In perl.git, the branch smoke-me/nicholas/toke-ASAN has been updated <http://perl5.git.perl.org/perl.git/commitdiff/599d0abfbbab0c041727e15da375035acc6a4331?hp=4ba8a877cc6deeac385b6240aed81c502cfc779d>
- Log ----------------------------------------------------------------- commit 599d0abfbbab0c041727e15da375035acc6a4331 Author: Nicholas Clark <[email protected]> Date: Mon Mar 25 11:56:40 2013 +0100 In In S_scan_heredoc(), avoid memNE() reading beyond the end of s. If the heredoc terminator we are searching for is longer than the bytes remaining in s, then the memNE() would read beyond initialised memory. Hence change the loop bounds to avoid this case, and change the failure case below to reflect the revised end-of-loop condition. It doesn't matter that the loop no longer increments shared->herelines, because the failure case calls S_missingterm(), which croaks. M toke.c commit 07cde5325b9651be15654908f2ff2c5aab7bc9f0 Author: Nicholas Clark <[email protected]> Date: Mon Mar 25 10:53:33 2013 +0100 In S_scan_heredoc(), the explicit test for '\n' duplicates the strNE(). PL_tokenbuf always starts with '\n', so a separate test of *s against '\n' is duplicate work. Hence remove it, to make the code simpler and clearer. M toke.c ----------------------------------------------------------------------- Summary of changes: toke.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/toke.c b/toke.c index 66a197f..35cd364 100644 --- a/toke.c +++ b/toke.c @@ -9959,12 +9959,12 @@ S_scan_heredoc(pTHX_ char *s) linestr = shared->ls_linestr; bufend = SvEND(linestr); d = s; - while (s < bufend && - (*s != '\n' || memNE(s,PL_tokenbuf,len)) ) { + while (s < bufend - len + 1 && + memNE(s,PL_tokenbuf,len) ) { if (*s++ == '\n') ++shared->herelines; } - if (s >= bufend) { + if (s >= bufend - len + 1) { goto interminable; } sv_setpvn(tmpstr,d+1,s-d); -- Perl5 Master Repository
