Branch: refs/heads/smoke-me/khw-17734
Home: https://github.com/Perl/perl5
Commit: e8c3bacf5f546a49f701d359f26afd77d1458f60
https://github.com/Perl/perl5/commit/e8c3bacf5f546a49f701d359f26afd77d1458f60
Author: Karl Williamson <k...@cpan.org>
Date: 2020-04-29 (Wed, 29 Apr 2020)
Changed paths:
M regcomp.c
Log Message:
-----------
regcomp.c: Add comments
Commit: f9dd299d251e8c42be547341f5e6f627bbd7691b
https://github.com/Perl/perl5/commit/f9dd299d251e8c42be547341f5e6f627bbd7691b
Author: Karl Williamson <k...@cpan.org>
Date: 2020-04-29 (Wed, 29 Apr 2020)
Changed paths:
M regcomp.c
M t/re/pat_advanced.t
Log Message:
-----------
regcomp.c: Avoid use after free
It turns out that the SV returned by re_intuit_string() may be freed by
future calls to re_intuit_start(). Thus, the caller doesn't get clear
title to the returned SV. (This wasn't documented until the
commit immediately prior to this one.)
Cope with this situation by making a mortalized copy. This commit also
changes to use the copy's PV directly, simplifying some 'if' statements.
re_intuit_string() is effectively in the API, as it is an element in the
regex engine structure, callable by anyone. It should not be returning
a tenuous SV. That returned scalar should not freed before the pattern
it is for is freed. It is too late in the development cycle to change
this, so this workaround is presented instead for 5.32.
This fixes #17734.
Compare: https://github.com/Perl/perl5/compare/449cda1d3dd9...f9dd299d251e
