remove cop addressed from saved lines when the cop is freed

This could cause a bad read and write when the debugger tried to set a breakpoint on the line. Fixed #19198
author: Tony Cook <tony@develop-help.com> 2021-10-20 15:36:44 +1100
committer: Tony Cook <tony@develop-help.com> 2021-11-15 11:35:42 +1100
commit: 0cdbe2162863542f45a5faa22e46c1aa76c029cb (patch)
tree: 71fc508e6783e55222c6fde5253ac3c6f9d59356 /op.c
parent: 0617c8b316aa29eb99f87ffa2c78b5818f13ebde (diff)
download: perl-0cdbe2162863542f45a5faa22e46c1aa76c029cb.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/op.c b/op.c
index bf10dd3bfc..8e50ee0df0 100644
--- a/op.c
+++ b/op.c
@@ -1316,6 +1316,20 @@ S_cop_free(pTHX_ COP* cop)
 {
     PERL_ARGS_ASSERT_COP_FREE;
 
+    if (cop->op_type == OP_DBSTATE) {
+        /* Remove the now invalid op from the line number information.
+           This could cause a freed memory overwrite if the debugger tried to
+           set a breakpoint on this line.
+        */
+        AV *av = CopFILEAV(cop);
+        if (av) {
+            SV * const * const svp = av_fetch(av, CopLINE(cop), FALSE);
+            if (svp && *svp != &PL_sv_undef && SvIVX(*svp) == PTR2IV(cop) ) {
+                (void)SvIOK_off(*svp);
+                SvIV_set(*svp, 0);
+            }
+        }
+    }
     CopFILE_free(cop);
     if (! specialWARN(cop->cop_warnings))
         PerlMemShared_free(cop->cop_warnings);
author	Tony Cook <tony@develop-help.com>	2021-10-20 15:36:44 +1100
committer	Tony Cook <tony@develop-help.com>	2021-11-15 11:35:42 +1100
commit	0cdbe2162863542f45a5faa22e46c1aa76c029cb (patch)
tree	71fc508e6783e55222c6fde5253ac3c6f9d59356 /op.c
parent	0617c8b316aa29eb99f87ffa2c78b5818f13ebde (diff)
download	perl-0cdbe2162863542f45a5faa22e46c1aa76c029cb.tar.gz