PATCH: [perl #133937] Assertion failure

This recently added assertion actually caught an error, which is a potential read beyond end of buffer. This doesn't actually happen in this case because this is a regular expression pattern, and the toker makes sure there is a trailing NUL (that isn't counted). The solution is to check the bounds before reading.
author: Karl Williamson <khw@cpan.org> 2019-03-19 12:37:04 -0600
committer: Karl Williamson <khw@cpan.org> 2019-03-19 12:50:49 -0600
commit: 0b97d15690d19a1fee0c903da7f5898764d8f15e (patch)
tree: 03c07707c5dc861b4941a2b3e515dd55575937d3 /dquote.c
parent: 83a1b28e808bee1a60973291307e3ce0cb77aad5 (diff)
download: perl-0b97d15690d19a1fee0c903da7f5898764d8f15e.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/dquote.c b/dquote.c
index bed6624e51..bf5cf902a2 100644
--- a/dquote.c
+++ b/dquote.c
@@ -210,8 +210,21 @@ Perl_grok_bslash_x(pTHX_ char **s, const char * const send, UV *uv,
 
     assert(*(*s - 1) == '\\');
     assert(* *s      == 'x');
+
     (*s)++;
 
+    if (send <= *s) {
+        if (strict) {
+            *error_msg = "Empty \\x";
+            return FALSE;
+        }
+
+        /* Sadly, to preserve backcompat, an empty \x at the end of string is
+         * interpreted as a NUL */
+        *uv = 0;
+        return TRUE;
+    }
+
     if (strict || ! output_warning) {
         flags |= PERL_SCAN_SILENT_ILLDIGIT;
     }
author	Karl Williamson <khw@cpan.org>	2019-03-19 12:37:04 -0600
committer	Karl Williamson <khw@cpan.org>	2019-03-19 12:50:49 -0600
commit	0b97d15690d19a1fee0c903da7f5898764d8f15e (patch)
tree	03c07707c5dc861b4941a2b3e515dd55575937d3 /dquote.c
parent	83a1b28e808bee1a60973291307e3ce0cb77aad5 (diff)
download	perl-0b97d15690d19a1fee0c903da7f5898764d8f15e.tar.gz