[prev in list] [next in list] [prev in thread] [next in thread]
List: perl5-changes
Subject: [perl.git] branch blead, updated. v5.25.6-136-g26fb231
From: Tony Cook <tony () develop-help ! com>
Date: 2016-10-31 4:55:13
Message-ID: E1c14cr-0001Fy-Hu () camel-001 ! ams6 ! corp ! booking ! com
[Download RAW message or body]
In perl.git, the branch blead has been updated
<http://perl5.git.perl.org/perl.git/commitdiff/26fb2318c4fffb51517349273992c3b9514d0d67?hp=856bb39c27416e4cb179e60a2b67ab0810baf7c3>
- Log -----------------------------------------------------------------
commit 26fb2318c4fffb51517349273992c3b9514d0d67
Author: Tony Cook <tony@develop-help.com>
Date: Mon Aug 29 15:04:55 2016 +1000
(perl #129085) avoid memcmp() past the end of a string
When a match is anchored against the start of a string, the regexp
can be compiled to include a fixed string match against a fixed
offset in the string.
In some cases, where the matched against string included UTF-8 before
the fixed offset, this could result in attempting a memcmp() which
overlaps the end of the string and potentially past the end of the
allocated memory.
-----------------------------------------------------------------------
Summary of changes:
regexec.c | 5 +++--
t/re/pat_rt_report.t | 9 ++++++++-
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/regexec.c b/regexec.c
index 1d8e33a..aca490e 100644
--- a/regexec.c
+++ b/regexec.c
@@ -813,8 +813,9 @@ Perl_re_intuit_start(pTHX_
/* Now should match s[0..slen-2] */
slen--;
}
- if (slen && (*SvPVX_const(check) != *s
- || (slen > 1 && memNE(SvPVX_const(check), s, slen))))
+ if (slen && (strend - s < slen
+ || *SvPVX_const(check) != *s
+ || (slen > 1 && (memNE(SvPVX_const(check), s, slen)))))
{
DEBUG_EXECUTE_r(Perl_re_printf( aTHX_
" String not equal...\n"));
diff --git a/t/re/pat_rt_report.t b/t/re/pat_rt_report.t
index addb3e2..bee1b19 100644
--- a/t/re/pat_rt_report.t
+++ b/t/re/pat_rt_report.t
@@ -20,7 +20,7 @@ use warnings;
use 5.010;
use Config;
-plan tests => 2501; # Update this when adding/deleting tests.
+plan tests => 2502; # Update this when adding/deleting tests.
run_tests() unless caller;
@@ -1123,6 +1123,13 @@ EOP
ok($s !~ /00000?\x80\x80\x80/, "RT #129012");
}
+ {
+ # RT #129085 heap-buffer-overflow Perl_re_intuit_start
+ # this did fail under ASAN, but didn't under valgrind
+ my $s = "\x{f2}\x{140}\x{fe}\x{ff}\x{ff}\x{ff}";
+ ok($s !~ /^0000.\34500\376\377\377\377/, "RT #129085");
+ }
+
} # End of sub run_tests
1;
--
Perl5 Master Repository
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic