regcomp.c: Don't read beyond input

This code was assuming that there were several more bytes in the input stream, when there may not be. This was discovered by valgrind.
author: Karl Williamson <public@khwilliamson.com> 2011-11-29 14:57:02 -0700
committer: Karl Williamson <public@khwilliamson.com> 2012-01-13 09:58:36 -0700
commit: d224c965bbb987748bb2d86228f9b5b7f5db9b80 (patch)
tree: c18d71abde60f664ece37e6bb9822b34f5f10293
parent: 88d45d285bee142b4f37f62d7260e24504d371e5 (diff)
download: perl-d224c965bbb987748bb2d86228f9b5b7f5db9b80.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/regcomp.c b/regcomp.c
index 99668c30ca..f8d77efe89 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -11190,8 +11190,11 @@ S_nextchar(pTHX_ RExC_state_t *pRExC_state)
     PERL_ARGS_ASSERT_NEXTCHAR;
 
     for (;;) {
-	if (*RExC_parse == '(' && RExC_parse[1] == '?' &&
-		RExC_parse[2] == '#') {
+	if (RExC_end - RExC_parse >= 3
+	    && *RExC_parse == '('
+	    && RExC_parse[1] == '?'
+	    && RExC_parse[2] == '#')
+	{
 	    while (*RExC_parse != ')') {
 		if (RExC_parse == RExC_end)
 		    FAIL("Sequence (?#... not terminated");
author	Karl Williamson <public@khwilliamson.com>	2011-11-29 14:57:02 -0700
committer	Karl Williamson <public@khwilliamson.com>	2012-01-13 09:58:36 -0700
commit	d224c965bbb987748bb2d86228f9b5b7f5db9b80 (patch)
tree	c18d71abde60f664ece37e6bb9822b34f5f10293
parent	88d45d285bee142b4f37f62d7260e24504d371e5 (diff)
download	perl-d224c965bbb987748bb2d86228f9b5b7f5db9b80.tar.gz