In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/e487ff5ee8f0cde894977f61d319c0c4e44aa0bd?hp=27368b5c886989ee5e8113e4fc4c6ce538205bb6>
- Log ----------------------------------------------------------------- commit e487ff5ee8f0cde894977f61d319c0c4e44aa0bd Author: David Mitchell <[email protected]> Date: Tue Aug 16 13:50:46 2016 +0100 buffer overflow in "string terminator" err msg RT #128952 In eval "q" . chr(100000000064); generating the error message C<Can't find string terminator "XXX"'> was overrunning a buffer designed to hold a single utf8 char, since it wasn't allowing for the \0 at the end. ----------------------------------------------------------------------- Summary of changes: t/comp/parser.t | 11 ++++++++++- toke.c | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/t/comp/parser.t b/t/comp/parser.t index ebfcb9d..5ca07ea 100644 --- a/t/comp/parser.t +++ b/t/comp/parser.t @@ -8,7 +8,7 @@ BEGIN { chdir 't' if -d 't'; } -print "1..185\n"; +print "1..186\n"; sub failed { my ($got, $expected, $name) = @_; @@ -573,6 +573,15 @@ is $@, "", 'read into keys'; eval 'substr keys(%h),0,=3'; is $@, "", 'substr keys assignment'; +# very large utf8 char in error message was overflowing buffer +{ + + no warnings; + eval "q" . chr(100000000064); + like $@, qr/Can't find string terminator "." anywhere before EOF/, + 'RT 128952'; +} + # Add new tests HERE (above this line) # bug #74022: Loop on characters in \p{OtherIDContinue} diff --git a/toke.c b/toke.c index 2c28146..5e11253 100644 --- a/toke.c +++ b/toke.c @@ -554,7 +554,7 @@ S_no_op(pTHX_ const char *const what, char *s) STATIC void S_missingterm(pTHX_ char *s) { - char tmpbuf[UTF8_MAXBYTES]; + char tmpbuf[UTF8_MAXBYTES + 1]; char q; bool uni = FALSE; SV *sv; -- Perl5 Master Repository
