In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/c96939e471cb3942b61ec7b103b0449a9fde922d?hp=c035e214a7cbc7943b3315dec7384717e7e9947c>
- Log ----------------------------------------------------------------- commit c96939e471cb3942b61ec7b103b0449a9fde922d Author: Karl Williamson <[email protected]> Date: Fri Feb 22 13:04:05 2013 -0700 PATCH: [perl #116899]: jump on uninitialised value The culprit had nothing to do really with the accuesed commit. The function S_cl_or() tries to take the union of the code points matched by its two inputs. Both of those nodes must be ANYOF-like (for bracketed character classes and synthetic start classes). These come in two flavors, one having extra fields in the struct after the other one's. That is used for locale ANYOFs and the synthetic start class. The first paramter to cl_or() is always one of these extended ANYOFS, but the second parameter may be the shorter form The function was failing to check if the second one was the longer form before reading data from beyond the short-form's struct. This could cause a segfault, but that wasn't the symptom here. Instead it copied that data to the other paramter's struct. valgrind had set that data to indicate it was uninitialized, so when later it was accessed, we got this error. During much of the 5.17 series until the failing commit, more ANYOF nodes were the larger size. I presume that is why this commit showed up the problem. M regcomp.c commit ff4fdc72453c67f33d479da9d24a5242bf4ad5ba Author: Karl Williamson <[email protected]> Date: Fri Feb 22 10:43:11 2013 -0700 regcomp.c: Rmv comment ref to obsolete regnode M regcomp.c ----------------------------------------------------------------------- Summary of changes: regcomp.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/regcomp.c b/regcomp.c index 9edd1a8..d8260e2 100644 --- a/regcomp.c +++ b/regcomp.c @@ -1028,7 +1028,9 @@ S_cl_or(const RExC_state_t *pRExC_state, struct regnode_charclass_class *cl, con /* OR char bitmap and class bitmap separately */ for (i = 0; i < ANYOF_BITMAP_SIZE; i++) cl->bitmap[i] |= or_with->bitmap[i]; - ANYOF_CLASS_OR(or_with, cl); + if (or_with->flags & ANYOF_CLASS) { + ANYOF_CLASS_OR(or_with, cl); + } } else { /* XXXX: logic is complicated, leave it along for a moment. */ cl_anything(pRExC_state, cl); @@ -4108,7 +4110,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, NEXT_OFF(oscan) += NEXT_OFF(next); } continue; - default: /* REF, ANYOFV, and CLUMP only? */ + default: /* REF, and CLUMP only? */ if (flags & SCF_DO_SUBSTR) { SCAN_COMMIT(pRExC_state,data,minlenp); /* Cannot expect anything... */ data->longest = &(data->longest_float); -- Perl5 Master Repository
