PerlIO_find_layer should not be using memEQ() off the end of the layer name.

PerlIO_find_layer was using memEQ() to compare the name of the desired layer with each layer in the array of known layers. However, it was always using the length of the desired layer for the comparison, whatever the length of the name it was comparing it with, resulting in out-of-bounds reads.
author: Nicholas Clark <nick@ccl4.org> 2013-03-25 10:20:05 +0100
committer: Nicholas Clark <nick@ccl4.org> 2013-03-25 17:34:31 +0100
commit: ba90859e610c9bec1956b5c7e11f5b4942e3a760 (patch)
tree: 47f8e577c8a24861780d912e008ecd94c82fffa5
parent: 5a04397369a036f9a5c8e299f1a215c2fac4b6c8 (diff)
download: perl-ba90859e610c9bec1956b5c7e11f5b4942e3a760.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/perlio.c b/perlio.c
index d356a7b150..2e5a77d2af 100644
--- a/perlio.c
+++ b/perlio.c
@@ -811,7 +811,8 @@ PerlIO_find_layer(pTHX_ const char *name, STRLEN len, int load)
 	len = strlen(name);
     for (i = 0; i < PL_known_layers->cur; i++) {
 	PerlIO_funcs * const f = PL_known_layers->array[i].funcs;
-	if (memEQ(f->name, name, len) && f->name[len] == 0) {
+        const STRLEN this_len = strlen(f->name);
+        if (this_len == len && memEQ(f->name, name, len)) {
 	    PerlIO_debug("%.*s => %p\n", (int) len, name, (void*)f);
 	    return f;
 	}
author	Nicholas Clark <nick@ccl4.org>	2013-03-25 10:20:05 +0100
committer	Nicholas Clark <nick@ccl4.org>	2013-03-25 17:34:31 +0100
commit	ba90859e610c9bec1956b5c7e11f5b4942e3a760 (patch)
tree	47f8e577c8a24861780d912e008ecd94c82fffa5
parent	5a04397369a036f9a5c8e299f1a215c2fac4b6c8 (diff)
download	perl-ba90859e610c9bec1956b5c7e11f5b4942e3a760.tar.gz