diff options
author | Florian Ragwitz <rafl@debian.org> | 2011-09-05 13:43:37 +0200 |
---|---|---|
committer | Florian Ragwitz <rafl@debian.org> | 2011-09-05 13:49:58 +0200 |
commit | 2e8de60ec6c36c8169bd4264125ac5c519ce6920 (patch) | |
tree | f93907cb8357b7866fe87514b394de5cd94ff0c1 | |
parent | ef62f705f656ea95e7b1526a9e05ccd77c402b92 (diff) | |
download | perl-2e8de60ec6c36c8169bd4264125ac5c519ce6920.tar.gz |
Backport the CVE-2011-2939 fix for Encode
-rw-r--r-- | cpan/Encode/Encode.pm | 2 | ||||
-rw-r--r-- | cpan/Encode/Unicode/Unicode.xs | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/cpan/Encode/Encode.pm b/cpan/Encode/Encode.pm index 08887916c7..a8f06341d1 100644 --- a/cpan/Encode/Encode.pm +++ b/cpan/Encode/Encode.pm @@ -4,7 +4,7 @@ package Encode; use strict; use warnings; -our $VERSION = sprintf "%d.%02d", q$Revision: 2.42 $ =~ /(\d+)/g; +our $VERSION = sprintf "%d.%02d_01", q$Revision: 2.42 $ =~ /(\d+)/g; sub DEBUG () { 0 } use XSLoader (); XSLoader::load( __PACKAGE__, $VERSION ); diff --git a/cpan/Encode/Unicode/Unicode.xs b/cpan/Encode/Unicode/Unicode.xs index 07d7e25f62..6da12ee8d5 100644 --- a/cpan/Encode/Unicode/Unicode.xs +++ b/cpan/Encode/Unicode/Unicode.xs @@ -256,7 +256,10 @@ CODE: This prevents allocating too much in the rogue case of a large input consisting initially of long sequence uft8-byte unicode chars followed by single utf8-byte chars. */ - STRLEN remaining = (e - s)/usize; + /* +1 + fixes Unicode.xs!decode_xs n-byte heap-overflow + */ + STRLEN remaining = (e - s)/usize + 1; /* +1 to avoid the leak */ STRLEN max_alloc = remaining + (8*1024*1024); STRLEN est_alloc = remaining * UTF8_MAXLEN; STRLEN newlen = SvLEN(result) + /* min(max_alloc, est_alloc) */ |