Backport the CVE-2011-2939 fix for Encode

author: Florian Ragwitz <rafl@debian.org> 2011-09-05 13:43:37 +0200
committer: Florian Ragwitz <rafl@debian.org> 2011-09-05 13:49:58 +0200
commit: 2e8de60ec6c36c8169bd4264125ac5c519ce6920 (patch)
tree: f93907cb8357b7866fe87514b394de5cd94ff0c1
parent: ef62f705f656ea95e7b1526a9e05ccd77c402b92 (diff)
download: perl-2e8de60ec6c36c8169bd4264125ac5c519ce6920.tar.gz
2 files changed, 5 insertions, 2 deletions
diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm
index 08887916c7..a8f06341d1 100644
--- a/cpan/Encode/Encode.pm
+++ b/cpan/Encode/Encode.pm
@@ -4,7 +4,7 @@
 package Encode;
 use strict;
 use warnings;
-our $VERSION = sprintf "%d.%02d", q$Revision: 2.42 $ =~ /(\d+)/g;
+our $VERSION = sprintf "%d.%02d_01", q$Revision: 2.42 $ =~ /(\d+)/g;
 sub DEBUG () { 0 }
 use XSLoader ();
 XSLoader::load( __PACKAGE__, $VERSION );
diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs
index 07d7e25f62..6da12ee8d5 100644
--- a/cpan/Encode/Unicode/Unicode.xs
+++ b/cpan/Encode/Unicode/Unicode.xs
@@ -256,7 +256,10 @@ CODE:
 	       This prevents allocating too much in the rogue case of a large
 	       input consisting initially of long sequence uft8-byte unicode
 	       chars followed by single utf8-byte chars. */
-	    STRLEN remaining = (e - s)/usize;
+	    /* +1
+	       fixes  Unicode.xs!decode_xs n-byte heap-overflow
+	    */
+	    STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */
 	    STRLEN max_alloc = remaining + (8*1024*1024);
 	    STRLEN est_alloc = remaining * UTF8_MAXLEN;
 	    STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */
author	Florian Ragwitz <rafl@debian.org>	2011-09-05 13:43:37 +0200
committer	Florian Ragwitz <rafl@debian.org>	2011-09-05 13:49:58 +0200
commit	2e8de60ec6c36c8169bd4264125ac5c519ce6920 (patch)
tree	f93907cb8357b7866fe87514b394de5cd94ff0c1
parent	ef62f705f656ea95e7b1526a9e05ccd77c402b92 (diff)
download	perl-2e8de60ec6c36c8169bd4264125ac5c519ce6920.tar.gz