In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/dc0dad9b91adb09c774c7248bc91a44b7a777d4d?hp=6b9660cae39cc0ce59738753e42153cb3be530c7>
- Log ----------------------------------------------------------------- commit dc0dad9b91adb09c774c7248bc91a44b7a777d4d Author: Tony Cook <[email protected]> Date: Wed Feb 1 14:34:16 2017 +1100 (perl #130684) allocate enough space for the extra 'x' 77c8f26370dcc0e added support for a doubled x regexp flags, and ensured the doubled flag was passed to the qr// created by S_compile_runtime_code(). Unfortunately it didn't ensure enough space was allocated for that extra 'x'. ----------------------------------------------------------------------- Summary of changes: regcomp.c | 2 +- t/re/pat.t | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/regcomp.c b/regcomp.c index 0a315cbdbc..660be76858 100644 --- a/regcomp.c +++ b/regcomp.c @@ -6526,7 +6526,7 @@ S_compile_runtime_code(pTHX_ RExC_state_t * const pRExC_state, int n = 0; STRLEN s; char *p, *newpat; - int newlen = plen + 6; /* allow for "qr''x\0" extra chars */ + int newlen = plen + 7; /* allow for "qr''xx\0" extra chars */ SV *sv, *qr_ref; dSP; diff --git a/t/re/pat.t b/t/re/pat.t index d5e5d2fd4a..9abe5aa119 100644 --- a/t/re/pat.t +++ b/t/re/pat.t @@ -23,7 +23,7 @@ BEGIN { skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader; skip_all_without_unicode_tables(); -plan tests => 835; # Update this when adding/deleting tests. +plan tests => 836; # Update this when adding/deleting tests. run_tests() unless caller; @@ -1901,6 +1901,12 @@ EOP }msx, { stderr => 1 }, "Offsets in debug output are not negative"); } } + { + # buffer overflow + fresh_perl_is("BEGIN{\$^H=0x200000}\ns/[(?{//xx", + "Unmatched [ in regex; marked by <-- HERE in m/[ <-- HERE (?{/ at (eval 1) line 1.\n", + {}, "buffer overflow for regexp component"); + } } # End of sub run_tests 1; -- Perl5 Master Repository
