[perl.git] branch blead, updated. v5.25.6-135-g856bb39

[Tony Cook]

In perl.git, the branch blead has been updated

<http://perl5.git.perl.org/perl.git/commitdiff/856bb39c27416e4cb179e60a2b67ab0810baf7c3?hp=11327fa125f019cb46cfadd1fcec077cbcb8e41f>

- Log -----------------------------------------------------------------
commit 856bb39c27416e4cb179e60a2b67ab0810baf7c3
Author: Tony Cook <t...@develop-help.com>
Date:   Tue Oct 18 15:46:48 2016 +1100

    (perl #128997) avoid reading beyond the end of the line buffer
    
    when there's a short UTF-8 character at the end.
-----------------------------------------------------------------------

Summary of changes:
 t/op/lex.t |  8 +++++++-
 toke.c     | 17 ++++++++++++-----
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/t/op/lex.t b/t/op/lex.t
index db0cf3a..f3cb510 100644
--- a/t/op/lex.t
+++ b/t/op/lex.t
@@ -7,7 +7,7 @@ use warnings;
 
 BEGIN { chdir 't' if -d 't'; require './test.pl'; }
 
-plan(tests => 32);
+plan(tests => 33);
 
 {
     no warnings 'deprecated';
@@ -255,3 +255,9 @@ fresh_perl_is(
     {},
     '[perl #128996] - use of PL_op after op is freed'
 );
+fresh_perl_like(
+    qq(BEGIN{\$0="";\$^H=-hex join""=>1}""\xFF),
+    qr/Malformed UTF-8 character: \\xff \(too short; got 1 byte, need 13\) at 
- line 1\./,
+    {},
+    '[perl #128997] - buffer read overflow'
+);
diff --git a/toke.c b/toke.c
index b2d9209..ffac930 100644
--- a/toke.c
+++ b/toke.c
@@ -4901,11 +4901,18 @@ Perl_yylex(pTHX)
        }
     {
         SV *dsv = newSVpvs_flags("", SVs_TEMP);
-        const char *c = UTF ? sv_uni_display(dsv, newSVpvn_flags(s,
-                                                    UTF8SKIP(s),
-                                                    SVs_TEMP | SVf_UTF8),
-                                            10, UNI_DISPLAY_ISPRINT)
-                            : Perl_form(aTHX_ "\\x%02X", (unsigned char)*s);
+        const char *c;
+        if (UTF) {
+            STRLEN skiplen = UTF8SKIP(s);
+            STRLEN stravail = PL_bufend - s;
+            c = sv_uni_display(dsv, newSVpvn_flags(s,
+                                                   skiplen > stravail ? 
stravail : skiplen,
+                                                   SVs_TEMP | SVf_UTF8),
+                               10, UNI_DISPLAY_ISPRINT);
+        }
+        else {
+            c = Perl_form(aTHX_ "\\x%02X", (unsigned char)*s);
+        }
         len = UTF ? Perl_utf8_length(aTHX_ (U8 *) PL_linestart, (U8 *) s) : 
(STRLEN) (s - PL_linestart);
         if (len > UNRECOGNIZED_PRECEDE_COUNT) {
             d = UTF ? (char *) utf8_hop((U8 *) s, -UNRECOGNIZED_PRECEDE_COUNT) 
: s - UNRECOGNIZED_PRECEDE_COUNT;

--
Perl5 Master Repository