PATCH: GH #17367 read 1 beyond end of buffer

This is a bug in grok_infnan() in which in one place it failed to check
that it was reading within bounds.

(cherry picked from commit 81d11450691ee281f37c6c4e8055735b972733bd)

2 files changed, 8 insertions, 1 deletions

diff --git a/numeric.c b/numeric.c
index d4e3493784..ee77b257fe 100644
--- a/numeric.c
+++ b/numeric.c
@@ -776,6 +776,9 @@ Perl_grok_infnan(pTHX_ const char** sp, const char* send)
                 /* "nanq" or "nans" are ok, though generating
                  * these portably is tricky. */
                 s++;
+                if (s == send) {
+                    return flags;
+                }
             }
             if (*s == '(') {
                 /* C99 style "nan(123)" or Perlish equivalent "nan($uv)". */
diff --git a/t/re/pat.t b/t/re/pat.t
index c215649a47..169684b84b 100644
--- a/t/re/pat.t
+++ b/t/re/pat.t
@@ -25,7 +25,7 @@ BEGIN {
 skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader;
 skip_all_without_unicode_tables();
 
-plan tests => 865;  # Update this when adding/deleting tests.
+plan tests => 866;  # Update this when adding/deleting tests.
 
 run_tests() unless caller;
 
@@ -2006,6 +2006,10 @@ CODE
     {   # [perl #133871], ASAN/valgrind out-of-bounds access
         fresh_perl_like('qr/(?|(())|())|//', qr/syntax error/, {}, "[perl #133871]");
     }
+    {   # [perl #133871], ASAN/valgrind out-of-bounds access
+        fresh_perl_like('qr/\p{nv:NAnq}/', qr/Can't find Unicode property definition/, {}, "GH #17367");
+    }
+
     {   # [perl #133921], segfault
         fresh_perl_is('qr0||ß+p00000F00000ù\Q00000ÿ00000x00000x0c0e0\Qx0\Qx0\x{0c!}\;\;î0\x
         fresh_perl_is('|ß+W0ü0r0\Qx0\Qx0x0c0G00000000000000000O000000000x0x0x0c!}\;îçÿù\Q0 \x