In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/bd1a29f218b291165e47d9035aaeec14abd9732e?hp=b4972372a75776de3c9e6bd234a398d103677316>
- Log ----------------------------------------------------------------- commit bd1a29f218b291165e47d9035aaeec14abd9732e Author: David Mitchell <[email protected]> Date: Mon May 8 21:06:38 2017 +0100 avoid a memory wrap in sv_vcatpvfn_flags() RT #131260 When calculating the new size of PL_efloatbuf, avoid wrapping 'need'. ----------------------------------------------------------------------- Summary of changes: sv.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/sv.c b/sv.c index e90ea8408b..9f3e28e022 100644 --- a/sv.c +++ b/sv.c @@ -12448,7 +12448,13 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p need = BIT_DIGITS(i); } /* if i < 0, the number of digits is hard to predict. */ } - need += has_precis ? precis : 6; /* known default */ + + { + STRLEN pr = has_precis ? precis : 6; /* known default */ + if (need >= ((STRLEN)~0) - pr) + croak_memory_wrap(); + need += pr; + } if (need < width) need = width; @@ -12519,10 +12525,12 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p #endif /* HAS_LDBL_SPRINTF_BUG */ - need += 20; /* fudge factor */ + if (need >= ((STRLEN)~0) - 40) + croak_memory_wrap(); + need += 40; /* fudge factor */ if (PL_efloatsize < need) { Safefree(PL_efloatbuf); - PL_efloatsize = need + 20; /* more fudge */ + PL_efloatsize = need; Newx(PL_efloatbuf, PL_efloatsize, char); PL_efloatbuf[0] = '\0'; } -- Perl5 Master Repository
