In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/668fcfea69086ab3cf35fc7ba175ea225dbc7f9d?hp=4b06b8deeb339269bad2112a4e6603e43f7bee36>
- Log ----------------------------------------------------------------- commit 668fcfea69086ab3cf35fc7ba175ea225dbc7f9d Author: Tony Cook <t...@develop-help.com> Date: Wed Aug 19 14:35:29 2015 +1000 [perl #125826] make the buffer large enough in TRIE_STORE_REVCHAR Since the SV is discarded almost immediately (in non-DEBUGGING builds) don't worry about making it the smallest possible size. ----------------------------------------------------------------------- Summary of changes: regcomp.c | 2 +- t/re/pat_advanced.t | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/regcomp.c b/regcomp.c index f08f08f..4719d12 100644 --- a/regcomp.c +++ b/regcomp.c @@ -2001,7 +2001,7 @@ is the recommended Unicode-aware way of saying #define TRIE_STORE_REVCHAR(val) \ STMT_START { \ if (UTF) { \ - SV *zlopp = newSV(7); /* XXX: optimize me */ \ + SV *zlopp = newSV(UTF8_MAXBYTES); \ unsigned char *flrbbbbb = (unsigned char *) SvPVX(zlopp); \ unsigned const char *const kapow = uvchr_to_utf8(flrbbbbb, val); \ SvCUR_set(zlopp, kapow - flrbbbbb); \ diff --git a/t/re/pat_advanced.t b/t/re/pat_advanced.t index 230fd89..33647f3 100644 --- a/t/re/pat_advanced.t +++ b/t/re/pat_advanced.t @@ -2419,6 +2419,15 @@ EOF 'No segfault on qr{(?&foo){0}abc(?<foo>)}'); } + SKIP: + { # [perl #125826] buffer overflow in TRIE_STORE_REVCHAR + # (during compilation, so use a fresh perl) + $Config{uvsize} == 8 + or skip("need large code-points for this test", 1); + fresh_perl_is('/\x{E000000000}|/ and print qq(ok\n)', "ok\n", {}, + "buffer overflow in TRIE_STORE_REVCHAR"); + } + # !!! NOTE that tests that aren't at all likely to crash perl should go # a ways above, above these last ones. -- Perl5 Master Repository