avoid potential stack extension bug in pp_unpack() (spotted by Ilya)

p4raw-id: //depot/perl@4612
author: Gurusamy Sarathy <gsar@cpan.org> 1999-12-02 01:15:02 +0000
committer: Gurusamy Sarathy <gsar@cpan.org> 1999-12-02 01:15:02 +0000
commit: dd58a1ab93727b8d05885223df798819f007995d (patch)
tree: 2fac4319b89fa2d27b71d8334555eaa1b06fb630 /pp.c
parent: c73032f52b244bdef48ab17f2620acd12e5a88b7 (diff)
download: perl-dd58a1ab93727b8d05885223df798819f007995d.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/pp.c b/pp.c
index d977c34275..a35131fb52 100644
--- a/pp.c
+++ b/pp.c
@@ -3136,6 +3136,7 @@ PP(pp_reverse)
 	    *MARK++ = *SP;
 	    *SP-- = tmp;
 	}
+	/* safe as long as stack cannot get extended in the above */
 	SP = oldsp;
     }
     else {
@@ -3236,7 +3237,7 @@ PP(pp_unpack)
 {
     djSP;
     dPOPPOPssrl;
-    SV **oldsp = SP;
+    I32 start_sp_offset = SP - PL_stack_base;
     I32 gimme = GIMME_V;
     SV *sv;
     STRLEN llen;
@@ -3364,7 +3365,7 @@ PP(pp_unpack)
 	    s += len;
 	    break;
 	case '/':
-	    if (oldsp >= SP)
+	    if (start_sp_offset >= SP - PL_stack_base)
 		DIE(aTHX_ "/ must follow a numeric type");
 	    datumtype = *pat++;
 	    if (*pat == '*')
@@ -4204,7 +4205,7 @@ PP(pp_unpack)
 	    checksum = 0;
 	}
     }
-    if (SP == oldsp && gimme == G_SCALAR)
+    if (SP - PL_stack_base == start_sp_offset && gimme == G_SCALAR)
 	PUSHs(&PL_sv_undef);
     RETURN;
 }
author	Gurusamy Sarathy <gsar@cpan.org>	1999-12-02 01:15:02 +0000
committer	Gurusamy Sarathy <gsar@cpan.org>	1999-12-02 01:15:02 +0000
commit	dd58a1ab93727b8d05885223df798819f007995d (patch)
tree	2fac4319b89fa2d27b71d8334555eaa1b06fb630 /pp.c
parent	c73032f52b244bdef48ab17f2620acd12e5a88b7 (diff)
download	perl-dd58a1ab93727b8d05885223df798819f007995d.tar.gz