In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/4eadd82f8c152034818f42956737102f674f9118?hp=87af8d55d30dca849a4094c502ad2d067745049f>
- Log ----------------------------------------------------------------- commit 4eadd82f8c152034818f42956737102f674f9118 Author: Tony Cook <t...@develop-help.com> Date: Mon Oct 17 14:32:41 2016 +1100 (perl #128996) prevent PL_op pointing to freed ops When yylex() attempts to report a UTF-8 encoding error, it indirectly accesses PL_op, this would cause an access to freed memory if the CV containing that op (and the op itself) had been freed. ----------------------------------------------------------------------- Summary of changes: op.c | 2 -- t/op/lex.t | 9 ++++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/op.c b/op.c index 697faa7..1866632 100644 --- a/op.c +++ b/op.c @@ -853,10 +853,8 @@ Perl_op_free(pTHX_ OP *o) op_clear(o); FreeOp(o); -#ifdef DEBUG_LEAKING_SCALARS if (PL_op == o) PL_op = NULL; -#endif } while ( (o = POP_DEFERRED_OP()) ); Safefree(defer_stack); diff --git a/t/op/lex.t b/t/op/lex.t index 9696669..db0cf3a 100644 --- a/t/op/lex.t +++ b/t/op/lex.t @@ -7,7 +7,7 @@ use warnings; BEGIN { chdir 't' if -d 't'; require './test.pl'; } -plan(tests => 31); +plan(tests => 32); { no warnings 'deprecated'; @@ -248,3 +248,10 @@ fresh_perl_like( {}, '[perl #129336] - #!perl -i argument handling' ); +fresh_perl_is( + "BEGIN{\$^H=hex ~0}\xF3", + "Integer overflow in hexadecimal number at - line 1.\n" . + "Malformed UTF-8 character: \\xf3 (too short; got 1 byte, need 4) at - line 1.", + {}, + '[perl #128996] - use of PL_op after op is freed' +); -- Perl5 Master Repository