diff options
| author | Florian Ragwitz <rafl@debian.org> | 2011-09-05 13:43:37 +0200 |
|---|---|---|
| committer | Dominic Hargreaves <dom@earth.li> | 2012-11-01 22:33:47 +0000 |
| commit | 9bb4451dd25e3c4d2c470f9af7ed223949d4c221 (patch) | |
| tree | 98e9bec88ba383f884f23255f1e931a865c6d088 | |
| parent | b8a9a95d2109537dcf687ed03b351544c75c39da (diff) | |
| download | perl-9bb4451dd25e3c4d2c470f9af7ed223949d4c221.tar.gz | |
Backport the CVE-2011-2939 fix for Encode (cherry picked from commit 2e8de60ec6c36c8169bd4264125ac5c519ce6920)
Conflicts:
cpan/Encode/Encode.pm
| -rw-r--r-- | cpan/Encode/Encode.pm | 2 | ||||
| -rw-r--r-- | cpan/Encode/Unicode/Unicode.xs | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm index f1dff7820c..0b5b9f81e1 100644 --- a/cpan/Encode/Encode.pm +++ b/cpan/Encode/Encode.pm @@ -4,7 +4,7 @@ package Encode; use strict; use warnings; -our $VERSION = sprintf "%d.%02d", q$Revision: 2.39 $ =~ /(\d+)/g; +our $VERSION = sprintf "%d.%02d_01", q$Revision: 2.39 $ =~ /(\d+)/g; sub DEBUG () { 0 } use XSLoader (); XSLoader::load( __PACKAGE__, $VERSION ); diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs index 9741626bd3..8e9d3d8d9d 100644 --- a/cpan/Encode/Unicode/Unicode.xs +++ b/cpan/Encode/Unicode/Unicode.xs @@ -246,7 +246,10 @@ CODE: This prevents allocating too much in the rogue case of a large input consisting initially of long sequence uft8-byte unicode chars followed by single utf8-byte chars. */ - STRLEN remaining = (e - s)/usize; + /* +1 + fixes Unicode.xs!decode_xs n-byte heap-overflow + */ + STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ STRLEN max_alloc = remaining + (8*1024*1024); STRLEN est_alloc = remaining * UTF8_MAXLEN; STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */ |