In perl.git, the branch blead has been updated <https://perl5.git.perl.org/perl.git/commitdiff/c2d81cfd08d9a622c639058cd7eb870aa0991937?hp=75451d8cc625c69a543f2bacf2312d369f8855ae>
- Log ----------------------------------------------------------------- commit c2d81cfd08d9a622c639058cd7eb870aa0991937 Author: Karl Williamson <[email protected]> Date: Sat Feb 16 11:11:59 2019 -0700 PATCH: [perl #133770] null pointer dereference in S_regclass() The failing case can be reduced to qr/\x{100}[\x{3030}\x{1fb2}/ (It only happens on UTF-8 patterns). The bottom line is that it was assuming that there was at least one character that folded to 1fb2 besides itself, even though the function call said there weren't any such. The solution is to pay attention to the function return value. I incorporated Hugo's++ patch as part of this one. However, the original test case should never have gotten this far. The parser is getting passed garbage, and instead of croaking, it is somehow interpreting it as valid and calling the regex compiler. I will file a ticket about that. ----------------------------------------------------------------------- Summary of changes: regcomp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/regcomp.c b/regcomp.c index 387126e94f..fffacc63f7 100644 --- a/regcomp.c +++ b/regcomp.c @@ -18410,10 +18410,12 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth, * inversion list, making sure everything is included. */ fold_list = add_cp_to_invlist(fold_list, start[0]); fold_list = add_cp_to_invlist(fold_list, folded); - fold_list = add_cp_to_invlist(fold_list, first_fold); - for (i = 0; i < folds_to_this_cp_count - 1; i++) { - fold_list = add_cp_to_invlist(fold_list, + if (folds_to_this_cp_count > 0) { + fold_list = add_cp_to_invlist(fold_list, first_fold); + for (i = 0; i + 1 < folds_to_this_cp_count; i++) { + fold_list = add_cp_to_invlist(fold_list, remaining_folds[i]); + } } /* If the fold list is identical to what's in this ANYOF -- Perl5 Master Repository
