod#322~18221~ Sun Dec 1 18:18:19 2002
+++ perl/pod/perldiag.pod Mon Dec 2 12:03:09 2002
@@ -2089,6 +2089,11 @@
C<open(FH, "command |")> construction, but the command was missing or
blank.
+=item Missing control char name in \c
+
+(F) A double-quoted string ended with "\c", without the required control
+character name.
+
=item Missing name in "my sub"
(F) The reserved syntax for lexically scoped subroutines requires that
==== //depot/perl/t/comp/parser.t#3 (text) ====
Index: perl/t/comp/parser.t
--- perl/t/comp/parser.t#2~18170~ Fri Nov 22 12:49:12 2002
+++ perl/t/comp/parser.t Mon Dec 2 12:03:09 2002
@@ -9,7 +9,7 @@
}
require "./test.pl";
-plan( tests => 9 );
+plan( tests => 10 );
eval '%@x=0;';
like( $@, qr/^Can't modify hash dereference in repeat \(x\)/, '%@x=0' );
@@ -47,3 +47,7 @@
# This used to dump core (bug #17920)
eval q{ sub { sub { f1(f2();); my($a,$b,$c) } } };
like( $@, qr/error/, 'lexical block discarded by yacc' );
+
+# bug #18573, used to corrupt memory
+eval q{ "\c" };
+like( $@, qr/^Missing control char name in \\c/, q("\c" string) );
==== //depot/perl/toke.c#452 (text) ====
Index: perl/toke.c
--- perl/toke.c#451~18220~ Sun Dec 1 16:58:54 2002
+++ perl/toke.c Mon Dec 2 12:03:09 2002
@@ -1611,13 +1611,16 @@
/* \c is a control character */
case 'c':
s++;
- {
+ if (s < send) {
U8 c = *s++;
#ifdef EBCDIC
if (isLOWER(c))
c = toUPPER(c);
#endif
*d++ = NATIVE_TO_NEED(has_utf8,toCTRL(c));
+ }
+ else {
+ yyerror("Missing control char name in \\c");
}
continue;
End of Patch.
