In perl.git, the branch blead has been updated

<https://perl5.git.perl.org/perl.git/commitdiff/2407a17ad5d780a1625dddfb668056ab05459194?hp=421da25c4318861925129cd1b17263289db3443c>

- Log -----------------------------------------------------------------
commit 2407a17ad5d780a1625dddfb668056ab05459194
Author: Karl Williamson <k...@cpan.org>
Date:   Fri Feb 2 15:14:27 2018 -0700

    PATCH: (perl #132227 CVE-2018-6797] heap-buffer-overflow
    
    Restart an EXACTFish node if we change to uni rules within the node and
    encounter a sharp S.  Otherwise we might size too small in pass1,
    leading to a buffer overflow.

-----------------------------------------------------------------------

Summary of changes:
 regcomp.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/regcomp.c b/regcomp.c
index 4e725895b8..374131cfd4 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -13925,11 +13925,24 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 
*flagp, U32 depth)
                      * is_PROBLEMATIC_LOCALE_FOLD_cp) */
                     if (! IS_IN_SOME_FOLD_L1(ender)) {
 
-                        /* Start a new node for this non-folding character if
-                         * previous ones in the node were folded */
-                        if (len && node_type != EXACT) {
-                            p = oldp;
-                            goto loopdone;
+                        /* See if the character's fold differs between /d and
+                         * /u.  This includes the multi-char fold SHARP S to
+                         * 'ss' */
+                        if (UNLIKELY(ender == LATIN_SMALL_LETTER_SHARP_S)) {
+
+                            /* If the node started out having uni rules, we
+                             * wouldn't have gotten here.  So this means
+                             * something in the middle has changed it, but
+                             * didn't think it needed to reparse.  But this
+                             * sharp s now does indicate the need for
+                             * reparsing. */
+                            if (RExC_uni_semantics) {
+                                p = oldp;
+                                goto loopdone;
+                            }
+
+                            RExC_seen_unfolded_sharp_s = 1;
+                            maybe_exactfu = FALSE;
                         }
 
                         *(s++) = (char) ender;

-- 
Perl5 Master Repository

Reply via email to