Change 34286: Integrate:

Fri, 05 Sep 2008 15:30:12 -0700 

Change 34286 by [EMAIL PROTECTED] on 2008/09/05 22:15:17

        Integrate:
        [ 34269]
        Integrate:
        [ 34136]
        assert() that the pointer passed to Perl_sv_chop() lies within the
        buffer of the SV.
        
        [ 34138]
        The assert()ions in sv_chop() that the passed in pointer is within the
        SV's buffer should be full-on panics, as bogus values passed in can
        cause later heap corruption, which is a bad thing (TM).
        
        [ 34144]
        Fix use of a variable before it is initialised, introduced by change
        34138, spotted by Jerry D. Hedden. I assume that he's compiling with
        options that enable trace flow analysis from the C compiler.

Affected files ...

... //depot/maint-5.8/perl/pod/perldiag.pod#108 integrate
... //depot/maint-5.8/perl/sv.c#386 integrate

Differences ...

==== //depot/maint-5.8/perl/pod/perldiag.pod#108 (text) ====
Index: perl/pod/perldiag.pod
--- perl/pod/perldiag.pod#107~33932~    2008-05-25 16:00:21.000000000 -0700
+++ perl/pod/perldiag.pod       2008-09-05 15:15:17.000000000 -0700
@@ -2992,6 +2992,11 @@
 
 (P) scan_num() got called on something that wasn't a number.
 
+=item panic: sv_chop %s
+
+(P) The sv_chop() routine was passed a position that is not within the
+scalar's string buffer.
+
 =item panic: sv_insert
 
 (P) The sv_insert() routine was told to remove more string than there

==== //depot/maint-5.8/perl/sv.c#386 (text) ====
Index: perl/sv.c
--- perl/sv.c#385~34279~        2008-09-05 12:03:34.000000000 -0700
+++ perl/sv.c   2008-09-05 15:15:17.000000000 -0700
@@ -3835,6 +3835,8 @@
 Perl_sv_chop(pTHX_ register SV *sv, register char *ptr)
 {
     register STRLEN delta;
+    STRLEN max_delta;
+
     if (!ptr || !SvPOKp(sv))
        return;
     delta = ptr - SvPVX_const(sv);
@@ -3842,10 +3844,23 @@
        /* Nothing to do.  */
        return;
     }
+    /* SvPVX(sv) may move in SV_CHECK_THINKFIRST(sv), but after this line,
+       nothing uses the value of ptr any more.  */
+    max_delta = SvLEN(sv) ? SvLEN(sv) : SvCUR(sv);
+    if (ptr <= SvPVX_const(sv))
+       Perl_croak(aTHX_ "panic: sv_chop ptr=%p, start=%p, end=%p",
+                  ptr, SvPVX_const(sv), SvPVX_const(sv) + max_delta);
     SV_CHECK_THINKFIRST(sv);
+
     if (SvTYPE(sv) < SVt_PVIV)
        sv_upgrade(sv,SVt_PVIV);
 
+    if (delta > max_delta)
+       Perl_croak(aTHX_ "panic: sv_chop ptr=%p (was %p), start=%p, end=%p",
+                  SvPVX_const(sv) + delta, ptr, SvPVX_const(sv),
+                  SvPVX_const(sv) + max_delta);
+
+
     if (!SvOOK(sv)) {
        if (!SvLEN(sv)) { /* make copy of shared string */
            const char *pvx = SvPVX_const(sv);
End of Patch.

Reply via email to