In perl.git, the branch blead has been updated
<http://perl5.git.perl.org/perl.git/commitdiff/668fcfea69086ab3cf35fc7ba175ea225dbc7f9d?hp=4b06b8deeb339269bad2112a4e6603e43f7bee36>
- Log -----------------------------------------------------------------
commit 668fcfea69086ab3cf35fc7ba175ea225dbc7f9d
Author: Tony Cook <t...@develop-help.com>
Date: Wed Aug 19 14:35:29 2015 +1000
[perl #125826] make the buffer large enough in TRIE_STORE_REVCHAR
Since the SV is discarded almost immediately (in non-DEBUGGING builds)
don't worry about making it the smallest possible size.
-----------------------------------------------------------------------
Summary of changes:
regcomp.c | 2 +-
t/re/pat_advanced.t | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/regcomp.c b/regcomp.c
index f08f08f..4719d12 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -2001,7 +2001,7 @@ is the recommended Unicode-aware way of saying
#define TRIE_STORE_REVCHAR(val) \
STMT_START { \
if (UTF) { \
- SV *zlopp = newSV(7); /* XXX: optimize me */ \
+ SV *zlopp = newSV(UTF8_MAXBYTES); \
unsigned char *flrbbbbb = (unsigned char *) SvPVX(zlopp); \
unsigned const char *const kapow = uvchr_to_utf8(flrbbbbb, val); \
SvCUR_set(zlopp, kapow - flrbbbbb); \
diff --git a/t/re/pat_advanced.t b/t/re/pat_advanced.t
index 230fd89..33647f3 100644
--- a/t/re/pat_advanced.t
+++ b/t/re/pat_advanced.t
@@ -2419,6 +2419,15 @@ EOF
'No segfault on qr{(?&foo){0}abc(?<foo>)}');
}
+ SKIP:
+ { # [perl #125826] buffer overflow in TRIE_STORE_REVCHAR
+ # (during compilation, so use a fresh perl)
+ $Config{uvsize} == 8
+ or skip("need large code-points for this test", 1);
+ fresh_perl_is('/\x{E000000000}|/ and print qq(ok\n)', "ok\n", {},
+ "buffer overflow in TRIE_STORE_REVCHAR");
+ }
+
# !!! NOTE that tests that aren't at all likely to crash perl should go
# a ways above, above these last ones.
--
Perl5 Master Repository
