Use SSize_t for tmps stack offsets

This is a partial fix for #119161. On 64-bit platforms, I32 is too small to hold offsets into a stack that can grow larger than I32_MAX. What happens is the offsets can wrap so we end up referencing and modifying elements with negative indices, corrupting memory, and causing crashes. With this commit, ()=1..1000000000000 stops crashing immediately. Instead, it gobbles up all your memory first, and then, if your com- puter still survives, crashes. The second crash happesn bcause of a similar bug with the argument stack, which the next commit will take care of.
author: Father Chrysostomos <sprout@cpan.org> 2013-08-24 18:02:09 -0700
committer: Father Chrysostomos <sprout@cpan.org> 2013-08-25 06:39:28 -0700
commit: e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb (patch)
tree: 4ecc06a52d1ab4fb015da2e28803da335120ab95 /intrpvar.h
parent: e94bb4701fe9ef6ea7467f3fbc456bd68d184ef0 (diff)
download: perl-e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/intrpvar.h b/intrpvar.h
index 80217289d0..c6ee593d0e 100644
--- a/intrpvar.h
+++ b/intrpvar.h
@@ -53,9 +53,9 @@ PERLVAR(I, scopestack_ix, I32)
 PERLVAR(I, scopestack_max, I32)
 
 PERLVAR(I, tmps_stack,	SV **)		/* mortals we've made */
-PERLVARI(I, tmps_ix,	I32,	-1)
-PERLVARI(I, tmps_floor,	I32,	-1)
-PERLVAR(I, tmps_max,	I32)
+PERLVARI(I, tmps_ix,	SSize_t,	-1)
+PERLVARI(I, tmps_floor,	SSize_t,	-1)
+PERLVAR(I, tmps_max,	SSize_t)
 
 PERLVARI(I, sub_generation, U32, 1)	/* incr to invalidate method cache */
author	Father Chrysostomos <sprout@cpan.org>	2013-08-24 18:02:09 -0700
committer	Father Chrysostomos <sprout@cpan.org>	2013-08-25 06:39:28 -0700
commit	e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb (patch)
tree	4ecc06a52d1ab4fb015da2e28803da335120ab95 /intrpvar.h
parent	e94bb4701fe9ef6ea7467f3fbc456bd68d184ef0 (diff)
download	perl-e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb.tar.gz