diff options
author | Tony Cook <tony@develop-help.com> | 2016-09-07 16:51:39 +1000 |
---|---|---|
committer | Tony Cook <tony@develop-help.com> | 2017-01-17 09:30:37 +1100 |
commit | bf4a926a29374161655548b149d1cb37300bcc05 (patch) | |
tree | 5083e376e56591b70b6c651bf02c99703da5d772 | |
parent | 14ebef5fba328c5f6d6b522b2af648a970b181b1 (diff) | |
download | perl-bf4a926a29374161655548b149d1cb37300bcc05.tar.gz |
(perl #129149) avoid a heap buffer overflow with pack "W"...
-rw-r--r-- | pp_pack.c | 2 | ||||
-rw-r--r-- | t/op/pack.t | 13 |
2 files changed, 13 insertions, 2 deletions
@@ -2587,7 +2587,7 @@ S_pack_rec(pTHX_ SV *cat, tempsym_t* symptr, SV **beglist, SV **endlist ) if (in_bytes) auv = auv % 0x100; if (utf8) { W_utf8: - if (cur > end) { + if (cur >= end) { *cur = '\0'; SvCUR_set(cat, cur - start); diff --git a/t/op/pack.t b/t/op/pack.t index 3fc12e4241..47d1216a2f 100644 --- a/t/op/pack.t +++ b/t/op/pack.t @@ -12,7 +12,7 @@ my $no_endianness = $] > 5.009 ? '' : my $no_signedness = $] > 5.009 ? '' : "Signed/unsigned pack modifiers not available on this perl"; -plan tests => 14712; +plan tests => 14713; use strict; use warnings qw(FATAL all); @@ -2047,3 +2047,14 @@ ok(1, "argument underflow did not crash"); is(pack("H40", $up_nul), $twenty_nuls, "check pack H zero fills (utf8 source)"); } + +{ + # [perl #129149] the code below would write one past the end of the output + # buffer, only detected by ASAN, not by valgrind + $Config{ivsize} >= 8 + or skip "[perl #129149] need 64-bit for this test", 1; + fresh_perl_is(<<'EOS', "ok\n", { stderr => 1 }, "pack W overflow"); +print pack("ucW", "0000", 0, 140737488355327) eq "\$,#`P,```\n\0\x{7fffffffffff}" + ? "ok\n" : "not ok\n"; +EOS +} |