In perl.git, the branch blead has been updated
<http://perl5.git.perl.org/perl.git/commitdiff/4eadd82f8c152034818f42956737102f674f9118?hp=87af8d55d30dca849a4094c502ad2d067745049f>
- Log -----------------------------------------------------------------
commit 4eadd82f8c152034818f42956737102f674f9118
Author: Tony Cook <t...@develop-help.com>
Date: Mon Oct 17 14:32:41 2016 +1100
(perl #128996) prevent PL_op pointing to freed ops
When yylex() attempts to report a UTF-8 encoding error, it
indirectly accesses PL_op, this would cause an access to freed
memory if the CV containing that op (and the op itself) had been
freed.
-----------------------------------------------------------------------
Summary of changes:
op.c | 2 --
t/op/lex.t | 9 ++++++++-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/op.c b/op.c
index 697faa7..1866632 100644
--- a/op.c
+++ b/op.c
@@ -853,10 +853,8 @@ Perl_op_free(pTHX_ OP *o)
op_clear(o);
FreeOp(o);
-#ifdef DEBUG_LEAKING_SCALARS
if (PL_op == o)
PL_op = NULL;
-#endif
} while ( (o = POP_DEFERRED_OP()) );
Safefree(defer_stack);
diff --git a/t/op/lex.t b/t/op/lex.t
index 9696669..db0cf3a 100644
--- a/t/op/lex.t
+++ b/t/op/lex.t
@@ -7,7 +7,7 @@ use warnings;
BEGIN { chdir 't' if -d 't'; require './test.pl'; }
-plan(tests => 31);
+plan(tests => 32);
{
no warnings 'deprecated';
@@ -248,3 +248,10 @@ fresh_perl_like(
{},
'[perl #129336] - #!perl -i argument handling'
);
+fresh_perl_is(
+ "BEGIN{\$^H=hex ~0}\xF3",
+ "Integer overflow in hexadecimal number at - line 1.\n" .
+ "Malformed UTF-8 character: \\xf3 (too short; got 1 byte, need 4) at -
line 1.",
+ {},
+ '[perl #128996] - use of PL_op after op is freed'
+);
--
Perl5 Master Repository
