summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Leadbeater <dgl@dgl.cx>2011-05-14 13:57:21 +0100
committerFather Chrysostomos <sprout@cpan.org>2011-05-18 22:20:43 -0700
commit37c6a70c7d35357916da21616c68e56c878a5bd2 (patch)
treefe7ab7c9ee4892844640e97226a3f17709389ad0
parentea74ff717a4ba16fc7b858acd65cc2c893970c30 (diff)
downloadperl-37c6a70c7d35357916da21616c68e56c878a5bd2.tar.gz
scan_heredoc could reallocate PL_parser->linestr's PV
Since f0e67a1 it was possible the freed buffer may be read from when parsing a heredoc. This adds a call to lex_grow_linestr to grow the buffer and ensure the pointers in PL_parser are updated. The bug is pretty hard to reproduce, hence no test. I'm able to reproduce it with the following: perl -Meverywhere=re,debug -MParams::Util -e1
-rw-r--r--toke.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/toke.c b/toke.c
index 0f08d42ab4..358f322a70 100644
--- a/toke.c
+++ b/toke.c
@@ -9443,6 +9443,7 @@ S_scan_heredoc(pTHX_ register char *s)
if (*s == term && memEQ(s,PL_tokenbuf,len)) {
STRLEN off = PL_bufend - 1 - SvPVX_const(PL_linestr);
*(SvPVX(PL_linestr) + off ) = ' ';
+ lex_grow_linestr(SvCUR(PL_linestr) + SvCUR(herewas) + 1);
sv_catsv(PL_linestr,herewas);
PL_bufend = SvPVX(PL_linestr) + SvCUR(PL_linestr);
s = SvPVX(PL_linestr) + off; /* In case PV of PL_linestr moved. */