In In S_scan_heredoc(), avoid memNE() reading beyond the end of s.

If the heredoc terminator we are searching for is longer than the bytes remaining in s, then the memNE() would read beyond initialised memory. Hence change the loop bounds to avoid this case, and change the failure case below to reflect the revised end-of-loop condition. It doesn't matter that the loop no longer increments shared->herelines, because the failure case calls S_missingterm(), which croaks.
author: Nicholas Clark <nick@ccl4.org> 2013-03-25 11:56:40 +0100
committer: Nicholas Clark <nick@ccl4.org> 2013-03-25 17:34:31 +0100
commit: 6bf48f47bbdbe4838b70d67830ead4ebc3d318d4 (patch)
tree: 469307d411e22c7a56ac6be801d32f25717d9ea9
parent: 621baac6f8d24886a415fe9240af154fccad42c7 (diff)
download: perl-6bf48f47bbdbe4838b70d67830ead4ebc3d318d4.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/toke.c b/toke.c
index e6e59a3fb3..35cd364192 100644
--- a/toke.c
+++ b/toke.c
@@ -9959,12 +9959,12 @@ S_scan_heredoc(pTHX_ char *s)
 	linestr = shared->ls_linestr;
 	bufend = SvEND(linestr);
 	d = s;
-	while (s < bufend &&
+	while (s < bufend - len + 1 &&
           memNE(s,PL_tokenbuf,len) ) {
 	    if (*s++ == '\n')
 		++shared->herelines;
 	}
-	if (s >= bufend) {
+	if (s >= bufend - len + 1) {
 	    goto interminable;
 	}
 	sv_setpvn(tmpstr,d+1,s-d);
author	Nicholas Clark <nick@ccl4.org>	2013-03-25 11:56:40 +0100
committer	Nicholas Clark <nick@ccl4.org>	2013-03-25 17:34:31 +0100
commit	6bf48f47bbdbe4838b70d67830ead4ebc3d318d4 (patch)
tree	469307d411e22c7a56ac6be801d32f25717d9ea9
parent	621baac6f8d24886a415fe9240af154fccad42c7 (diff)
download	perl-6bf48f47bbdbe4838b70d67830ead4ebc3d318d4.tar.gz