summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGisle Aas <gisle@activestate.com>2006-01-10 08:58:21 +0000
committerGisle Aas <gisle@activestate.com>2006-01-10 08:58:21 +0000
commit2d2af554da24863760d055834f4984fbca7ec85b (patch)
tree99ca4a308dba0bbab27f7e2b008e3a91dcbe8fc1
parent11e2783cff6b99a1463ba0eb8e30a005fc688aaf (diff)
downloadperl-2d2af554da24863760d055834f4984fbca7ec85b.tar.gz
Avoid possible dereference of NULL in the initialization of PL_origalen.
This can only happen when perlparse is called with no argv. Don't try to update PL_origargv unless PL_origalen is at least 2. p4raw-id: //depot/perl@26760
-rw-r--r--mg.c44
-rw-r--r--perl.c4
2 files changed, 25 insertions, 23 deletions
diff --git a/mg.c b/mg.c
index db0d4deb97..d6e76676e9 100644
--- a/mg.c
+++ b/mg.c
@@ -2568,28 +2568,30 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
pstat(PSTAT_SETCMD, un, len, 0, 0);
}
#endif
- /* PL_origalen is set in perl_parse(). */
- s = SvPV_force(sv,len);
- if (len >= (STRLEN)PL_origalen-1) {
- /* Longer than original, will be truncated. We assume that
- * PL_origalen bytes are available. */
- Copy(s, PL_origargv[0], PL_origalen-1, char);
+ if (PL_origalen > 1) {
+ /* PL_origalen is set in perl_parse(). */
+ s = SvPV_force(sv,len);
+ if (len >= (STRLEN)PL_origalen-1) {
+ /* Longer than original, will be truncated. We assume that
+ * PL_origalen bytes are available. */
+ Copy(s, PL_origargv[0], PL_origalen-1, char);
+ }
+ else {
+ /* Shorter than original, will be padded. */
+ Copy(s, PL_origargv[0], len, char);
+ PL_origargv[0][len] = 0;
+ memset(PL_origargv[0] + len + 1,
+ /* Is the space counterintuitive? Yes.
+ * (You were expecting \0?)
+ * Does it work? Seems to. (In Linux 2.4.20 at least.)
+ * --jhi */
+ (int)' ',
+ PL_origalen - len - 1);
+ }
+ PL_origargv[0][PL_origalen-1] = 0;
+ for (i = 1; i < PL_origargc; i++)
+ PL_origargv[i] = 0;
}
- else {
- /* Shorter than original, will be padded. */
- Copy(s, PL_origargv[0], len, char);
- PL_origargv[0][len] = 0;
- memset(PL_origargv[0] + len + 1,
- /* Is the space counterintuitive? Yes.
- * (You were expecting \0?)
- * Does it work? Seems to. (In Linux 2.4.20 at least.)
- * --jhi */
- (int)' ',
- PL_origalen - len - 1);
- }
- PL_origargv[0][PL_origalen-1] = 0;
- for (i = 1; i < PL_origargc; i++)
- PL_origargv[i] = 0;
UNLOCK_DOLLARZERO_MUTEX;
break;
#endif
diff --git a/perl.c b/perl.c
index a76307d976..b1671d956d 100644
--- a/perl.c
+++ b/perl.c
@@ -1487,7 +1487,7 @@ setuid perl scripts securely.\n");
}
}
/* Can we grab env area too to be used as the area for $0? */
- if (PL_origenviron) {
+ if (s && PL_origenviron) {
if ((PL_origenviron[0] == s + 1
#ifdef OS2
|| (PL_origenviron[0] == s + 9 && (s += 8))
@@ -1523,7 +1523,7 @@ setuid perl scripts securely.\n");
}
}
}
- PL_origalen = s - PL_origargv[0] + 1;
+ PL_origalen = s ? s - PL_origargv[0] + 1 : 0;
}
if (PL_do_undump) {